×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco ASAv with FirePOWER?

Answered Question
Sep 17th, 2014
User Badges:

First, does Cisco ASAv has integrated with Sourcefire/FirePower? If not yet, will there be any plan?

Second, what is the difference between ASAv and ASA 1000v?

Correct Answer by Marvin Rhoads about 2 years 10 months ago

Your requirements will guide you to one set of solutions or another. Your local Cisco account team or partners in your area should be able to guide you with some whiteboard sessions to flesh out the most appropriate solution set.

Meanwhile, have you looked at the Cisco Secure Data Center Solution guides? I'd especially recommend a close look at "Secure Data Center for Enterprise — Threat Management with NextGen IPS Design Guide", just published in August 2014.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Marvin Rhoads Wed, 09/17/2014 - 16:08
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

The ASA with FirePOWER module is only supported on the ASA 5585-X (hardware module) or ASA 5512 through 5555-X (software module). It's not supported on the ASAv (or ASA 1000V or ASA SM). Reference.

If your scenario is the ASAv and you're also interested in the FirePOWER line, you could just put a virtual FirePOWER appliance in line with the ASAv.

The ASAv is an independent VM that can be deployed in a variety of virtual environments (or even in a home lab with a free throughput-limited evaluation license). The ASA 1000V is more tightly integrated into a VMware environment and requires the Cisco 1000V as a plug-in replacement of the VMware distributed virtual switch. The two were compared a bit more eloquently in the most recent TAC Security podcast (Episode 43, 26 August 2014)

m1xed0s Wed, 09/17/2014 - 19:15
User Badges:

Thanks for the info. We currently do not have virtual ASA just the physical ones. But we are seeking some multi-tenant solutions for Datacenter edge firewall, preferably the NGFW. 

Since ASA multi-context has limitation, e.g. VPN Support(still the same with 5500-x series I think), we are start looking at the virtual firewall. The other factor we are start looking for virtual firewall, we can not have the malfunction of one instance or context firewall on the same physical box blow away the whole physical firewall affecting other tenants.

Any multi-tenant datacenter edge firewall design guide available for reference, even not using Cisco gears(if not using Cisco, what to use :( )?

Marvin Rhoads Thu, 09/18/2014 - 05:43
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

I have heard of some data center service providers successfully using Palo Alto Networks' virtual machine variant of their firewalls in secure multi-tenancy environments.

My limited personal experience with them is that they may cover some use cases that the ASA family doesn't but that overall they are a much less comprehensive solution set. And of course you won't have the wonderful Cisco Support Community resource if you go that route. :)

Please rate helpful replies and mark your question as answered when it has been.

m1xed0s Thu, 09/18/2014 - 08:12
User Badges:

So ASAv and FirePower virtual appliance combination for each tenant probably wont make sense financial wise, right?

I prefer to stay with cisco, not only because the Cisco community (sales people from Cisco also plays here) but also no need to re-learn knowledge on the ASA.

Cisco claim ASA 1000v Cloud firewall is designed for multi-tenant environment but I failed to find use cases and details feature list... 

 

mbeain Fri, 03/24/2017 - 16:03
User Badges:

ASA with Firepower module was just an intermediary step for Cisco.


Now the new generation of firewalls has been launched. ASA is dead . Firepower 2100 series is completely new. I hope there is a virtual version for learning but I don´t know.



Marvin Rhoads Fri, 03/24/2017 - 20:43
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

The ASA platform is still being actively developed.

That aside, one can run FTDv (virtual machine image of FirePOWER Threat Defense) with an evaluation license. 

m1xed0s Mon, 09/22/2014 - 13:00
User Badges:

I am also checking the Fortinet virtual appliance. I guess my struggle maybe the design part towards Security as a Service offerring.

Do you have any insight regarding designing Datacenter edge to offer Security as a Service?

Correct Answer
Marvin Rhoads Mon, 09/22/2014 - 18:41
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Your requirements will guide you to one set of solutions or another. Your local Cisco account team or partners in your area should be able to guide you with some whiteboard sessions to flesh out the most appropriate solution set.

Meanwhile, have you looked at the Cisco Secure Data Center Solution guides? I'd especially recommend a close look at "Secure Data Center for Enterprise — Threat Management with NextGen IPS Design Guide", just published in August 2014.

m1xed0s Tue, 09/23/2014 - 03:48
User Badges:

Thanks, I will read through the articles from your links. I will have a meeting with local cisco team this afternoon and we will see what they propose :)

Moin Ilyas Wed, 09/17/2014 - 18:14
User Badges:
  • Bronze, 100 points or more

Adding to Marvin,

Cisco ASA with FirePOWER Services includes combinations of the following orderable components:
● Cisco ASA 5500-X Series and 5585-X appliances
◦ Cisco ASA 5500-X Series with FirePOWER Services
◦ Cisco ASA 5585-X with FirePOWER Services
◦ Cisco ASA 5585-X with FirePOWER Services spare modules
● Cisco ASA with FirePOWER Services subscriptions for (1-year and 3-year term options)
◦ IPS subscription
◦ URL Filtering subscription

◦ AMP subscription
● Management systems
◦ Cisco FireSIGHT Management Center hardware or virtual appliance (required)
◦ Cisco Security Manager (recommended)
● Cisco SSL Appliances (optional)
● Cisco SMARTnet support services
● Cisco SASU

m1xed0s Wed, 09/17/2014 - 19:16
User Badges:

Thanks, this will be greatly helpful for the sales people to present to get BOM done :)

Actions

This Discussion

Related Content