Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3436
Views
5
Helpful
1
Replies

FPS vs FTD

keithcclark71
Level 6
Level 6

‎04-05-2018 09:06 AM - edited ‎02-21-2020 07:36 AM

Is the main difference between FPS and FTD that with FTD as far as management of the ASA goes that object/ACE creation will need to be done from the FMC itself and not possible through an ASDM or CLI? Is it the goal of Cisco to eliminate IOS/CLI access?

 

It has been awhile for me since I worked within firepower and FTD at that time was spoken of but not quite there yet for production deployments. What is the current status of FTD and obviously as asked above is my perceivement wrong?

Labels:
0 Helpful
1 Reply 1

Oliver Kaiser
Level 11
Level 11

‎04-08-2018 02:37 AM

It's a bit more than the management. FTD basically combines the asa and sourcefire code into one image so there is no need for a software or hardware module in the firewall. I wouldn't say it is their goal to eliminate CLI but it was an unfortunate conclusion that was reached. CLI configuration is not possible as of now (with some cli operations being the exception) and all configuration must be done from FMC or FDM UI.

 

As of now I would say it is worth taking a look at, since it will be the way forward in ciscos firewall strategy. Ofc there are still some limitations that you should keep in mind:

Unsupported

  • Multiple-Context mode
  • Clientless SSL VPN
  • Configuration CLI
  • HA (Active/Standby) for Public Cloud (AWS/Azure)
  • ASA5585-X Platform support (not possible due to hardware architecture)
  • Hyper-V support
  • TLS Proxy for Encrypted Voice Inspection

Supported with limitations

  • Local device manager (no feature parity between FDM and FMC)
  • Central management via in-band data path (Staging or OOB required for remote management)
  • AnyConnect (no feature parity with ASA)
  • REST API (no feature parity with ASA REST API yet)
  • SSL Acceleration (only for FPR4100 & FPR9300)
  • Clustering (only for FPR4100 & FPR9300)
  • Unified Connection Logging (FTD Connection events do not include detailed L4 information, e.g. SYN Timeout, etc.)

Supported with FlexConfig

  • Modular Policy Framework (e.g. changing tcp timeouts, changing inspections depending on ACL)
  • Bidirectional Forwarding Detection (BFD)
  • Web Cache Communications Protocol (WCCP)
  • Virtual Extensible LAN (VXLAN)
  • Intermediate System to Intermediate System (IS-IS)
  • Enhanced Interior Gateway Routing Protocol (EIGRP)
  • Policy-based Routing (PBR)
  • Equal-cost multi-path routing (ECMP)
  • NetFlow

 

Hope that helps. 🙂 

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card