Migration from Cisco ASA to Cisco NGFW

Today I am going to talk about the migration models from old Cisco ASA to Cisco FTD or Firepower devices. Cyber security continues to be top of mind for organizations of all sizes and around the world. Given the value and risk at stake, security is now a boardroom discussion and in this article I am going to take you go through the Next Generation Firewalls.

Most NGFWs reduce risk by providing access control over applications and users. But they don’t eliminate threats because attackers can still exploit open web connections and approved applications. For superior protection, an NGFW must be able to provide deep visibility into and across the network, apply intelligent automation to identify threats, adapt protections to a dynamic network environment, and quickly scope and recover from attacks to minimize damage. 

Fig 1.1- Cisco ASA connected to Switch

I wrote some of the articles on the various Cisco Next Generations Firewall models. Please have a look on the below articles as below

Cisco Next Generation Firewalls : Cisco Firepower 2100 Series
Cisco Firepower 4100 Series introduction
Cisco Firepower 9300 Series Introduction
Cisco Firepower - Next Generations Firewalls ( FP2100, FP4100 and FP9300 )

Most of you already asked me about the uses of the Next generation firewalls over the Stateful firewalls named Cisco ASA used earlier and want to know if they have the old models then which model will be better to replace as per the current environment and the models. It all depends upon the throughout you required from the Next generation firewalls.

Let's talk about the Cisco NGFW, Cisco Firepower NGFW with Firepower Threat Defense delivers all of those capabilities. It is the industry’s first, and only, threat-centric, next-generation firewall. Cisco NGFW customers expect the best in network security. Upgrade to Cisco’s newest Next-Generation Firewall today and protect your high-value digital assets.

I will take you through the replacement models for some of the old ASA's as below

Fig 1.2- Cisco ASA and Cisco NGFW with FTD services
Hope the above mentioned replacement will help you to directly replace your models or to migrate your old appliances with the new ones.

Some of you have questions on the models throughput with AVC and with IPS. I will take you guys through it as well. lets have a look on the below mentioned table which will help you with the throughput requirement in your campus.

Fig 1.3- Cisco NGFW throughput

In today’s Digital Economy, the business environment has never been more competitive and organizations are constantly evolving to take advantage of new opportunities. But new business models that drive business value are also creating opportunities for attackers. Modern extended networks and their components constantly evolve and spawn new attack vectors that adversaries are exploiting.