10-22-2020 09:27 AM
We have two 5515x ASAs with Firepower. Pretty soon we will not be able cover them with a Smartnet and we should start looking at other Cisco firewalls for replacement/upgrade. We have been happy with there performance even when most of our user base went remote. I have maxed out at about 85 Anyconnect users and most of the Firepower functionality has enhanced our security in my opinion. Can someone recommend a path moving forward towards a newer model?
Thanks
10-22-2020 10:19 AM
The last date of hardware support of Cisco ASA 5515x is August 31, 2022. So you still have time to get support from TAC n case of any issue. Let's compare in case you need replacement
Cisco ASA 5515-X
Cisco ASA 5515-X Stateful inspection throughput - 1.2 Gbps
ASA 5515-X IPS throughput = 400 Mbps
CIsco FPR-1120
NGFW throughout - 1.5 Gbps
NGIPS throughput- 1.5 Gbps
The best fit is Cisco NGFW 1120 for your ASA 5515-X Firepower devices.
Good luck and rate my reply if you like it.
Regards
Inderdeep Singh
10-22-2020 10:34 AM
10-22-2020 08:54 PM - edited 10-22-2020 08:54 PM
hi mohammed,
we'll also be doing a HW refresh on our ASA 5500-x soon and replace them with firepower/FTD.
is it wise to deploy them in ASA appliance mode in the long run?
we just need to run basic FW, NAT and S2S VPN services in our environment and don't want to incur any CAPEX/OPEX to maintain FMC and smart licenses.
10-25-2020 04:55 AM
The problem is "basic firewall" doesn't protect fully against current threats. If you want something with real protection then a modern firewall like Cisco Firepower Threat Defense (FTD) running on a Firepower appliance is needed. Haiving at least the IPS subscription isn't very much ongoing expense for the added protection you get.
Whatever perimeter firewall you use should be complemented with endpoint and DNS security - for example Cisco AMP for Endpoints and Umbrella.
05-11-2022 02:57 AM
Hi Guys, Please advice on the subscriptions options on FTD
when it comes to license on FTD 1140 , NGIPS is bundled with the BOX ? any part number ?
I can only see Cisco FPR1140 Threat Defense Threat, Malware and URL 1Y Subs only - L-FPR1140T-TMC-3Y
is there any other subscriptions do I need to considering to add ?
Please find the configured BOM
SF-FMC-VMW-2-K9 | Yes | Cisco Firepower Management Center, (VMWare) for 2 devices |
CON-ECMUS-SFMMCVWK | - | SOLN SUPP SWSS Cisco Firepower Management Center, (VMWa |
FPR1140-NGFW-K9 | - | Cisco Firepower 1140 NGFW Appliance, 1U |
CON-SNTP-FR11P40N | - | SNTC-24X7X4 Cisco Firepower 1140 NGFW Appliance, 1U |
FPR1140T-TMC | Yes | Cisco FPR1140 Threat Defense Threat, Malware and URL License |
L-FPR1140T-TMC-3Y | - | Cisco FPR1140 Threat Defense Threat, Malware and URL 3Y Subs |
CAB-ACU | - | AC Power Cord (UK), C13, BS 1363, 2.5m |
SF-F1K-TD7.0.1-K9 | - | Cisco Firepower Threat Defense software v7.0.1 for FPR1000 |
FPR1K-RM-SSD200- | - | Cisco Firepower 1K Series 200GB for FPR-1120/1140 |
FPR1K-RM-ACY-KIT | - | Cisco Firepower 1K Series Accessory Kit for FPR-1120/1140 |
FPR1000-ASA | Yes | Cisco Firepower 1000 Standard ASA License |
FPR-LTP-QR-LBL | - | Cisco Firepower QR Label - Internal Use Only |
GLC-SX-MMD | - | 1000BASE-SX SFP transceiver module, MMF, 850nm, DOM |
05-11-2022 06:11 AM
The Threat license is what maps to NGIPS capability. That's the "T" in TMC.
If you need remote access VPN you may want to add AnyConnect licenses.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide