Management Options FirePOWER

June 20, 2018 | Author: Raphael Bech | Category: Firewall (Computing), Computer Architecture, Computer Networking, Software, System Software
Share Embed Donate


Short Description

Descrição: Management Options FirePOWER...

Description

Management Options with FirePOWER

ASDM: Used when you’re running the ASA + Firepower (SFR) O.S. For standalone single site deployment: Suitable for SOHO customers who do not have more than 3 devices and do not want to manage a separate sever infrastructure.

FirePOWER Device Manager (FDM): Similar to ASDM. Used when you’re running the FTD O.S. It manages Firepower Threat Defense on Low-End & Mid-Range Platforms and give you Workflows, Diagrams and Default configuration options.

FirePOWER Management Center (FMC): The Management Console is a hardware or virtual appliance installed centrally to manage multiple FirePOWER deployments at same time. Suitable for enterprise who have more than 5 devices deployed with FirePOWER.

FirePOWER Threat Defense (FTD): Unified image of the ASA and Firepower. Feature Highlights: Unified Objects, Migration tool, Unified GUI for identity, NAT, Access, IPS, and File Policies, Graphical Representation of Policy Deployment, System Health Monitoring Dashboard, Dynamic Theme, Routed Mode Support.

Management Terminology Description

Version 6.x

Version 5.4

Management platform for all devices

Firepower Management Center (FMC)

FireSIGHT Management Center (FMC)

Local Management of ASA FirePOWER modules

ASDM

ASDM (5.4.1 +)

Local Management of Firepower Threat Defense

Firepower Device Manager (FDM) (6.1 +)

-

Management Method and Version • • • •

Version 5.4.1 + of the ASA FirePOWER module, managed by ASDM Version 5.4.1 + of the ASA FirePOWER module, managed by a Firepower Management Center Version 6.0.1 + of Firepower Threat Defense, managed by a Firepower Management Center Version 6.1 + of Firepower Threat Defense, managed by Firepower Device Manager

Device Platforms by Management Method and Version Manager Device ASA5512-X, 15-X, 25-X, 45-X, 55-X ASA5585-X Firepower 2110, 2120, 2130, 2140

FMC

ASDM

FDM

Firepower Threat Defense (FTD)

ASA FirePOWER

ASA FirePOWER

Firepower Threat Defense (FTD)

6.0.1 +

5.3.1 +

6.0 +

6.1 +

-

5.3.1 +

6.0 +

-

6.2.1 +

-

-

6.2.1 +

Reminder: FTD is the new unified image running on the firewall itself (ASA + Firepower image)

FMC vs FDM Management Options Firepower Management Center (FMC)

Firepower Device Manager (FDM)

Managing more than one firewall centrally

Single device that you want to manage and you don’t want to have any external management center

Firepower Management Center (FMC)



It’s a multi device manager for all your firepower devices.



It’s collects logs events from all the Firepower devices and make correlation and

reporting.

Firepower Device Manager (FDM)



Similar to ASDM, but don’t require any JAVA



Running on your FTD’s box.

The death of ASDM: FDM is the new software that should replace ASDM. In the future all of the ASA will run with FTD. When? They don’t know. http://www.hbs.net/ blog/october-2016/the-death-of-asdm

Off-box (FMC) Vs. On-box (FDM) Comparison at 6.1

- No IPS Tunning - FDM: for low to mid-end appliances

- If you register the FTD device to FMC, then you cannot use FDM

Example: If you have a single fi rewall with FTD and want to run on routed mode and you really don’t want to run on a

failover pair and basic firewall to be enabled with static routing : Choose FDM if you want to have an High Availability or ran it on a transparent or router mode with advanced ACL NAT and then dynamic routing protocols and advanced security firewall feature such Security Intelligence, Site-to-site VPN, Rate Limiting you might have to use FMC

FMC, FDM requirements •



FireSIGHT Management Center (FMC) 

Hardware: FS750, FS2000, FS4000 (depend on the number of devices that you want to managed) 20000$



Virtual: VMware ( 2, 10, 25 managed devices) environment ESX 500$ 10 000$



Licensing required

Firepower Device Manager (FDM)  Don’t require any hardware or a VM 

Access directly by FTD.



Free

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF