cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1060
Views
10
Helpful
2
Replies
Highlighted
Beginner

Manage FTD 1100 from FDM or FMC?

Current setup

I have two old pairs of ASA5555 and a virtual FMC. The ASAs are associated with the FMC but they are managed via ASDM

 

New setup

I have two new pairs of FTD 1100s that are going to replace the two pairs of ASA5555 and I am keeping virtual FMC

 

Question

In your opinion, should I run the two new pairs of 1100s from the FDM (Firepower Device Manager) or run them as centralized management through the FMC?

 

Cisco Documentation

"For networks that include only a single device or just a few, where you do not need to use a high-powered
multiple-device manager like the FMC, you can use the integrated Firepower Device Manager (FDM)."

 

Cisco's statement doesn't leave me warm and fuzzy. Maybe I don't need the FMC to manage them, but I have it so should I use it? To my understanding, running them through the FMC means I will not use FDM at all? I assume I would set up VPN tunnels and everything else via the FMC? 

 

Thank you for your responses. I'm also reading plenty of Cisco literature on this subject; Cisco's naming convention makes it a bit rough to follow e.g., FTD, FMC, FDM, ASA, ASDM, Firepower, FirePOWER, Sourcefire... [Palm-to-face] 

 

2 REPLIES 2
Highlighted
VIP Mentor

If you are replacing 2, i would suggest to use FMC, so you can centrally push the policies and more other features.

 

FDM has limited capabilities. ( when you using FMC, you need to manage device with FMC only, no FDM Local Management)

 

BB
*** Rate All Helpful Responses ***
Highlighted
Hall of Fame Guru

The FDM GUI is generally more user-friendly than FMC, especially for network admins who aren't interested in all of the IPS bells and whistles.

FMC can do a few things that aren't possible with FDM but that list is getting shorter with every release. The big ones (as of the current 6.6 release) are you cannot creae prefilter rules in FDM, cannot customize an IPS policy in FDM and FDM doesn't retain historical logs or do as much reporting as FMC. Also, by it's intrinsic nature FDM manages firewalls "one at a time" so there's no ability to reuse policies, objects etc. across multiple firewalls.

One other thing to consider is CDO management. CDO enhances FDM management by addressing the last caveat I mentioned earlier as giving some more GUI-based reporting and visibility. It's also cloud-based so you can easily log in and get the visibility from wherever you are.

In any case, if you use FMC you CANNOT use FDM. FDM and CDO are compatible.

Content for Community-Ad