cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

4907
Views
10
Helpful
9
Replies
GRANT3779
Frequent Contributor

Cisco FMC v CDO (Cisco Defense Orchestrator)

Can CDO do everything the FMC can do in regards to FirePOWER?

 

I read the following -

 

Management of Cisco security products

Central security policy management of the Cisco security environment, including:

●  Cisco ASA 5500 Series and 5500-X Series Adaptive Security Appliances
●  Cisco ASA with FirePOWER Services
●  Cisco Firepower 4100 series and Cisco Firepower 9300 running ASA software image
●  Cisco Umbrella
●  Cisco Web Security Appliance (version 11 and forward)

 

https://www.cisco.com/c/en/us/products/collateral/security/defense-orchestrator/datasheet-c78-736847.html

9 REPLIES 9
Divya Nair
Cisco Employee

CDO does allow quite a bit of configuration of the Firepower Services module on the ASA but does not offer all the features that the FMC offers.

 

Once you install the module on the ASA, you can enable and manage the it via CDO.

 

Relevant Link: https://docs.defenseorchestrator.com/Cisco_Defense_Orchestrator_User_Guides/Working_with_Devices_and_Services/Working_with_ASA_FirePOWER_Modules

 

Specifically, the CDO will allow you to do the following:

  • Manage explicit network policies
  • Select default action for all other traffic
  • Enable/disable device reporting
  • Enable/disable recurring IPS updates

The FMC on the other hand has features like CTID which are not available on the CDO as of this moment.

 

HTH

andre.ortega
Enthusiast

I don't think so.

There is nothing about FTD for example.

GRANT3779
Frequent Contributor

From conversations I have had I was under the impression that the FTD image will be phasing out the traditional ASA software overtime.

Anyone else see things going this way? 

 

Just wondering where CDO fits in if this happens. I assume CDO emphasis is not solely ASA.

Yes, it is already happening. ASA software won't last much longer.
And obviously CDO will support FTD futurely.
Still, CDO dont have now all features that FMC has.

Is this still the case? We recently purchased CDO. I do not want to lose any features of the FMC.

 

You wont lose any feature of the FMC... but you will have two consoles (FMC and CDO).
Are you using FTD? I dont see any information about FTD on CDO's datasheet.
https://www.cisco.com/c/en/us/products/collateral/security/defense-orchestrator/datasheet-c78-736847.html?cachemode=refresh

No. We're using FMC for VMWare with our ASA 5515s. Documentation states that CDO and FMC cannot be run side by side. It is telling me to remove FMC as a manager of the Firepower services. See here:
https://docs.defenseorchestrator.com/Configuration_Guides/Devices_and_Services/Work_with_ASA_FirePOWER_Modules/020_Before_Installing_or_Onboarding_an_ASA_FirePOWER_Module

The documented is from February. Is it dated?

Interesting... I didnt know that.

Content for Community-Ad