Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1404
Views
0
Helpful
5
Replies

ASA portal SSL vpn vs F5 portal SSL vpn

Go to solution
Sheraz.Salim
VIP
VIP

‎06-25-2015 02:40 PM

Hi.

Do apologies if this question has been asked before. at our work we have two ASA active and fail over (5550). I recently join this company the network team had no idea that ASA do provide ssl vpn portal. during network upgrade F5 which they using it load blancer, F5 team came and had discussion with our Network higher management and convince them to use a virtual F5 portal appliance. long story short. now i convince my network management that asa can do the same thing then why we should pay yearly contract to F5.

 

The ASA version we are running is 8.4 and the licence we have is,

Licensed features for this platform:
Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 400            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 5000           perpetual
Total VPN Peers                   : 5000           perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual

 

kindly does any one know if F5 portal is better than ASA. i always work on cisco appliance and believe they are the best. For vpn connect we use jonus vpn. we are also looking for anyconnect. I know each vendor has advantage and disadvantage too. but please put me in right direction. if any idea how much the SSL vpn and any connect will cost. 

 

from the above output is there any certain requirement of user to get ssl vpn connected to reach our portal or we have to buy more add on licence for it.

 

thanks.

please do not forget to rate.
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Sheraz.Salim
VIP
VIP
In response to fawzi siyoucef

‎03-12-2020 03:50 PM

FTD is a great product however its still in kind of transition period as its combination of ASA and snort firepower. FTD is also know as next gen firewall or unified firewall. having said that some great feature of ASA code is still no come into FTD few to mention no VTI, no anyconnect local user authentication.

FTD appliance does support ASA code. 

now you have few option.

1. buy FTD and run ASA code on it. no doubt ASA code is very mature and still compute with many other vendor and beat them easily. so FTD running ASA code and doing firepower.

 

2. buy ASA physical appliances 55XX-Series with sfr. just to let you know most of the 55XX series is gone EOL.

 

F5 is good for load balance but they not as good when it come to firewalling and vpn stuff. cisco was left behind but since they bought sourcefire they are back in the game and one of the top firewall with layer7 inspection. 

please do not forget to rate.

View solution in original post

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to harmesh88

‎03-12-2020 11:58 PM

ASA is better more stronger and more stable than F5.

 

having FTD appliance and running ASA code is more beneficial and investment protection instead of buying F5.

please do not forget to rate.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
fawzi siyoucef
Level 1
Level 1

‎03-10-2020 08:01 AM

Hi there ; 

 

5 Years Later , No answer !! 

i want to ask the same question now ;

what are your recomandation about SSL VPN & Web access VPN . 

is it fully impleneted in Firepower ? and could we say that it is as good as ASA ? 

is there any recommendations , as i am strugeling to choose between Firepwer SSL VPN & F5 APM ? 

 

Sincerly 

 

0 Helpful

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni
In response to fawzi siyoucef

‎03-10-2020 09:06 AM

Hi,

 

   What i can say is the following: clientless SSL VPN is not yet available on the FTD, but you can still run the ASA if you want. FTD SSL VPN is not as feature rich as the ASA SSL VPN is, but you can still run the ASA.

   I never worked with F5 SSL VPN before, so if you want to make a feature comparison, do it between ASA and F5 at this point. If the ASA features are good enough but you would like to go with FTD, speak with your Cisco AM and find out more about the roadmap of the missing features you need, although it will take a while.

 

Regards,

Cristian Matei.

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to fawzi siyoucef

‎03-12-2020 03:50 PM

FTD is a great product however its still in kind of transition period as its combination of ASA and snort firepower. FTD is also know as next gen firewall or unified firewall. having said that some great feature of ASA code is still no come into FTD few to mention no VTI, no anyconnect local user authentication.

FTD appliance does support ASA code. 

now you have few option.

1. buy FTD and run ASA code on it. no doubt ASA code is very mature and still compute with many other vendor and beat them easily. so FTD running ASA code and doing firepower.

 

2. buy ASA physical appliances 55XX-Series with sfr. just to let you know most of the 55XX series is gone EOL.

 

F5 is good for load balance but they not as good when it come to firewalling and vpn stuff. cisco was left behind but since they bought sourcefire they are back in the game and one of the top firewall with layer7 inspection. 

please do not forget to rate.
0 Helpful

Go to solution
harmesh88
Level 1
Level 1

‎03-12-2020 10:04 PM - edited ‎03-12-2020 10:08 PM

Dear ,

 

I would recommend if you wanted to use clienteles vpn Then F5 vpn is good option .

 

Becuase in cisco FTD clientless vpn is not supported find below mentioned link which is open till now

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf09020/?rfs=iqvred

 

And if you wanted to buy any connect license you can- For authentication purpose it will only support Ldap and Radius , no local user supported in anyconnect and for price you have to contact cisco account manager .

 

also apart from this in LDAP - Ldap attribute map is not working - it is also open bug.

you can use flex configuration for this -->https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/214283-configure-anyconnect-ldap-mapping-on-fir.html

 

For Flex Configuration you need Firepower management centre .

 

rather then go with this limitation and confusion you can go with F5 without any limitation and simple configuration .

 

I am not having more knowledge about F5 VPN but i am sure that it has no this kind of multiple limitation .

 

find VPN Configuration information for F5

 

https://devcentral.f5.com/s/articles/creating-a-ssl-vpn-using-f5-full-webtop-30146

 

Regards,

Harmesh Yadav

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to harmesh88

‎03-12-2020 11:58 PM

ASA is better more stronger and more stable than F5.

 

having FTD appliance and running ASA code is more beneficial and investment protection instead of buying F5.

please do not forget to rate.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents