05-13-2017 07:07 AM - edited 03-12-2019 02:21 AM
//ASA w/ FirePOWER
Several months ago I read that you can manage the FirePOWER soft module via ASDM on the smaller ASA's such as 5506 & 5515.
Does that mean I wouldn't need FMC at all? (I can manage, and monitor everything through ASDM?)
Has that list expanded to the bigger models?
//FTD
Ditto for the ASAs running FTD, and Firepower appliances (FP4100/9300).
Can I manage them w/o FMC?
On Palo Alto firewalls, you can pretty much do anything/everything w/o their Panorama.
Was just wondering if the same thing holds true w/ Cisco's NGFW.
TIA
05-13-2017 07:50 AM
You can use ASDM to manage all ASAs with FirePOWER service modules - one at a time and with very limited reporting and connection event analysis. That has been the case since 6.0.
Similarly FTD has the FirePOWER Device Manager (FDM). It also has limitations but can handle basic setup and configuration and monitoring.
For anything in a production environment I always recommend FMC.
05-13-2017 09:36 AM
Thanks Marvin.
In my previous deployment, I did use an FMC, but was curious to know what capabilities you have WITHOUT it.
For example, don't AMP & URL-filter go through FMC?
Do the ASA's & FTD's just handle all functions via the local devices/sensors?
05-13-2017 07:57 PM
100% of the security features (Control, IPS, URL Filtering and Advanced Malware Protection) are available whether you are managing with FMC or locally (with ADSM or FDM).
Even when using FMC all policy enforcement is done at the sensor level. An FMC can be shut down entirely once policies have been deployed and they will continue to be enforced at the sensors. The historical record of connections and other events will queue locally (up to the limited but published local capacity) until the connection to the managing FMC is restored.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide