If you read the post here on the blog regarding a short history of Cisco Firepower, you recall that Cisco acquired a successful company named Sourcefire and this brought the Firepower technology into the company.
Let’s take a look at the progression of products that have resulted from this acquisition, and provide some more details on the latest technology (as of this writing) which is Firepower Threat Defense (FTD).
2013
- Classic FirePOWER 7000 Series Appliances
- Classic FirePOWER 8000 Series Appliances
- VMware
2014
- FirePOWER Services on ASA 5500-X
- ASA5506-X, ASA5506H-X, ASA5506W-X
- ASA5508-X
- ASA5516-X
- ASA5512-X
- ASA5515-X
- ASA5525-X
- ASA5545-X
- ASA5555-X
2015
- Firepower Threat Defense on ASA 5500-X
- Firepower 9300
- VMware
- AWS
2016
- Firepower Threat Defense on Firepower 4100 Series
- 4110, 4120, 4140, 4150
- Azure
2017
- Firepower Threat Defense on Firepower 2100 Series
- 2110, 2120, 2130, 2140
Remember, FTD is so exciting because it represents the convergence of code from the Sourcefire FirePOWER software and the Cisco ASA software as well as the code representing new features.
The Sourcefire code is actually implemented as multiple software components inside the system and includes:
- Firepower core software – includes Snort, Web server, database, and firmware
- Software patches and hotfixes
- Snort rules
- Vulnerability database (VDB)
- Geolocation database (GDB)
- URL filtering database
- Security Intelligence Feed
- Local malware detection
- Integration components – might include ISE integration, AD integration, etc.
FTD OS, the one that combines the traditional ASA software with the SourceFire module needs lots of work. Yea, they’ve recently added the Cisco AnyConnect functionality and some other features, but I feel there is lots of missing functions. Plus, losing the CLI kinda sucks. Yea there is a Linux CLI, but I can’t bounce/reset a site-to-site VPN tunnel in a couple seconds with it, the options aren’t there. It feel’s too merkaki’ish. Meaning, it’s meant to be entirely GUI based. I do still like running the ASA with the embedded SFR module and then keeping the SFR management separate via the FMC. Because I feel that NAT, Routing, basic ACLs and extended ACLs, Route-Maps, etc. are way easier to implement on the ASA than the FTD OS.
Thank you SO MUCH for your feedback William!
Although FTD is the next-gen FW with all its features, I share the same opinion as William. FTD requires yet more development because of some limitations (f.e. lacking support for 2FA for RAVPN), but having SFR module inside ASA and running newest code 6.2.3 makes it really good NGFW (finally :)). Not all SMB customers will be ready to pay for dedicated FMC, even as vFMC with 2 or 10 hosts licenses. In my opinion due to huge ASA install base across the globe, onbox mgmt will still be most widely used and preffered, but with time the FMC becomes more popular and accepted. Not sure about FTD… unless it fully overtakes all features from the ASA. Nevertheless, I think Firepower is really good NGFW and wish all security/network engineers gather more experience with it.
Thank you so much Piotr!