Looking for Firewall selection advice using Firepower
I'm fairly familar at this junction with Firepower and FMC. Installed it and have been using it for approximately 8 months now on 5512x and 5525x ASAs but by my own admission my knowledge has a long ways to go.
I have been asked to assemble a BOM to outfit a smallish remote office. Approximately 75 users will be at this location. I was considering using a 5516X firewall with Firepower. Additionally, we will lack a robust virtualized infrastructure at this location so I was considering using ASDM to manage the SFR module vs the virtualized FMC which I am the most familiar with.
A. Is my idea sound?
B. How is the ASDM dashboard and usability compared to the virtualized FMC?
Ultimately I am going to consult with a Cisco partner to order everything and such but figured I would fire the first sanity check this way to make sure I was on the right track. Thanks.
You can connect that branch FP module to your existing FMC. Depends on bandwidth and connection type, but I think generally it will give you better experience than managing FP via ASDM.
If you are willing to be pretty much a beta tester, you can go with Firepower Threat Defense image and have a local management via Firepower Device Manager. It is Java-free management for unified image - depending on features you need that may be an option. But be warned - IMHO there's still a lot to do to have a mature product.
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 22.214.171.124Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 126.96.36.199R1(config-ikev2-keyring-pee...
This document shows how to use the Port Radius NAS PORT Id Attribute in a compound condition to control access with 802.1X.A user jdoe is allowed to access the network only through the physical port FastEthernet 0/1 of the switch and the user jwhite is al...
This document provides a configuration example of Security Assertion Markup Language (SAML) Authentication on FTD managed over FDM. The configuration allows Anyconnect users to establish a VPN session authenticating with a SAML Identity Serv...
DMVPN Dual Hub Dual Cloud Pros and ConsProsNo single point of failureQuick failover if routing protocols are tunedLoad balancing is easyTraffic engineering is easyEasy to work with multiple ISPsConsNeed 2 tunnels per spokeConfiguration is more complicated...