FAQ
This summary gives you a quick overview of the frequently asked questions we got about Cisco Firewalls. There are 5 topics to choose from:
A: The capability of visibility and analysis up to layer 7: Intrusion prevention, Application visibility, Malware protection, URL Filtering, Security intelligence with Talos. This is the key reason why Cisco decided to take this direction. And everything can be managed from a single central point
A: In this presentation done at Cisco Live Barcelona 2020 you will find useful references to TLS 1.3 and Firepower
TLS Decryption on Cisco Security Devices by Tobias Mayer, Technical Solutions Architect
A: A common reason could be to check the URL that your endpoints are accessing (limiting malware sites, or blocking certain categories), or analyzing your endpoint network traffic for malware with the AMP (Anti-Malware Protection) capabilities of NGFW.
Cisco AMP for Networks web page
Here is a web page that provides additional information on AMP for networks (which runs is only supported on NGFW). In addition, there are numerous customers that still use the Cisco Adaptive Security Appliance (ASA) Software software for their VPN needs and there are no plans to End Of Life ASA software.
A: Choosing between ASA (Adaptive Security Appliance Software ) or NGFW depends on your deployment requirements. There is still a large demand for traditional L3/L4 FW and VPN concentrators that is satisfied by customers running ASA software on Firepower hardware. In addition, ASA is optimized to run on the latest Firepower appliance.
Firepower Threat Defense (FTD) software delivers the layer 7 NGFW features beyond traditional stateful inspection and VPN, including: NGIPS, Malware protection, URL filtering, etc. Choosing which firewall application is the best fit is all a matter of your requirements.
The key difference is FTD has the capacity for enhanced visibility and analysis of traffic and threats all managed from a centralized console
A Video about Cisco Firewall vision (1:47)
