Replacing Cisco ASA 5512-x with firepower service to a new product

Samer R. Saleem · ‎09-22-2018

Hi,

Currently I have Cisco ASA5512-X with firepower services, and we have plan to replace it, I would like to get some suggestions for what should I get next? what I found is Firepower 2100 series which looks good for our environment

but what is the measure here? is there a tool help choosing the correct device?

for example I have about 400 users, wireless service and lan service, server farm, proxy server, email gateway, VPN connections (RA) and maybe site to site

Marvin Rhoads · ‎09-23-2018

Bandwidth is your primary measurand used in judging the right platform size-wise. That plus the features being considered. (i.e. if it's FTD then are you doing IPs, URL Filtering and/or AMP?).

If you put ASA image on a Firepower 2100 you cannot also install a Firepower service module. So you would need to run FTD to keep the IPS features. At the same time, there are some constraints on the feature support, especially with respect to remote access VPN.

For sizing, there is a performance estimator tool available for partners to use. https://ngfwpe.cisco.com

Overall I'd recommend you contact a qualified reseller who can ask more detailed questions about your environment to recommend the best solution.

Samer R. Saleem · ‎09-25-2018

thanks for your reply, any idea why I cant access the link ngfwpe.cisco.com?
it shows "policy error"

Marvin Rhoads · ‎09-25-2018

Your cisco.com id must have partner entitlement to use it.