cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1517
Views
5
Helpful
4
Replies

Firepower downgrade to ASA

m4k3rz
Level 1
Level 1

Hello, 

 

The company i work for has an ASA that will become obsolete in October this year. So they are looking to replace with another ASA; however, all of them are EOL, and the recommended option I got from Cisco is replacing the ASA with a Firepower. I'm not interested in using any of the new NGFW features; all we want is to have a new device to keep doing what the ASA is already doing. Having said that, I have a couple of questions:

 

1) Can i just install an ASA image in the Firepower and use it just as if it was an ASA?

2) if i do install an ASA image, would all the commands and config modes be the same? or would this be like an "a-like" version of the ASA but not quite?
3) Would this be the equivalent of buying a Ferrari but removing the engine to install a Toyota engine? or is not quite a downgrade, is just different?

 

Thank you

1 Accepted Solution

Accepted Solutions

@m4k3rz yes you can reimage the Firepower device with the ASA software image.

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html

After you've reimaged you will need to apply the 3DES license, guide here.

 

It would be the same ASA image you are familar with.

 

Obviously with the ASA software image compared to the FTD image you will get less NGFW features, it depends on what features you require.

 

View solution in original post

4 Replies 4

@m4k3rz yes you can reimage the Firepower device with the ASA software image.

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/reimage/asa-ftd-reimage.html

After you've reimaged you will need to apply the 3DES license, guide here.

 

It would be the same ASA image you are familar with.

 

Obviously with the ASA software image compared to the FTD image you will get less NGFW features, it depends on what features you require.

 

Thanks Rob!!

 

Does that 3DES license have a cost, or recurrent cost?

 

Also, is it possible to purchase the Firepower and use the FTD image without purchasing any NGFW licenses? I heard from a Cisco reseller that you can't use the FTD image unless you purchase a license for any of the security feats, but wanted to double check with you.

 

Thank you

@m4k3rz the 3DES license for ASA is free.

 

You get a base license with the FTD, which has the basic firewall features, but you don't get the useful NGFW functionality such as Threat, URL, AMP etc - which has an extra cost.

 

Also a standalone FTD uses local FDM management, which does not have all the features that the FTD if managed centrally by the FMC would have.

got it. thank you Rob!!