cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5613
Views
10
Helpful
5
Replies

New updates for the difference between FTD and ASA with firepower

The Lawr
Level 1
Level 1

Good day,

 

Kindly assist with the latest feature comparison between FTD and ASA with firepower.

 

 

Regards.

 

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

I created this to assist the discussion.

 

ASA

(with Firepower service module where applicable)

Firepower Threat Defense

Layer 3/4 stateful firewall

Layer 7 next generation firewall

Remote access SSL VPN including specific features:

-  Clientless

-  Third party clients

-  DAP

-  Hostscan

-  VPN Load balancing

-  SAML Authentication

-  Local authentication

-  Deploy all AnyConnect modules (VPN, NAM, Posture, Umbrella Roaming, etc.)

-  AnyConnect customization

Remote access SSL VPN

- except the features listed to the left

- expect hostscan, SAML and non-VPN modules in Firepower 6.7 (Fall 2020)

- Clientless not expected in FTD

- Other features TBD

IPS via Firepower service module

- not available when running ASA on Firepower hardware or ASAv

IPS built-in with TALOS Security Intelligence feeds and Snort rules

Multiple context

- no VRF or true multi-tenancy

Multi-instance (4100 and 9300 series), multi-tenancy, VRF (as of 6.6)

Limited event analysis (syslog and debug) on ASA natively or with ASDM.

FMC management adds rich functionality for traffic transiting the service module

Limited event analysis with Firepower Device Manager.

Rich incident response and threat investigation (with FMC management)

No TLS decryption

TLS decryption

Most ASA hardware models end of sales by Fall 2020

Firepower product line actively being developed and enhanced.

 

View solution in original post

5 Replies 5

These documents, including the one I have posed below, are a bit out of date.  As for the link I have posted, newer versions of FTD support multi-instance which does allow for context like features for the FTD (seperate admin access for each instance, seperate routing instances).

 

https://www.linkedin.com/pulse/cisco-adaptive-security-appliance-asa-vs-firepower-dean-armada/

--
Please remember to select a correct answer and rate helpful posts

Marvin Rhoads
Hall of Fame
Hall of Fame

I created this to assist the discussion.

 

ASA

(with Firepower service module where applicable)

Firepower Threat Defense

Layer 3/4 stateful firewall

Layer 7 next generation firewall

Remote access SSL VPN including specific features:

-  Clientless

-  Third party clients

-  DAP

-  Hostscan

-  VPN Load balancing

-  SAML Authentication

-  Local authentication

-  Deploy all AnyConnect modules (VPN, NAM, Posture, Umbrella Roaming, etc.)

-  AnyConnect customization

Remote access SSL VPN

- except the features listed to the left

- expect hostscan, SAML and non-VPN modules in Firepower 6.7 (Fall 2020)

- Clientless not expected in FTD

- Other features TBD

IPS via Firepower service module

- not available when running ASA on Firepower hardware or ASAv

IPS built-in with TALOS Security Intelligence feeds and Snort rules

Multiple context

- no VRF or true multi-tenancy

Multi-instance (4100 and 9300 series), multi-tenancy, VRF (as of 6.6)

Limited event analysis (syslog and debug) on ASA natively or with ASDM.

FMC management adds rich functionality for traffic transiting the service module

Limited event analysis with Firepower Device Manager.

Rich incident response and threat investigation (with FMC management)

No TLS decryption

TLS decryption

Most ASA hardware models end of sales by Fall 2020

Firepower product line actively being developed and enhanced.

 

I was under the impression that this discussion was on the difference between functionality of the Firepower module in the ASA and Firepower on the FTD and not the difference between ASA and Firepower?

--
Please remember to select a correct answer and rate helpful posts

@Marius Gunnerud to make my comparison more broadly applicable, including the distinction you mentioned, I updated my chart.

Review Cisco Networking for a $25 gift card