Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3028
Views
19
Helpful
3
Replies

CSM VS FMC

rajesh.mohapatra
Level 1
Level 1

‎08-01-2016 08:43 AM - edited ‎02-21-2020 05:53 AM

Guys,

I am going to procure CISCO 5508-X and 5516-X with firepower module. Purpose of procurement to have firewall functionalities and IPS functionality through source power.

Along with that i need a centralized manager to manage these device.

I am confused to get a FMC solution or CSM solution.

Exports please share your views :)

0 Helpful
3 Replies 3

nspasov
Cisco Employee
Cisco Employee

‎08-06-2016 02:56 PM

Hello Rajesh-

CSM (Cisco Security Manger):

- Legacy management console that can be used to manage multiple ASAs and legacy Cisco IPS. 

- Similar feel to Cisco's ASDM

- Has no FirePOWER management capabilities

FMC (FirePOWER Management Center):

- AKA Defense Center AKA FireSIGHT Management Center

- A Sourcefire product that Cisco acquired with the purchase of Sourcefire

- Can manage:

1. All legacy Sourcefire appliances. For instance, 7000 and 8000 series

2. Cannot manage legacy ASA features

3. Can manage ASA+Sourcefire features for devices running FTD (FirePOWER Threat Defense) code. Which is the new code that combines the Sourcefire and ASA code into a single/unified image

With all of that being said, going forward, using FMC with FTD is the way to go. However, keep in mind that not all ASA features are in FTD today. Some of the major ones that are missing (but scheduled to be added in future releases) are:

- Clustering

- Virtual contexts

- Remote-Access VPN

- Site-to-Site VPN

- EIGRP

I hope this helps!

Thank you for rating helpful posts!

rajesh.mohapatra
Level 1
Level 1
In response to nspasov

‎08-08-2016 04:37 AM

Thank you Neno :)

Can I configure my complete firewall stuff with firepower module like I was doing using legacy ASA or is there any features missing which will not be supported.

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to rajesh.mohapatra

‎08-08-2016 08:40 AM

So, if you are using FTD (FirePOWER Threat Defense) that combines the Sourcefire and the ASA code then you can use FireSIGHT. According to Cisco there are about 20% of the ASA features with the current version of FTD (6.0.1). More features will be added with each release but right now the main things that are missing are the ones that I listed above:

- Clustering

- Virtual contexts

- Remote-Access VPN

- Site-to-Site VPN

- EIGRP

However, other things like ACLs and NAT are all there today. 

I hope this helps! 

Thank you for rating helpful posts!

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card