cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

574
Views
5
Helpful
5
Replies
Highlighted
Beginner

New updates for the difference between FTD and ASA with firepower

Good day,

 

Kindly assist with the latest feature comparison between FTD and ASA with firepower.

 

 

Regards.

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Guru

I created this to assist the discussion.

 

ASA

(with Firepower service module where applicable)

Firepower Threat Defense

Layer 3/4 stateful firewall

Layer 7 next generation firewall

Remote access SSL VPN including specific features:

-  Clientless

-  Third party clients

-  DAP

-  Hostscan

-  VPN Load balancing

-  SAML Authentication

-  Local authentication

-  Deploy all AnyConnect modules (VPN, NAM, Posture, Umbrella Roaming, etc.)

-  AnyConnect customization

Remote access SSL VPN

- except the features listed to the left

- expect hostscan, SAML and non-VPN modules in Firepower 6.7 (Fall 2020)

- Clientless not expected in FTD

- Other features TBD

IPS via Firepower service module

- not available when running ASA on Firepower hardware or ASAv

IPS built-in with TALOS Security Intelligence feeds and Snort rules

Multiple context

- no VRF or true multi-tenancy

Multi-instance (4100 and 9300 series), multi-tenancy, VRF (as of 6.6)

Limited event analysis (syslog and debug) on ASA natively or with ASDM.

FMC management adds rich functionality for traffic transiting the service module

Limited event analysis with Firepower Device Manager.

Rich incident response and threat investigation (with FMC management)

No TLS decryption

TLS decryption

Most ASA hardware models end of sales by Fall 2020

Firepower product line actively being developed and enhanced.

 

View solution in original post

5 REPLIES 5
Highlighted
VIP Mentor
Highlighted
VIP Advisor

These documents, including the one I have posed below, are a bit out of date.  As for the link I have posted, newer versions of FTD support multi-instance which does allow for context like features for the FTD (seperate admin access for each instance, seperate routing instances).

 

https://www.linkedin.com/pulse/cisco-adaptive-security-appliance-asa-vs-firepower-dean-armada/

--
Please remember to select a correct answer and rate helpful posts
Highlighted
Hall of Fame Guru

I created this to assist the discussion.

 

ASA

(with Firepower service module where applicable)

Firepower Threat Defense

Layer 3/4 stateful firewall

Layer 7 next generation firewall

Remote access SSL VPN including specific features:

-  Clientless

-  Third party clients

-  DAP

-  Hostscan

-  VPN Load balancing

-  SAML Authentication

-  Local authentication

-  Deploy all AnyConnect modules (VPN, NAM, Posture, Umbrella Roaming, etc.)

-  AnyConnect customization

Remote access SSL VPN

- except the features listed to the left

- expect hostscan, SAML and non-VPN modules in Firepower 6.7 (Fall 2020)

- Clientless not expected in FTD

- Other features TBD

IPS via Firepower service module

- not available when running ASA on Firepower hardware or ASAv

IPS built-in with TALOS Security Intelligence feeds and Snort rules

Multiple context

- no VRF or true multi-tenancy

Multi-instance (4100 and 9300 series), multi-tenancy, VRF (as of 6.6)

Limited event analysis (syslog and debug) on ASA natively or with ASDM.

FMC management adds rich functionality for traffic transiting the service module

Limited event analysis with Firepower Device Manager.

Rich incident response and threat investigation (with FMC management)

No TLS decryption

TLS decryption

Most ASA hardware models end of sales by Fall 2020

Firepower product line actively being developed and enhanced.

 

View solution in original post

Highlighted

I was under the impression that this discussion was on the difference between functionality of the Firepower module in the ASA and Firepower on the FTD and not the difference between ASA and Firepower?

--
Please remember to select a correct answer and rate helpful posts
Highlighted

@Marius Gunnerud to make my comparison more broadly applicable, including the distinction you mentioned, I updated my chart.

Content for Community-Ad