Solved: Re: FPR4140-NGFW-K9 vs FPR4140-NGIPS-K9

atiye.bigdeli · ‎04-06-2020

Hi

I have a question about difference between the following products:

FPR4140-NGFW-K9

FPR4140-NGIPS-K9

FPR4140-AMP-K9

I want to order the 4145 Firewall, but in "built and price" there isn't FPR4145-GFW-K9 part number.

is FPR4145-NGIPS-K9 the same as FPR4145-NGFW-K9?

Marvin Rhoads · ‎04-07-2020

Which top level appliance SKU you select depends on the desired deployment type. So select the desired appliance by deployment type (4140 example):
● FPR4140-ASA-K9 (for firewall deployment, running standalone ASA firewall)
or
● FPR4140-NGFW-K9 (for NGFW deployment, running Cisco Firepower Threat Defense)
or
● FPR4140-NGIPS-K9 (for NGIPS deployment [inline options], running Cisco Firepower Threat Defense)

Certain license and netmod SKUs will only be available to bundle into the top level part number when you select the correct starting point. For example, fail-to-wire netmods are not available on appliances running the ASA image.

View solution in original post

Marvin Rhoads · ‎04-15-2020

You can but your options will be more limited since in NGIPS mode the device is transparent to user traffic. So it cannot NAT, for example. If you want to use it like a firewall (vs IPS) then why not just go with NGFW mode (FTD)?

View solution in original post

Marvin Rhoads · ‎04-16-2020

I don't have a comprehensive list although yours does list several pertinent differences.

The vast majority of customers are ordering the NGFW variant as they do so much more in general. NGIPS is purchased only by those who need a purely security appliance and prefer to perform all of the non-supported features on other devices. We see these primarily in larger organizations where a dedicated security team is responsible for all aspects of operations of the appliances.

View solution in original post

Marvin Rhoads · ‎04-07-2020

Which top level appliance SKU you select depends on the desired deployment type. So select the desired appliance by deployment type (4140 example):
● FPR4140-ASA-K9 (for firewall deployment, running standalone ASA firewall)
or
● FPR4140-NGFW-K9 (for NGFW deployment, running Cisco Firepower Threat Defense)
or
● FPR4140-NGIPS-K9 (for NGIPS deployment [inline options], running Cisco Firepower Threat Defense)

Certain license and netmod SKUs will only be available to bundle into the top level part number when you select the correct starting point. For example, fail-to-wire netmods are not available on appliances running the ASA image.

atiye.bigdeli · ‎04-15-2020

Hi, thank you so for your help.

According to your respond we decided to buy the FPR4140-NGIPS-K9 appliance.

I have a another question

on FPR4140-NGIPS-K9 that has the "NGIPS deployment [inline options]" still can we use this device as a firewall like FPR4140-NGFW-K9 and use the access-lists?

BR

Marvin Rhoads · ‎04-15-2020

You can but your options will be more limited since in NGIPS mode the device is transparent to user traffic. So it cannot NAT, for example. If you want to use it like a firewall (vs IPS) then why not just go with NGFW mode (FTD)?

atiye.bigdeli · ‎04-16-2020

thank you so much.

because I dont know the exactly difference between these appliances.

is there any document about their difference?

can we say that the following feature is only supported on FPR4125-NGIPS-K9?

Hardware Bypass ports

and the following feautres are not supported on FPR4125-NGIPS-K9?

DHCP server
DHCP relay
DHCP client
TCP Intercept
Routing
NAT
VPN
Application inspection
QoS
NetFlow

BR

Marvin Rhoads · ‎04-16-2020

I don't have a comprehensive list although yours does list several pertinent differences.

The vast majority of customers are ordering the NGFW variant as they do so much more in general. NGIPS is purchased only by those who need a purely security appliance and prefer to perform all of the non-supported features on other devices. We see these primarily in larger organizations where a dedicated security team is responsible for all aspects of operations of the appliances.