08-01-2016 08:43 AM - edited 02-21-2020 05:53 AM
Guys,
I am going to procure CISCO 5508-X and 5516-X with firepower module. Purpose of procurement to have firewall functionalities and IPS functionality through source power.
Along with that i need a centralized manager to manage these device.
I am confused to get a FMC solution or CSM solution.
Exports please share your views :)
08-06-2016 02:56 PM
Hello Rajesh-
CSM (Cisco Security Manger):
- Legacy management console that can be used to manage multiple ASAs and legacy Cisco IPS.
- Similar feel to Cisco's ASDM
- Has no FirePOWER management capabilities
FMC (FirePOWER Management Center):
- AKA Defense Center AKA FireSIGHT Management Center
- A Sourcefire product that Cisco acquired with the purchase of Sourcefire
- Can manage:
1. All legacy Sourcefire appliances. For instance, 7000 and 8000 series
2. Cannot manage legacy ASA features
3. Can manage ASA+Sourcefire features for devices running FTD (FirePOWER Threat Defense) code. Which is the new code that combines the Sourcefire and ASA code into a single/unified image
With all of that being said, going forward, using FMC with FTD is the way to go. However, keep in mind that not all ASA features are in FTD today. Some of the major ones that are missing (but scheduled to be added in future releases) are:
- Clustering
- Virtual contexts
- Remote-Access VPN
- Site-to-Site VPN
- EIGRP
I hope this helps!
Thank you for rating helpful posts!
08-08-2016 04:37 AM
Thank you Neno :)
Can I configure my complete firewall stuff with firepower module like I was doing using legacy ASA or is there any features missing which will not be supported.
08-08-2016 08:40 AM
So, if you are using FTD (FirePOWER Threat Defense) that combines the Sourcefire and the ASA code then you can use FireSIGHT. According to Cisco there are about 20% of the ASA features with the current version of FTD (6.0.1). More features will be added with each release but right now the main things that are missing are the ones that I listed above:
- Clustering
- Virtual contexts
- Remote-Access VPN
- Site-to-Site VPN
- EIGRP
However, other things like ACLs and NAT are all there today.
I hope this helps!
Thank you for rating helpful posts!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide