Solved: Re: Firewall-update

herve.carpentier · ‎02-23-2020

Hi guys,

I need up-to-date info about ASAs.

I am seriously considering replacing a physical Fortinet firewall that is using multiple VDOMs.

I have used 55xx ASAsa few years ago, and I remember using contexts which from memory were the equivalent to VDOMs.

Does this option still exist on the latest ASAs? Am I correct to think that the VDOMs and contexts are equivalent? If you are not familiar with Fortinets, VDOMs are virtual firewalls within the firewall.

Thank you

H.

Rob Ingram · ‎02-23-2020

Hi,

If you are running ASA software then you can use multi-context, if you wish to use FTD software (which includes all the NGFW features) then it's referred to as multi-instance. Multi-instance is supported on Firepower 4100 or 9300 series hardware only, reference here.

You are better off purchasing the newer Firepower hardware than ASA hardware, the newer hardware will support running either ASA or FTD software.

HTH

View solution in original post

Sheraz.Salim · ‎02-23-2020

To be very honest it depends how much budget you have. if you looking for a small scale in that case FTD 1001 is the best bet. also remember there is no point to buy 55xx-X series. as most of the X-series are gone EOL. but on the other side the ASA code is still in life and can run on FTD appliance.

if you want to do a multicontext yes you can do in FTD appliance FTD2100 Series if you looking for more big boys yes you can do multi-instance FTD multi-instance

please do not forget to rate.

View solution in original post

Marius Gunnerud · ‎02-23-2020

Yes ASAs support contexts (virtual firewalls) except for the smaller models such as 5506x. Depending on how many virtual instances you need, this will determine which ASA model and license you would need to purchace.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/ha-contexts.html

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Rob Ingram · ‎02-23-2020

Hi,

If you are running ASA software then you can use multi-context, if you wish to use FTD software (which includes all the NGFW features) then it's referred to as multi-instance. Multi-instance is supported on Firepower 4100 or 9300 series hardware only, reference here.

You are better off purchasing the newer Firepower hardware than ASA hardware, the newer hardware will support running either ASA or FTD software.

HTH

Sheraz.Salim · ‎02-23-2020

To be very honest it depends how much budget you have. if you looking for a small scale in that case FTD 1001 is the best bet. also remember there is no point to buy 55xx-X series. as most of the X-series are gone EOL. but on the other side the ASA code is still in life and can run on FTD appliance.

if you want to do a multicontext yes you can do in FTD appliance FTD2100 Series if you looking for more big boys yes you can do multi-instance FTD multi-instance

please do not forget to rate.

Marius Gunnerud · ‎02-23-2020

Yes ASAs support contexts (virtual firewalls) except for the smaller models such as 5506x. Depending on how many virtual instances you need, this will determine which ASA model and license you would need to purchace.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/ha-contexts.html

--
Please remember to select a correct answer and rate helpful posts

herve.carpentier · ‎02-26-2020

Thank you all for your suggestions. Very useful.