11-21-2016 04:40 AM - edited 03-12-2019 01:33 AM
I have some question about a feature on firepower 4100 series (with FTD image)
11-21-2016 07:51 AM
FirePOWER 4110 with FTD image requires you to use FirePOWER Management Center (FMC) to manage it. That applies whether you are talking about a single device or multiple devices. (For ASA hardware running FTD you can alternatively use the on-box FirePOWER Device Manager or FDM but it has limited functionality and only recommended for single device deployments. Some features cannot be setup at all using FDM.)
High availability will supported via inter-chassis clustering in FTD 6.2 (look for it soon). As of the current FTD 6.1, we only support intra-chassis clustering (e.g. between security modules on the same chassis) on the FirePOWER 9300 chassis.
Remote access VPN of any kind is not currently supported on FTD. It will not be in FTD 6.2 either but we hope to see it coming soon in a subsequent release. Currently FTD supports only site-site IPsec IKEv1 VPN.
The cli on FTD is a whole new construct. You do not ever configure the data plane via cli. It can be used for initial setup of the management plane and some troubleshooting / diagnostic fucntions.
There is an ASA cli under the covers but you cannot "conf t" from it. When you log into an FTD device via cli you will be in a limited functions "clish" (command line interface shell). The clish will have a prompt of > (greater than symbol). You can move to Linux user shell by typing "expert" and can then get into ASA shell via "sudo lina_cli". You can also move directly to ASA shell from clish via "system support diagnostic cli".
12-11-2016 10:28 PM
On a FP4100 with FTD, active/standby, stateful failover is supported. As always, both appliances need to have the same hardware specifications. Licensing doesn't need to match. Check the HA configuration guide:
http://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/firepower_threat_defense_high_availability.html
Toni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide