Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4188
Views
7
Helpful
3
Replies

Differentiation between NGFW and ASA

at@ps
Level 1
Level 1

‎02-27-2023 01:35 AM - edited ‎02-27-2023 01:38 AM

Hi All,

I can't differentiate between these products and their features. I've summarized my concerns in these questions: 

  • How can I differentiate between these solutions (NGFW, FTD, and ASA)?
  • Can NGFWs grant FTD features if an image or license has loaded, or does just specific NGFW series have this option- grant FTD features?
  • What are the differences between images installed on the NGFW (briefly)?
  • Can an ASA device grant FTD features?
  • How could licensing change firewall functionality?

I know it's a vast topic, but I appreciate anyone can provide resources that could help.

Thanks

Labels:
3 Replies 3

M02@rt37
VIP
VIP

‎02-27-2023 04:46 AM - edited ‎02-27-2023 04:47 AM

Hello at@ps 

NGFW, FTD, and ASA are all Cisco security solutions with slightly different feature sets and capabilities.

NGFW  is a firewall solution that includes traditional firewall functionality along with additional security features such as Intrusion Prevention System (IPS), Application Visibility and Control (AVC), and URL Filtering. NGFWs are typically deployed at the network perimeter to protect against external threats.

FTD (Firepower Threat Defense) is a software image that can be installed on various Cisco security appliances, including the Adaptive Security Appliance (ASA) and Firepower hardware appliances. FTD includes NGFW features along with advanced threat detection and remediation capabilities such as File/Malware Detection, Network Analysis, and Endpoint Protection. FTD is designed to protect against both internal and external threats and is commonly deployed in data centers, campus networks, and branch offices.

ASA (Adaptive Security Appliance) is a traditional firewall solution that provides network security at the perimeter. ASAs have been replaced by FTD as the recommended security solution for most deployment scenarios, but they are still available and supported by Cisco.

NGFWs and ASAs have different hardware models, which can affect their performance and scalability. Additionally, NGFWs use a different operating system than ASAs, which may impact their feature sets and configurations.

Regarding your questions:
1-You can differentiate between these solutions by understanding their feature sets and capabilities. NGFWs offer basic firewall functionality along with additional security features, while FTD includes advanced threat detection and remediation capabilities. ASA is a traditional firewall solution that provides network security at the perimeter.
2-NGFWs with certain images or licenses may offer some FTD features, but not all. It depends on the specific NGFW model and image or license loaded. Some NGFW models can be converted to FTD by loading the appropriate software image.
3-The differences between NGFW images typically relate to the additional security features included, such as IPS, AVC, and URL Filtering. Different images may also support different hardware models and deployment scenarios.
4-ASAs cannot grant FTD features, but some ASA models can be upgraded to run FTD software.
5-Licensing can affect the functionality of a firewall solution. For example, a license may limit the number of users or devices that can be protected by the firewall, or it may enable certain security features such as IPS or URL Filtering. Licensing can also affect the level of support provided by the vendor. It is important to carefully review the license terms and conditions to ensure that the firewall solution meets your needs.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

at@ps
Level 1
Level 1
In response to M02@rt37

‎02-28-2023 11:39 PM - edited ‎02-28-2023 11:48 PM

I appreciate your response.

In any case,

  1. Can we say that NGFW and ASA are similar, but that NGFW can grant some FTD features—if an FTD image is installed—in a different way from ASA?
  2. What are the Hardware appliances series that can grant FTD feature, and which can't -any resources that could help?
  3. Could you kindly offer more resources to distinguish between licenses?
  4. As you said: "NGFWs with certain images or licenses may offer some FTD features, but not all", so how a security appliance can grant full FTD features - any resources can help? 

Thanks

 

0 Helpful

Aref Alsouqi
VIP
VIP

‎03-01-2023 01:57 AM

The licenses are bound to the features, for example with a traditional ASA you might only need the AnyConnect licenses if you use it for remote accesses. However, with the FTD you might need the AnyConnect, threat, malware, or URL filtering licenses, it all depends on the features that you will be using on the device.

https://www.cisco.com/c/en/us/td/docs/security/firepower/licensing/faq/firepower-license-FAQ.html

https://www.cisco.com/c/en/us/td/docs/security/firepower/roadmap/firepower-licenseroadmap.html

FTD full features run on the Firepower appliances (Secure Firewalls)

https://www.cisco.com/site/uk/en/products/security/firewalls/index.html?dtid=pseggl000015&oid=0&ccid=cc003053&_bk=cisco%20firewall&_bt=581339401094&_bm=e&_bn=g&_bg=128343060210&gclid=EAIaIQobChMIhYXx_rm6_QIVmO7tCh01PwAMEAAYASAAEgLRxvD_BwE&gclsrc=aw.d...

On the ASAs you can install FirePOWER services which are basically the addition of some of the next gen firewalls features, but the performance might be affected.

Also, depending how you will be managing the FTD, if through FMC or FDM some features might be limited.

I think best thing to answer all your questions would be to reach out to your trusted Cisco partner.

0 Helpful
Customers Also Viewed These Support Documents