04-27-2017 05:37 PM - edited 03-10-2019 06:49 AM
Now that FTD & FirePOWER service module are available on NGFW platform, why & when would I need a dedicated IPS?
Wouldn't it be more cost effective to just have one NGFW that can perform multiple functions, instead of a dedicated IPS appliance, that can only do IPS?
Solved! Go to Solution.
04-28-2017 08:44 PM
Reasons for needing a separate dedicated appliance for IPS are fewer but still exist. Here are the ones that come to mind off the top of my head:
The integrated FTD appliances have almost all of the IPS features but not all of the ASA features. Customers needing 100% of both may want to keep the functions separate. Also some features like hardware bypass are only available in limited cases on the FTD platform.
An ASA with FirePOWER service module has (pretty much) all of each feature set but the FirePOWER module is software only (except for 5585-X) and thus incurs performance penalty on the platform (reduced overall throughput).
04-28-2017 08:44 PM
Reasons for needing a separate dedicated appliance for IPS are fewer but still exist. Here are the ones that come to mind off the top of my head:
The integrated FTD appliances have almost all of the IPS features but not all of the ASA features. Customers needing 100% of both may want to keep the functions separate. Also some features like hardware bypass are only available in limited cases on the FTD platform.
An ASA with FirePOWER service module has (pretty much) all of each feature set but the FirePOWER module is software only (except for 5585-X) and thus incurs performance penalty on the platform (reduced overall throughput).
04-28-2017 08:44 PM
Thank you Marvin for the reply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide