Marvin, Thanks for your input. I will certainly look at the CDO demo. What is your opinion regarding how the Firepower does when VPN and IDS/IPS are both enabled. I have been told by Cisco engineers that if you are going to do run VPN, it should be on a separate box running ASA on the firepower. Thanks, Chris
... View more
My company is looking to refresh our ASA 5516x with a new NGFW. My previous company was in the middle of replacing all of their ASAs with 2110s. The firewall administrator and director of security were not fans of these. The ASAs were mainly doing S2S VPN connectivity and they were using PAs for internal and external firewalls. My understanding of the source of contention toward the FTDs was the fact that having both VPN terminations and IPS/IDS on the same box caused the box to be extremely slow. Also, the FMC was also very slow. I'd like to get other people's perspective, negative or positive, on the current state of the Firepower. TIA, Chris
... View more
I have been testing using the Enterprise Alternate Number. All my DID DNs are +E.164 numbers. For abbreviated dialing I always had translation patterns. With the EAN, I used the number mask to create the 5 digit EAN and added it to a local partition so that only that specific site could dial that 5 digit number. So far it works great. So much better than having all those translation patterns.
... View more