05-09-2018 02:28 AM - edited 02-21-2020 07:44 AM
Hello All,
I am looking on some advice regarding ASA with Firepower Services, versus standalone Firepower to implement on AWS.
The scenario is as follows (very roughly). We are deploying microservices through AWS for our online platforms, some exposed to the open internet some exposed only internally via site-to-site VPN. In the future AWS will also be hosting some databases for those platforms.
I still cannot figure out what is the best solution for perimeter security though… ASA with Firepower services or just the virtual Firepower appliance.
Also, if I implement an ASA in AWS can I create the VPNs through the ASA or I still need to use the AWS VPN?
Thanks in advance!
05-09-2018 07:07 AM
05-10-2018 06:38 AM
So I had a look and AWS offers Cisco Adaptive Security Virtual Appliance (ASAv), or Cisco Firepower NGFW Virtual (NGFWv), I cannot see anywhere a virtual appliance characterized as ASA with Firepower Services. That being said and considering that Firepower NGFW offers all that the ASA will, plus obviously the IPS, which is a must for our scenario among others I am inclined to go for the Firepower NGFW.
OS knowledge, is also a consideration to be taken under advisement in general, but not if you need IPS and NGFW capabilities! Then you have to go Firepower.
I would be eager to hear the opinion of someone who has implemented something similar in AWS, before I go on buying expensive licenses!
05-11-2018 06:29 AM
Correct. There are no virtual offerings for ASA with Firepower Services. There is ASAv and Firepower Threat Defense NGFWv.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide