Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
838
Views
0
Helpful
3
Replies

Firepower IPS Basic Quaery

Go to solution
avilt
Level 3
Level 3

‎12-27-2016 03:57 AM - edited ‎03-12-2019 06:14 AM

I have a basic question on firepower IPS. The IPS itself can act as a firewall, where we can define various access rules, the same way we define on the firewall. Here I am assuming that I have no NAT and VPN requirements.

Is it possible to allow everything on the firewall and let the IPS do both access and IPS inspection?

If IPS can do everything then why do we need a separate firewall component?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎12-30-2016 05:47 PM

Hello Avilt-

You will have to expand a bit more on what your requirements are here and clarify your statement of "The IPS itself can act as a firewall"

It is true that many modern UTM (Unified Threat Management) platforms include many features such as Firewall, IPS, Malware inspection, URL Filtering, etc. Some good examples here would be Cisco's FirePOWER solution and Palo Alto Networks. However, that is not the case with older devices/solutions where separate appliances are required to provide the different functionality (IPS, Firewall, Proxy, SSL Inspection, etc).

Thus, if you are running a Next-Generation UTM that has all of the features built-in then you would be good to go and not need another device/solution. However, if you do not have a new/modern UTM in place then there is a very high chance that your IPS does not provide Firewall functionality and vice-versa. 

I hope this helps!

Thank you for rating helpful posts!

Thank you for rating helpful posts!

View solution in original post

0 Helpful
3 Replies 3

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎12-30-2016 05:47 PM

Hello Avilt-

You will have to expand a bit more on what your requirements are here and clarify your statement of "The IPS itself can act as a firewall"

It is true that many modern UTM (Unified Threat Management) platforms include many features such as Firewall, IPS, Malware inspection, URL Filtering, etc. Some good examples here would be Cisco's FirePOWER solution and Palo Alto Networks. However, that is not the case with older devices/solutions where separate appliances are required to provide the different functionality (IPS, Firewall, Proxy, SSL Inspection, etc).

Thus, if you are running a Next-Generation UTM that has all of the features built-in then you would be good to go and not need another device/solution. However, if you do not have a new/modern UTM in place then there is a very high chance that your IPS does not provide Firewall functionality and vice-versa. 

I hope this helps!

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful

Go to solution
avilt
Level 3
Level 3
In response to nspasov

‎12-31-2016 01:46 AM

Consider for example, ASA-5525X with Firepower. I see that firewall rules as well as IPS rules can be defined in the FireSight console. Can we define everything in FireSight instead of Firewall?

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to avilt

‎01-01-2017 11:59 PM

Yes, the ASA with FirePOWER is a good example where you can utilize the solution for:

- Standard L2-L4 stateful firewall

- Next-Generation Application/L7 firewall

- Next-Generation IPS

- Malware Inspection

- URL Filtering

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card