The information you attribute

CSCO11428485 · ‎05-03-2015

Dear All Member,

I Need the cisco expert to support me on this case

actually i want to know which features on the nexet generation firewall with a firepower module license are not on the sourcefire- 8140 appliance so as i heard from the sourcefire specialist the sourcefire- 8140 appliance has the same features of the asa-55x, and we can replace our old firewall with the sourcefire- 8140 , so i want to approve that they are totally wrong, they told me that i can create a zone and policy, natting, routing and so on on the sourcefire-8140 appliance, please advice

Marvin Rhoads · ‎05-06-2015

The information you attribute to the specialist is a bit misleading.

A Cisco FirePOWER 8140 chassis can do NATting or routing. NATting is possible though not nearly as flexible and feature rich as on an ASA. Routing is limited to static, RIP, and OSPF.

VPN support on a FirePOWER appliance is limited to IPsec site to site IPsec VPNs and remote endpoints must be Cisco devices. Remote access SSL VPN is not supported, nor are any of the many things you can do with them on an ASA.

For those features you CAN do on the dedicated appliances, the question of whether you SHOULD do it is the more important one. If you have very basic requirements and are comfortable working withing those constraints and your primary need is a strong next generation IPS, the FirePOWER appliance may be best for you.

For many customers, an appliance plus a router and/or an ASA (possibly with FirePOWER module) is a better choice. In those use cases, one can choose the platforms that are designed for purpose rather than use all the edge cases of a single platform to stuff every feature onto one box.

Sourecefire & ASA Firewall