cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
63404
Views
109
Helpful
17
Replies

FTD vs FMC

Hi Guys,

To manage Cisco Firewalls (ASA or Firepower 4000), we have two ways:

1. FirePower Threat Defense software (FTD)

2. Firesight Management Center (firepower management center).

My questions:  

- What is the difference between them?

- Using FTD, i can use all the security capabilities (IPS, URL, AMP...etc), correct?

- If i'm using FTD, is it enough? or still i need firesight?

Regards,

2 Accepted Solutions

Accepted Solutions

Oliver Kaiser
Level 7
Level 7

FTD is the unified firewall image running on the firewall itself. To manage FTD there is an option for Onboard management called Firepower Device Manager (FDM) which is only available for low to midend appliances (<= ASA 5545-X)... so not  suitable for your FP4100 firewall. FDM is limited in functionality, thats why its only for smaller deployments that only need a subset of features.

To manage your FP4100 running FTD you will need Firepower Management Center (FMC) which you can install using a virtual machine (KVM/VMware) or a dedicated physical appliance.

Let me know if that answers your question

View solution in original post

Not supported. See FDM configuration guide.

You can manage the smaller firewalls that run FTD using the Firepower Device Manager but keep in mind that it is limited in functionality

FDM has the following limitations:

* no Security Intelligence

* no SSL Decryption

* limited threat analytics (IOCs, etc.)

* no correlation & remedation

* limited subset of configuration options (no ips tuning etc)

View solution in original post

17 Replies 17

Oliver Kaiser
Level 7
Level 7

FTD is the unified firewall image running on the firewall itself. To manage FTD there is an option for Onboard management called Firepower Device Manager (FDM) which is only available for low to midend appliances (<= ASA 5545-X)... so not  suitable for your FP4100 firewall. FDM is limited in functionality, thats why its only for smaller deployments that only need a subset of features.

To manage your FP4100 running FTD you will need Firepower Management Center (FMC) which you can install using a virtual machine (KVM/VMware) or a dedicated physical appliance.

Let me know if that answers your question

Thanks for your reply.

FDM for FP4100 firewall is not suitable or not supported?

If my device is ASA (<= 5545-X)

Regarding FTD or (FDM) , can it control the firewall, IPS, URL...etc?

Not supported. See FDM configuration guide.

You can manage the smaller firewalls that run FTD using the Firepower Device Manager but keep in mind that it is limited in functionality

FDM has the following limitations:

* no Security Intelligence

* no SSL Decryption

* limited threat analytics (IOCs, etc.)

* no correlation & remedation

* limited subset of configuration options (no ips tuning etc)

In addition to what Oliver said, FDM does not support FlexConfigs. Those are used to modify the features based on the original ASA code that are not yet exposed in the FMC GUI.

Slight correction - FDM can manage 5555-X and below.

Marvin thank you for your reply, although for some mysterious (or maybe not...) reason i cannot find your post within the thread!

Hi,

 

Just wondering if I can configure HA in Firepower Device Manager, the on-box management interface? we bought two Firepower 2110 without FMC, still on the way.

 

I have to use on-box management, but I couldn't find the menu to configure HA in Firepower device manager

 

It doesn't mention the HA configuration in Firepower device manager configuration guide.

 

Does it mean we have to use FMC to configure HA, FDM doesn't support it? Thanks!

 

Hello Mr Zeshan Khan
 
 
 
 
 
  
 
 
Please could you confirm if it's possible to configure HA in FDM management mode for a 5555-X ? Thanks in advance.

FDM cannot be used to configure or manage HA FTD appliances.

 

UPDATE - the above is true for <6.3. As of 6.3, the feature was added:

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/relnotes/firepower-release-notes-630/new_features.html#concept_D3A005FB2B0E45BBBDF5392C4D1DD138

Thanks for your response and help.

Many thanks Marvin

Thanks for the reply,

If this is the case for FTD, I'm wondering if i have ASA with FTD, how i'm going to utilize the security features such as IPS, Maleware, URL.

Can i really get the benefits of these licenses?

Regards

You can get all the basic and even intermedate threat protection features those licenses provide. It's only some of the more advanced configuration and reporting bits that are missing without FMC. 

A 2 device FMC license is only US$500. It's well worth the incremental investment when you compare it to what the ASA appliance and FTD licenses already cost.

Hello,

is it possible to use FDM on an ASA-5545-X with FTD 6.3, while FMC is also being used?

6.2 is the current release.

If you register the FTD device to FMC, then you cannot use FDM.

Review Cisco Networking for a $25 gift card