Security context vs. Multi-instance

Jaro · ‎07-24-2020

Hi All,

I'm trying to find out what are differences between Security contexts (FPR2140) and Multi-instance(FPR4112), could you please help me to clarify why is Multi-instance better. I need around 20 "virtual firewalls".

Also I need to know if PA-5220 is comparable with FPR2140/ FPR4112, and if PA is better or not from some point of view.

Do cisco have same features as PA have ?

Thank you

Jason KC · ‎07-24-2020

FirePower hardware can run either ASA or FTD (FirePower) software.

When it's running ASA software, security contexts are supported and work just like context did on older ASAs.

When it's running FTD (FirePower) software security contexts are NOT supported only instances are supported.

This note from the Multi-Instance Configuration Guide explains it best:
"Multi-instance capability is similar to ASA multiple context mode, although the implementation is different. Multiple context mode partitions a single application instance, while multi-instance capability allows independent container instances. Container instances allow hard resource separation, separate configuration management, separate reloads, separate software updates, and full Firepower Threat Defense feature support. Multiple context mode, due to shared resources, supports more contexts on a given platform. Multiple context mode is not available on the Firepower Threat Defense."

It's hard to say if they are comparable unless you know what features you need. I would suggest pulling up the data sheets for each model and comparing the features you need.

PA-5220 (PDF)

Firepower-2140

Firepower-4112

Look for third party testing like NSS Labs or Gartner if you want more information to compare the two.