Firepower device management options

RANT · ‎08-04-2022

I'm going to be transitioning from ASAs to Firepower devices. Is it better to manage a small number of devices locally, or to utilize FMC (which obviously has a sizeable $$ commitment)?

IP_Cartel · ‎08-04-2022

FMC is good for growth. It's a simple OVA file you get and load on VMware. Think of it like Cisco Prime. A central point of mgmt.

Rob Ingram · ‎08-04-2022

@RANT you've got 3 options: FMC, FDM (local) or CDO (cloud). Ideally you'd use the FMC to manage the firewall, as it supports more features than if using FDM or CDO. It depends on exactly what features you require from the solution.

RANT · ‎08-04-2022

I guess my question is, what does the central management option do for me that FDM/CDO doesn't?

Marvin Rhoads · ‎08-05-2022

For anything other than the most basic features FMC will serve you better. You get a single place to manage the devices from, consolidated and historical reporting, management of a single set of objects, access to many more advanced settings etc.

You also now (as of July 2022) have the option of cloud-delivered FMC (cdFMC) built into CDO.

The few customers I have who went with FDM only are unhappy with their decision. One even switched to FMC later at considerable effort.

Firepower device management options

Cisco Firepower Management Center HA 設定手順

Configure and Verify Syslog in Firepower Device Manager

ISE - Identity Management

Manage Device Configuration Files from Network Devices with EPNM

Detect Elephant Flow on Firepower Devices