Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2545
Views
5
Helpful
3
Replies

Is FMC always required for Firepower?

CSCO10662744_2
Level 1
Level 1

‎05-13-2017 07:07 AM - edited ‎03-12-2019 02:21 AM

//ASA w/ FirePOWER

Several months ago I read that you can manage the FirePOWER soft module via ASDM on the smaller ASA's such as 5506 & 5515.
Does that mean I wouldn't need FMC at all? (I can manage, and monitor everything through ASDM?)
Has that list expanded to the bigger models?

//FTD
Ditto for the ASAs running FTD, and Firepower appliances (FP4100/9300).
Can I manage them w/o FMC?

On Palo Alto firewalls, you can pretty much do anything/everything w/o their Panorama.
Was just wondering if the same thing holds true w/ Cisco's NGFW.

TIA

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-13-2017 07:50 AM

You can use ASDM to manage all ASAs with FirePOWER service modules - one at a time and with very limited reporting and connection event analysis. That has been the case since 6.0. 

Similarly FTD has the FirePOWER Device Manager (FDM). It also has limitations but can handle basic setup and configuration and monitoring. 

For anything in a production environment I always recommend FMC. 

0 Helpful

CSCO10662744_2
Level 1
Level 1
In response to Marvin Rhoads

‎05-13-2017 09:36 AM

Thanks Marvin.

In my previous deployment, I did use an FMC, but was curious to know what capabilities you have WITHOUT it.

For example, don't AMP & URL-filter go through FMC?

Do the ASA's & FTD's just handle all functions via the local devices/sensors?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to CSCO10662744_2

‎05-13-2017 07:57 PM

100% of the security features (Control, IPS, URL Filtering and Advanced Malware Protection) are available whether you are managing with FMC or locally (with ADSM or FDM). 

Even when using FMC all policy enforcement is done at the sensor level. An FMC can be shut down entirely once policies have been deployed and they will continue to be enforced at the sensors. The historical record of connections and other events will queue locally (up to the limited but published local capacity) until the connection to the managing FMC is restored. 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card