Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5613
Views
10
Helpful
5
Replies

New updates for the difference between FTD and ASA with firepower

Go to solution
The Lawr
Level 1
Level 1

‎06-12-2020 05:44 AM

Good day,

 

Kindly assist with the latest feature comparison between FTD and ASA with firepower.

 

 

Regards.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-12-2020 11:12 PM - edited ‎06-13-2020 07:15 AM

I created this to assist the discussion.

 

ASA

(with Firepower service module where applicable)

Firepower Threat Defense

Layer 3/4 stateful firewall

Layer 7 next generation firewall

Remote access SSL VPN including specific features:

-  Clientless

-  Third party clients

-  DAP

-  Hostscan

-  VPN Load balancing

-  SAML Authentication

-  Local authentication

-  Deploy all AnyConnect modules (VPN, NAM, Posture, Umbrella Roaming, etc.)

-  AnyConnect customization

Remote access SSL VPN

- except the features listed to the left

- expect hostscan, SAML and non-VPN modules in Firepower 6.7 (Fall 2020)

- Clientless not expected in FTD

- Other features TBD

IPS via Firepower service module

- not available when running ASA on Firepower hardware or ASAv

IPS built-in with TALOS Security Intelligence feeds and Snort rules

Multiple context

- no VRF or true multi-tenancy

Multi-instance (4100 and 9300 series), multi-tenancy, VRF (as of 6.6)

Limited event analysis (syslog and debug) on ASA natively or with ASDM.

FMC management adds rich functionality for traffic transiting the service module

Limited event analysis with Firepower Device Manager.

Rich incident response and threat investigation (with FMC management)

No TLS decryption

TLS decryption

Most ASA hardware models end of sales by Fall 2020

Firepower product line actively being developed and enhanced.

 

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-12-2020 05:49 AM

here is the information :

 

http://networkequipmentcisco.blogspot.com/2018/04/cisco-asa-with-firepower-services-vs-ftd.html

 

Good thread :

 

https://community.cisco.com/t5/network-security/cisco-asa-ftd-vs-firepower-software/m-p/2862295

 

check the compatability :

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP

‎06-12-2020 02:22 PM

These documents, including the one I have posed below, are a bit out of date.  As for the link I have posted, newer versions of FTD support multi-instance which does allow for context like features for the FTD (seperate admin access for each instance, seperate routing instances).

 

https://www.linkedin.com/pulse/cisco-adaptive-security-appliance-asa-vs-firepower-dean-armada/

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-12-2020 11:12 PM - edited ‎06-13-2020 07:15 AM

I created this to assist the discussion.

 

ASA

(with Firepower service module where applicable)

Firepower Threat Defense

Layer 3/4 stateful firewall

Layer 7 next generation firewall

Remote access SSL VPN including specific features:

-  Clientless

-  Third party clients

-  DAP

-  Hostscan

-  VPN Load balancing

-  SAML Authentication

-  Local authentication

-  Deploy all AnyConnect modules (VPN, NAM, Posture, Umbrella Roaming, etc.)

-  AnyConnect customization

Remote access SSL VPN

- except the features listed to the left

- expect hostscan, SAML and non-VPN modules in Firepower 6.7 (Fall 2020)

- Clientless not expected in FTD

- Other features TBD

IPS via Firepower service module

- not available when running ASA on Firepower hardware or ASAv

IPS built-in with TALOS Security Intelligence feeds and Snort rules

Multiple context

- no VRF or true multi-tenancy

Multi-instance (4100 and 9300 series), multi-tenancy, VRF (as of 6.6)

Limited event analysis (syslog and debug) on ASA natively or with ASDM.

FMC management adds rich functionality for traffic transiting the service module

Limited event analysis with Firepower Device Manager.

Rich incident response and threat investigation (with FMC management)

No TLS decryption

TLS decryption

Most ASA hardware models end of sales by Fall 2020

Firepower product line actively being developed and enhanced.

 

Go to solution
Marius Gunnerud
VIP
VIP
In response to Marvin Rhoads

‎06-13-2020 07:03 AM

I was under the impression that this discussion was on the difference between functionality of the Firepower module in the ASA and Firepower on the FTD and not the difference between ASA and Firepower?

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Marius Gunnerud

‎06-13-2020 07:16 AM

@Marius Gunnerud to make my comparison more broadly applicable, including the distinction you mentioned, I updated my chart.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card