09-21-2020 09:22 AM
Hello All, I have a customer who wants to stay on the ASA platform but needs to support more throughput. I thought about ASA on Firewpower. I could install the ASA software on a 2110 for 2.3 Gbps of throughput or a 2140 for 9 Gbps of throughput. I just can't find a drop of documentation that outlines the limitations of this type of design.
This is like the old school conversation of ASA Contexts, if you ran a context you had to give up a LOT of stuff. I don't want to run into that paradigm. I need to know what will I give up, if I run ASA on Firepower. I would prefer seeing some Cisco documentation if anyione has a solid document on this topic, but personal experience is super helpful too.
I know about platform vs appliance mode options, and I think appliance mode makes the most sense, again, I just need to know the limitations of ASA on Firepower.
@mrhoads01 this might be up your alley
09-21-2020 09:54 PM
You lose the ability to have any Firepower services (IPS, URL Filtering and AMP) on the appliance. Other than that, it looks and feels like a really fast ASA.
Alternatively migrate their ASA configuration to FTD and you get all of that capability back.
A few things aren't yet supported in the current 6.6 FTD release but that list gets smaller with every release. Notably we don't currently have clientless SSL VPN (and never will) or full support for all AnyConnect features and modules (that's coming soon).
09-21-2020 10:14 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide