Monitoring

Cisco Firewalls FAQ

FAQ about Monitoring and Cisco Firewalls

Q: Can Firepower Threat Defense (FTD) be fully managed by Cisco Defence Orchestrator (is feature parity with Firepower Management Console available in Cisco Defence Orchestrator ) and if not when can we expect it?
A The aim of Cisco Defence Orchestrator (CDO) is a bit different than simply trying to make it “Firepower Management Console (FMC) in the cloud.”The goals of CDO initially are to harmonize policies across multiple Cisco enforcement points (Cisco Adaptive Security Appliance ASA Software , Firepower Threat Defense , Meraki MX, etc) as well as extend policy management to select third-party enforcement points (such as Amazon Web Services Security Groups). Thus we do not anticipate feature parity with FMC for some time.For more information on CDO, please watch this demo

Cisco Defence Orchestrator Demo

If you want to try CDO there is also a free trial here.

Cisco Defence Orchestrator Free Trial

Q: What would be a good tool to monitor and manage (deploying configuration and rules) a fleet of Cisco Next Generation Firewall (NGFW) ?Q: Also, could older generation ASAs be managed by that same tool?A: For a big fleet of Cisco firewalls, we have two possibilities: the Firepower Management Console (FMC), which can manage hundreds of devices, and the Cloud Defence Orchestrator (CDO), which can manage thousands of ASA devices as well as harmonize security policies for FTD and other devices.
The difference is that FMC is an appliance (physical or virtual), while CDO is a cloud-based solution. In addition, CDO is also able to manage ASA software, while FMC can manage FTD and “ASA with Firepower”. Q: What is performance impact on my NGFW appliance when IPS is enabled?There is a very good performance estimator tool available for cisco customer at https://ngfwpe.cisco.com using their Cisco credentials.
It’s also possible to flag the IPS checkbox and see how much it impacts the performance and throughput of your appliance. Additionally, there are a number of factors that go into performance; traffic profile, object size, rule size, latency, etc. A general expectation of the impact of enabling IPS on our NGFWs is documented in our datasheets. We have an internal Proof Of Value and test team that can be used to bench test the FWs to show the performance with your specified criteria. If you want to test it or try the Firepower estimator tool please contact a Cisco Specialist filling this form.
Please try accessing with your Cisco credentials and let us know if it works for you at contact us form

Securing student learning with Cisco solutions: the example of Italian University Convitto Nazionale Umberto Primo

"After our initial tests, we were able to transition 100% of our students and
teachers from our previous authentication platform and the old infrastructure to Cisco Next Generation Firepower"