Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3552
Views
25
Helpful
5
Replies

Difference between ASA running Firepower service module and FTD

Go to solution
KimG
Level 1
Level 1

‎01-10-2018 03:00 PM - edited ‎02-21-2020 07:06 AM

Hi,

 

Is there a difference between ASA running firepower service modules and Standalone Firepower 2100 FTD?  

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to KimG

‎01-16-2018 03:30 PM

Using show run you'll see a part of the config but not everything.
To explain that, here a copy paste of the documentation that gives details:
The show running-config command displays the active configuration in memory (including saved configuration changes) on the device. You cannot directly configure these commands. Instead, they are configured by the manager controlling the device, for example, Firepower Management Center or Firepower Device Manager.

However, this is a partial configuration. It shows what can be configured using ASA Software configuration commands only, although some commands might be specific to Firepower Threat Defense. These commands are ported to Firepower Threat Defense. Thus, you should use the information in the running configuration as a troubleshooting aid only. Use the device manager as the main means to analyze the device configuration.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to KimG

‎01-16-2018 03:42 PM

You're welcome

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

5 Replies 5

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-10-2018 03:43 PM

Hi

The biggest difference is the image. On ASA with Firepower module running the legacy ASA and Firepower have 2 different configs to manage where FTD is a unified image merging ASA and Firepower features in only 1 config management.
All ASA features are not yet implemented in FTD like Multiple Context.
Also some cli troubleshooting commands used in legacy ASA are not anymore available in FTD.

If your ASA supports FTD image, by reimaging it with FTD image, you will have exactly same features as Firepower 2100 box.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
KimG
Level 1
Level 1
In response to Francesco Molino

‎01-16-2018 03:18 PM

Thank you Francesco, 

I have question to your answer,

ASA with Firepower module, have 2 configuration to manage meaning, does "Show running-config" will only show the ASA config or Both?

Can it still be managed by Firepower Management center? If yes, then the config you see in "Show running-config"does that belong to ASA or Both?

 

Also, Firepower 2100, if it's managed by FMC then how do you see the configuration? again, the config you see in "Show running-config"does that belong just Firepower device? Does it show the configuration configured via FMC?

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to KimG

‎01-16-2018 03:30 PM

Using show run you'll see a part of the config but not everything.
To explain that, here a copy paste of the documentation that gives details:
The show running-config command displays the active configuration in memory (including saved configuration changes) on the device. You cannot directly configure these commands. Instead, they are configured by the manager controlling the device, for example, Firepower Management Center or Firepower Device Manager.

However, this is a partial configuration. It shows what can be configured using ASA Software configuration commands only, although some commands might be specific to Firepower Threat Defense. These commands are ported to Firepower Threat Defense. Thus, you should use the information in the running configuration as a troubleshooting aid only. Use the device manager as the main means to analyze the device configuration.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
KimG
Level 1
Level 1

‎01-16-2018 03:42 PM

Thank you Francesco. That helps.
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to KimG

‎01-16-2018 03:42 PM

You're welcome

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card