Hi Marvin!, how can we deploy the workaround with security zones?

Thanks!

If multiple contexts are only to separate tenants' or departments' traffic administratively and security-wise you can simply define them as separate zones and keep their traffic separate by not allowing traffic between the zones.

Only if you need features like support for independent distinct routing tables (potentially with overlapping address space) and delegated management without the ability to see other tenants would you need multiple contexts. In such a case, Cisco advocates putting traditional multiple context ASA "in series" with Firepower appliances to get all the features of both products.

Personally I believe this is a bit more complexity and cost than should be necessary to meet the functional requirements but it will work.

Hi Marvin, 

¿Have you heard any update about the multi context feature on Firepowers? 

Thanks!

James

There's been no update from Cisco.

I know they are aware that it is an in-demand feature from many customers but they have not yet made any public commitment to deliver it.

If it's important to your organization or your customers then I strongly suggest you make sure your Cisco account manager knows that. The more customers asking for it, the better the business case inside Cisco for making it a higher priority.

Is there any guidance on separating multiple tenants into security zones on the ASA  as you suggested . I thought the Zone based deployment model only applied to router based firewalls.

Hi Marvin,

Is this possible now? or we must wait.

Thanks

There's no update since I last posted 72 hours ago.

The feature is not available in Firepower 6.2.2.

Watch the release notes as new versions come out - that will be the definitive source for this information.

https://www.cisco.com/c/en/us/support/security/defense-center/products-release-notes-list.html

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/relnotes/firepower-release-notes-630.html

Hello,

Cisco have just released Firepower 6.3.0 as of Wednesday, 5th December. Multi-instance is now available.

It is now 2024.  Does FTD yet support multiple contexts yet?   It seems multiple instances complicate the process.  I have heard finally in release 7.2.0+ finally supports Anyconnect.  ASA does not support Firepower on 2110 platform only FTD.  I need a solution to support anyconnect, multiple contexts and firepower.  Does this exist yet?

FTD does not now nor will it ever support contexts. Multi-instance with FTD is the way to support similar features.

Remote access VPN with AnyConnect (or Secure Client as it is now known) has been supported on FTD for years now - well before version 7.2.x.

Is there another model above the 2110 that in ASA mode would support multiple contexts, firepower and anyconnect.  The only reason I am upgrading/replacing my 5525x  multitenant solution is because Cisco has EOL it pretty much without a 1-1 solution.  I will have to move up to a 4110 to get 20+ Multi-instances.