03-06-2017 01:49 PM - edited 03-12-2019 02:01 AM
Hi Guys,
To manage Cisco Firewalls (ASA or Firepower 4000), we have two ways:
1. FirePower Threat Defense software (FTD)
2. Firesight Management Center (firepower management center).
My questions:
- What is the difference between them?
- Using FTD, i can use all the security capabilities (IPS, URL, AMP...etc), correct?
- If i'm using FTD, is it enough? or still i need firesight?
Regards,
Solved! Go to Solution.
03-06-2017 03:14 PM
FTD is the unified firewall image running on the firewall itself. To manage FTD there is an option for Onboard management called Firepower Device Manager (FDM) which is only available for low to midend appliances (<= ASA 5545-X)... so not suitable for your FP4100 firewall. FDM is limited in functionality, thats why its only for smaller deployments that only need a subset of features.
To manage your FP4100 running FTD you will need Firepower Management Center (FMC) which you can install using a virtual machine (KVM/VMware) or a dedicated physical appliance.
Let me know if that answers your question
03-06-2017 03:49 PM
Not supported. See FDM configuration guide.
You can manage the smaller firewalls that run FTD using the Firepower Device Manager but keep in mind that it is limited in functionality
FDM has the following limitations:
* no Security Intelligence
* no SSL Decryption
* limited threat analytics (IOCs, etc.)
* no correlation & remedation
* limited subset of configuration options (no ips tuning etc)
03-06-2017 03:14 PM
FTD is the unified firewall image running on the firewall itself. To manage FTD there is an option for Onboard management called Firepower Device Manager (FDM) which is only available for low to midend appliances (<= ASA 5545-X)... so not suitable for your FP4100 firewall. FDM is limited in functionality, thats why its only for smaller deployments that only need a subset of features.
To manage your FP4100 running FTD you will need Firepower Management Center (FMC) which you can install using a virtual machine (KVM/VMware) or a dedicated physical appliance.
Let me know if that answers your question
03-06-2017 03:28 PM
Thanks for your reply.
FDM for FP4100 firewall is not suitable or not supported?
If my device is ASA (<= 5545-X)
Regarding FTD or (FDM) , can it control the firewall, IPS, URL...etc?
03-06-2017 03:49 PM
Not supported. See FDM configuration guide.
You can manage the smaller firewalls that run FTD using the Firepower Device Manager but keep in mind that it is limited in functionality
FDM has the following limitations:
* no Security Intelligence
* no SSL Decryption
* limited threat analytics (IOCs, etc.)
* no correlation & remedation
* limited subset of configuration options (no ips tuning etc)
03-06-2017 07:23 PM
In addition to what Oliver said, FDM does not support FlexConfigs. Those are used to modify the features based on the original ASA code that are not yet exposed in the FMC GUI.
Slight correction - FDM can manage 5555-X and below.
03-23-2017 02:30 AM
Marvin thank you for your reply, although for some mysterious (or maybe not...) reason i cannot find your post within the thread!
09-26-2017 12:43 PM
Hi,
Just wondering if I can configure HA in Firepower Device Manager, the on-box management interface? we bought two Firepower 2110 without FMC, still on the way.
I have to use on-box management, but I couldn't find the menu to configure HA in Firepower device manager
It doesn't mention the HA configuration in Firepower device manager configuration guide.
Does it mean we have to use FMC to configure HA, FDM doesn't support it? Thanks!
10-02-2017 05:41 AM
10-02-2017 07:56 AM - edited 04-15-2019 09:01 PM
FDM cannot be used to configure or manage HA FTD appliances.
UPDATE - the above is true for <6.3. As of 6.3, the feature was added:
10-02-2017 08:10 AM
Thanks for your response and help.
10-02-2017 08:12 AM
03-07-2017 03:26 AM
Thanks for the reply,
If this is the case for FTD, I'm wondering if i have ASA with FTD, how i'm going to utilize the security features such as IPS, Maleware, URL.
Can i really get the benefits of these licenses?
Regards
03-07-2017 03:30 AM
You can get all the basic and even intermedate threat protection features those licenses provide. It's only some of the more advanced configuration and reporting bits that are missing without FMC.
A 2 device FMC license is only US$500. It's well worth the incremental investment when you compare it to what the ASA appliance and FTD licenses already cost.
03-22-2017 03:17 PM
Hello,
is it possible to use FDM on an ASA-5545-X with FTD 6.3, while FMC is also being used?
03-22-2017 07:18 PM
6.2 is the current release.
If you register the FTD device to FMC, then you cannot use FDM.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide