The need for FMC on FTD 2110

steiostb1 · ‎01-17-2019

Is it necessary to use Firepower Management Center (FMC) to setup site-to-site VPN or RA-VPN? I am currently using the on-box FDM-system and FTD/system support diagnostic-cli.

I find it hard to troubleshoot, reading logs etc. Do I really need to buy the FMC to use my FTD 2110 box?

For instans i am trying to setup site-to-site VPN and need to turn on "sysopt connection permit-vpn", but there is no way to turn this on in the GUI(FTD) or CLI.

Regards

Marius Gunnerud · ‎01-17-2019

FDM is very limited in the available features. So if you need to configure some specific settings that are not present in the FDM then you will need to purchase the FMC to get this done.

In my personal opinion, the FDM is not a good configuration tool and I would recommend getting the FMC no matter what size company is using it. Troubleshooting and configuration is much easier with FMC.

--
Please remember to select a correct answer and rate helpful posts

balaji.bandi · ‎01-18-2019

Agreed and you want to have more advanced features you need FMC.

I know for small medium business it will be add cost, it would be nice to have Cisco to give FMC to manage 1 Device defautl free who ever buy FTD appliance(FMC vm version free)

Like other vendor does, like Citrix MAS is free to manage SDX 23 VPX (example)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

steiostb1 · ‎01-24-2019

Thank you both for answers!

I am still not sure wheter it is required to use FMC to setup up site-to-site VPN? Cisco have released a guide to setup site-to-site VPN from the onbox software (FDM): https://www.cisco.com/c/en/us/td/docs/security/firepower/630/fdm/fptd-fdm-config-guide-630/fptd-fdm-s2svpn.html