Adding to @Aref Alsouqi's good advice, the license for SAL (Security Analytics and Logging) can be pricey. Otherwise, cdFMC is a pretty attractive option. You can use an on-prem FMCv for logging only (or log to a SIEM or syslog server) as an option when moving to cdFMC.

Migrating from EoL physical FMC devices to either an on-premises virtual FMC (vFMC) or a cloud-delivered FMC through Cisco Defense Orchestrator (CDO) offers distinct advantages and limitations for managing FTD firewalls. Here's a breakdown:

On-premises Virtual FMC (vFMC)

Pros:

1. Control & Compliance: As vFMC is hosted on your infrastructure, you have greater control over data storage, compliance, and security configurations, which is beneficial for meeting specific regulatory requirements.
2. Data Sovereignty: All data stays within your environment, avoiding potential issues related to cloud jurisdiction and data privacy.
3. Offline Functionality: In environments with limited or no internet access, vFMC can continue functioning without relying on external connectivity.
4. Latency Control: Deploying locally reduces latency, which can improve the speed of policy application, threat updates, and log retrieval.

Cons:

1. Maintenance & Updates: Requires manual maintenance, software updates, and hardware resource allocation, which may demand more internal resources.
2. Scalability: Scaling may require additional hardware or VM resources, and increased costs for network and storage capacity.
3. Disaster Recovery: Must manage your own backup and disaster recovery, which could lead to complexities in business continuity planning.

Cloud-Delivered FMC (CDO)

Pros:

1. Scalability: CDO is designed to scale seamlessly, which can make it easier to manage large or growing environments without additional hardware investment.
2. Simplified Management: CDO offers centralized management for both cloud and on-prem deployments, with automated updates, streamlined policy management, and integrated access across multiple sites or locations.
3. Cost-Efficiency: Operating in a cloud model can be more cost-effective for smaller teams, as it eliminates the need for additional infrastructure.
4. Backup & DR Included: Cisco typically manages backups and disaster recovery within CDO, ensuring business continuity without internal overhead.
5. Integration with Other Cisco Cloud Services: Seamless integration with other Cisco cloud-delivered security services, like Umbrella and SecureX, can strengthen overall security posture and simplify multi-cloud environments.

Cons:

1. Data Privacy Concerns: Storing data in the cloud may conflict with organizational or regulatory data handling policies.
2. Connectivity Dependence: CDO requires reliable internet access; loss of connectivity can disrupt management, which may be a concern in air-gapped environments.
3. Feature Parity: Not all features available in vFMC are supported in CDO, so depending on the use case, some functions or configurations may be unavailable or limited.

Summary

• For environments prioritizing control, data privacy, and compliance—vFMC can be ideal, but it requires more resources to maintain.
• For those who need scalability, streamlined management, and cost-efficiency—cloud-delivered FMC via CDO is generally more advantageous, assuming connectivity and feature needs align with the organization’s goals.