Solved: Re: Firepower 4140 Security Engine question

ChristopherCraddock66504 · ‎08-28-2020

Dear Community,

I am trying to configure a pair of 4140 FTD's via the Firepower Chassis Manager. I was able to upgrade the FXOS and build a logical device using the FTD image. However, I am not able to stand up an ASA Logical Machine and upon investigation I found that the 4140's only have 1 Security Engine in the inventory. Am I doing this correctly? Do I need 2 separate SE's in order to run both the FTD and ASA images? Is there any way to stand up both Logical Devices under a single Security Engine? Can I put another SE into this device?

I apologize for all the questions, Im very green to these devices.

Thank you.

Marvin Rhoads · ‎08-29-2020

Only the 9300 series has the capability to install multiple logical devices (if you have multiple SMs).

All other Firepower devices can only run a single logical device (FTD or ASA) at once.

View solution in original post

Marvin Rhoads · ‎08-31-2020

Yes that is correct. FTD has about 90% of the features available in a classic ASA along with all of the NGFW/IPS bits that aren't available on an ASA by itself.

View solution in original post

Marvin Rhoads · ‎08-29-2020

Only the 9300 series has the capability to install multiple logical devices (if you have multiple SMs).

All other Firepower devices can only run a single logical device (FTD or ASA) at once.

ChristopherCraddock66504 · ‎08-30-2020

Marvin,

Thank you for the reply. I guess it makes sense that if youre running FTD youre also getting the firewall aspects of the ASA in the FTD image along with all the IPS capability as well. Is this assumption correct?

Thank you.

Marvin Rhoads · ‎08-31-2020

Yes that is correct. FTD has about 90% of the features available in a classic ASA along with all of the NGFW/IPS bits that aren't available on an ASA by itself.