You are on page 1of 10

Management Options with

FirePOWER
ASDM: Used when youre running the ASA + Firepower (SFR) O.S. For standalone single site deployment: Suitable
for SOHO customers who do not have more than 3 devices and do not want to manage a separate sever
infrastructure.

FirePOWER Device Manager (FDM): Similar to ASDM. Used when youre running the FTD O.S. It manages
Firepower Threat Defense on Low-End & Mid-Range Platforms and give you Workflows, Diagrams and Default
configuration options.

FirePOWER Management Center (FMC): The Management Console is a hardware or virtual appliance
installed centrally to manage multiple FirePOWER deployments at same time. Suitable for enterprise who have more
than 5 devices deployed with FirePOWER.

FirePOWER Threat Defense (FTD): Unified image of the ASA and Firepower. Feature Highlights: Unified
Objects, Migration tool, Unified GUI for identity, NAT, Access, IPS, and File Policies, Graphical Representation of Policy
Deployment, System Health Monitoring Dashboard, Dynamic Theme, Routed Mode Support.
Management Terminology
Description Version 6.x Version 5.4
Management platform for all devices Firepower Management Center (FMC) FireSIGHT Management Center (FMC)

Local Management of ASA FirePOWER ASDM ASDM


modules (5.4.1 +)
Local Management of Firepower Threat Firepower Device Manager (FDM) -
Defense (6.1 +)

Management Method and Version


Version 5.4.1 + of the ASA FirePOWER module, managed by ASDM
Version 5.4.1 + of the ASA FirePOWER module, managed by a Firepower Management Center
Version 6.0.1 + of Firepower Threat Defense, managed by a Firepower Management Center
Version 6.1 + of Firepower Threat Defense, managed by Firepower Device Manager

Device Platforms by Management Method and Version


Manager FMC ASDM FDM
Device Firepower Threat ASA FirePOWER ASA FirePOWER Firepower Threat
Defense (FTD) Defense (FTD)
ASA5512-X, 15-X, 25-X, 45-X, 55-X 6.0.1 + 5.3.1 + 6.0 + 6.1 +

ASA5585-X - 5.3.1 + 6.0 + -

Firepower 2110, 2120, 2130, 2140 6.2.1 + - - 6.2.1 +

Reminder: FTD is the new unified image running on the firewall itself (ASA + Firepower image)
FMC vs FDM
Management Options
Firepower Management Center (FMC) Firepower Device Manager (FDM)

Managing more than one firewall centrally Single device that you want to manage and you dont
want to have any external management center
Firepower Management Center (FMC)

Its a multi device manager for all your firepower devices.

Its collects logs events from all the Firepower devices and make correlation and
reporting.
Firepower Device Manager (FDM)

Similar to ASDM, but dont require any JAVA

Running on your FTDs box.

The death of ASDM:


FDM is the new software that should replace ASDM. In the future all of the ASA will run with FTD. When? They dont know.
http://www.hbs.net/blog/october-2016/the-death-of-asdm
Off-box (FMC) Vs. On-box (FDM) Comparison at 6.1

- No IPS Tunning

- FDM: for low to mid-end appliances

- If you register the FTD device to


FMC, then you cannot use FDM

Example:
If you have a single firewall with FTD and want to run on routed mode and you really dont want to run on a
failover pair and basic firewall to be enabled with static routing : Choose FDM

if you want to have an High Availability or ran it on a transparent or router mode with advanced ACL NAT
and then dynamic routing protocols and advanced security firewall feature such Security Intelligence, Site-to-site VPN, Rate
Limiting you might have to use FMC
FMC, FDM requirements

FireSIGHT Management Center (FMC)


Hardware: FS750, FS2000, FS4000 (depend on the number of devices that you want to managed) 20000$
Virtual: VMware ( 2, 10, 25 managed devices) environment ESX 500$ 10 000$
Licensing required

Firepower Device Manager (FDM)


Dont require any hardware or a VM
Access directly by FTD.
Free