Solved: FTD Software for ASA

GRANT3779 · ‎08-23-2016

I understand that there is the above software which now unifies the functionality of the ASA software and FirePOWER services into one image.

With the standard setup, we currently have ASAs with FirePOWER services running SSD. When traffic passes through the ASA we have policy which sends traffic to FirePOWER. We also manage the FirePOWER modules via FMC.

With an ASA running FTD -

* How is traffic going through the ASA then sent to the actual FirePOWER policies?

* I would assume policies are all still managed and pushed out via the FMC?

* We currently log into the FirePower module and run a command to add the device to FMC. How is then done with on an ASA with FTD if everything is all one image? Is everything all managed by the same IP?

Hopefully someone can clear this up

Thanks

Marvin Rhoads · ‎08-23-2016

1. With FTD the traffic flow is done via a single set of policy and associated configuration. You can see a packet processing path for FTD and contrast with the ASA with FirePOWER services module in the presentation for BRKSEC-2050 (slide 140) from Cisco Live US 2016.

https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=90909

2. Yes.

3. One unified image and one address to manage it. See presentation for BRKSEC-2020 (slide 16).

https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=92596

(I see he also has the FTD packet processing flow diagram on slide 45.)

View solution in original post

Marvin Rhoads · ‎08-23-2016