cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2125
Views
0
Helpful
8
Replies

Cisco Firepower 4110 firewall

Jim Kerr
Level 1
Level 1

Hi, I have a Cisco Firepower 4110 and am going to run ASA code on it. If I'm running ASA code on the Firepower can I also use Threat Defense (I know I need the license for this) ? Can you let me know if I require any other components to enable me to run Threat Defense and how this can be achieved in terms of config set up?

thanks

8 Replies 8

Sheraz.Salim
VIP Alumni
VIP Alumni

6.3.PNG

here and here 

A mix of FTD and ASA multi instance is the road map for the future release. the above document is mention of 6.3

please do not forget to rate.

Michael ONeil
Level 1
Level 1

I don't think you can since there is no SSD to hold the Firepower OS. On an ASA with FPS like an ASA5516X there is a SSD for the Firepower. not the case for the 4100. its an either or situation. unless you are talking about contexts that is on the road map.then you might be able to have a context only running ASA code and another running FTD code

Terence.Jh
Spotlight
Spotlight
4100 using asa-lina is a waste

Marvin Rhoads
Hall of Fame
Hall of Fame

You cannot currently mix ASA and FTD logical devices on a single appliance.

It will be a very fast ASA, just without any Firepower features at all.

@Marvin Rhoads  CL 2020 Andrew Ossipov mentioned mix of FTD and ASA instance plan for future release. therefore i assume there is a possibility to run/mix them together in future?

please do not forget to rate.

Correct - it will show up in some later release. I'm not sure if it will be 6.7 (this year) or something after that. It may be only on 9300 series as the 4100 series only supports a single logical device type - multi instance is only for FTD.

Sorry - I just noticed this in the release notes for ASA 9.12: https://www.cisco.com/c/en/us/td/docs/security/asa/roadmap/asa_new_features.html#topic_df2_hz1_jfb Support for ASA and FTD on separate modules of the same Firepower 9300 You can now deploy ASA and FTD logical devices on the same Firepower 9300. Requires FXOS 2.6.1. No modified commands. No modified screens.

Oliver Kaiser
Level 7
Level 7

Sheraz already mentioned that there is multi-instance mode (basically slicing hardware resources and enabling you to run multiple virtual FTD instances on your FPR4110, but as of today mixing ASA and FTD on a single FPR4100 is not supported)

 

a.d. licensing: You would need a license to use Intrusion Prevention, Malware Protection and URL Filtering. Base functionality does not require an additional license

 

a.d. other components: You could use Firepower Device Manager (FDM) for onboard management of FTD, but generally I would recommend using Firepower Management Center (FMC), which is a central mgmt appliance that exposes more features in contrast to FDM. That one is available as virtual or physical appliance. The smallest virtual  instance supports 2x FTD appliances and requires a license

 

a.d. configuration setup: The Getting Started Guide will walk you through step by step

Review Cisco Networking for a $25 gift card