Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
369
Views
0
Helpful
3
Replies

ASA with Firepower or just Firepower for AWS?

AlexPi
Level 1
Level 1

‎05-09-2018 02:28 AM - edited ‎02-21-2020 07:44 AM

Hello All,

 

I am looking on some advice regarding ASA with Firepower Services, versus standalone Firepower to implement on AWS.

 

The scenario is as follows (very roughly). We are deploying microservices through AWS for our online platforms, some exposed to the open internet some exposed only internally via site-to-site VPN. In the future AWS will also be hosting some databases for those platforms.

 

I still cannot figure out what is the best solution for perimeter security though… ASA with Firepower services or just the virtual Firepower appliance.

 

Also, if I implement an ASA in AWS can I create the VPNs through the ASA or I still need to use the AWS VPN?

 

Thanks in advance!

 

------------------------------------------------------------------
If this was helpful, please vote as helpful by clicking on the star icon below.
-------------------------------------
Labels:
0 Helpful
3 Replies 3

Florin Barhala
Level 6
Level 6

‎05-09-2018 07:07 AM

Nice scenario ! I am also curious about our colleagues feedback. Until then I think an important point is also your knowledge on both solutions.
For the record I have no FTD OS knowledge hence I would gladly install an ASA with Firepower if critical business services will stay there and equally I would pick FTD so I can learn if the business impact is lower.
0 Helpful

AlexPi
Level 1
Level 1
In response to Florin Barhala

‎05-10-2018 06:38 AM

So I had a look and AWS offers Cisco Adaptive Security Virtual Appliance (ASAv), or Cisco Firepower NGFW Virtual (NGFWv), I cannot see anywhere a virtual appliance characterized as ASA with Firepower Services. That being said and considering that Firepower NGFW offers all that the ASA will, plus obviously the IPS, which is a must for our scenario among others I am inclined to go for the Firepower NGFW.

OS knowledge, is also a consideration to be taken under advisement in general, but not if you need IPS and NGFW capabilities! Then you have to go Firepower.

I would be eager to hear the opinion of someone who has implemented something similar in AWS, before I go on buying expensive licenses!

------------------------------------------------------------------
If this was helpful, please vote as helpful by clicking on the star icon below.
-------------------------------------
0 Helpful

jimholla
Cisco Employee
Cisco Employee
In response to AlexPi

‎05-11-2018 06:29 AM

Correct. There are no virtual offerings for ASA with Firepower Services. There is ASAv and Firepower Threat Defense NGFWv.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card