Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Meraki sourcefire vs ASA FirePOWER

Can anyone provide a link or some quick bullet points on the functional differences between the sourcefire implementation on the Meraki MX security appliances compared to a new ASA 55xx-X w/ FirePOWER ?

 

 

Thanks for the help.

Everyone's tags (4)
8 REPLIES
New Member

hello CCIE WannaB,kindly

hello CCIE WannaB,

kindly check out the following mentioned links:

ASA-X SourceFire:

- Inline:  Next Gen IPS - Multi-port GE/10GE/40GE
- Anti-Malware- Network & Agent based
- Web filtering
- Application control across all ports
- SIO & VRT Threat Intelligence
- Defense Center- Threat Detection Correlation view
- Internet B/w from 50Mbps - 60 Gbps – High Performance Platform

for the firepower please review the following links for each series Specs:
http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-732253.html

HTH,
/Osama

New Member

Hello a.gooding and everyone,

Hello a.gooding and everyone,

 

Any updates on what you guys evaluated? I'm looking into ASA-X and Meraki. From what I'm reading ASA 5516-X comes with FireSight Management Center (using ASDM) without purchasing a separate VM. Is it correct? 

I have used Meraki in the past and love its simplicity. But I heard ASA-X is completely different "animal" now compared with the old ASA. Thanks in advanced.

 

Bronze

Hey we have been using it

Hey

 

we have been using it (Firepower) on a daily basis.

 

This is completely my opinion but here it is

1. I still think nothing beats the Meraki Management

2. Firepower is NOT as simple if you compare to the MERAKI dash but spend a few days with it drilling down and understanding the policies and you will like it.

 

We didn't eval the ASDM module only as we did everything with the Full FireSight Management Centre.

The question I posed to test both

"Who is using what and how quickly can we identify and lock down if need be"

 

Meraki was a no-brainer and won hands down. Firepower didn't win but was still very effective.

My conclusion thus far

1. Ill put in Meraki for a quick easy to manage deployment for SMB to Medium

2. Ill put in in the ASA with FP for those enterprise customers that need a decent level of control. (The policies in FP are really granular and much better for those more complex networks)

 

Im hoping as it matures (FP) the amount of clicks would be reduced.

 

I apologise that my response isn't too technical :) but that is my personal take thus far.

 

Hope this helps

New Member

Hi a.gooding,Thank you very

Hi a.gooding,

Thank you very much for the information. That's great to know. One last question regarding the FireSight Management console, do you guys use the VM box for it? I was hoping ASA5516-X has the built-in for this so I don't have to purchase the VM. The hardware, licensing, and subscription for the ASA is already very expensive and adding the VM box is way too much for us. I'd like Meraki but like you've mentioned, if we need to have more level of control in the future...

Thanks again.

Bronze

Hi, no probs, We used the VM.

Hi,

 

no probs, We used the VM. To be honest we didn't know about the built in ASDM until we read some info stating that :)

Id say reach out to your Account Manager and have them setup a webex with an engineer.

Other than that id say from general product experience (And this is just my opinion)

1. You wouldn't get the same amount of control

2. Its probably for companies that are not into the whole virtualization arena as yet and its just to get you up and running quickly. Which means, you may not want to get into that level of granularity.

 

Also, if you are ever going to do any type of failover on ASA models with Firepower you need the Management Centre.

The big thing is the Management Centre so clear that up really good. Doing some quick googling doesn't bring up and ASDM FIREPOWER type of results so that might also indicate its level of usage.

Also a note that the ASA and firepower is one but two :)..its in one appliance but you configure it separate from the ASA as well. The learning curve to setup properly isn't that bad, and as I mentioned, take some time to learn it and don't do a Meraki feature to Feature comparison unless you are weighing out Meraki as an actual option.

My final opinion

To be safe, go with the Management Centre VM unless you get that clarification from your Account Manager

 

 

 

New Member

Great information. Thank you

Great information. Thank you very much. 

Hall of Fame Super Silver

knguyenfolio,The FireSIGHT

knguyenfolio,

The FireSIGHT Management built into ASDM is limited to a few of the low end platforms - 5506, 5508 and 5516-X.

By it's nature it won't serve to collect and archive events as it's running in the same Java applet that is ASDM. It also has a couple of other limitations.

It's only been shipping for about a month or two so you won't see much track record with it just yet.

Bronze

That's a great question i

That's a great question i think. I too would like to see a decent comparison but i really cannot find any.

 

We are evaluating both currently. From a very very simplistic view i am still seeing Meraki standing out 

1. Ease of management

2. Bandwidth Restrictions

 

For FirePower

1. Very granular when it comes to the application detection

2. Systems continue to operate from a license standpoint (AMP & URL is subscription based)

 

Now licensing up for AMP and IDS/PS so cant comment there. Again, only on the second day of building out and evaluating.

4011
Views
5
Helpful
8
Replies
CreatePlease login to create content