Cisco Blogs
Share

3 Reasons to Upgrade from Cisco ASA to Cisco Firepower NGFW Today


September 20, 2018 - 3 Comments

 You have a Cisco ASA stateful firewall[i]. You like it. It’s reliable. You think, “It works… if it ain’t broke, don’t fix it.” But you’ve had your ASA for years now, and during that time, threats have evolved. Malware is more sophisticated than ever. What’s more, your business has grown, the demands on the network are greater than ever, and you have to manage it all with the same size team and resources that you had 5 years ago.

Given these challenges, you have to start asking yourself how your firewall can do MORE for you than it already is:

  • Can my firewall provide deep visibility into my network to detect and stop threats faster?
  • Can my firewall reduce complexity and save me time? Can it automate security and network operations so I can spend more time focusing on high priority tasks?
  • Can it share information and work together with the rest of my security tools to detect and eliminate threats so I don’t have to do it myself?
  • I need to know I’m protected. Can my firewall protect my company from the next big cyberattack in the news?

The Cisco Firepower Next-Generation Firewall (NGFW) can do all of these things. Here are three simple reasons to upgrade.

1. More than just access control

The Cisco ASA stateful firewall provides access control and traffic filtering. The Cisco NGFW provides all of that and more, like application visibility and control, as well as deep visibility into threats using built-in advanced security capabilities, like:

  • Integrated NGIPS and advanced malware protection (AMP) capabilities can quickly uncover, detect, and eliminate threats hiding under the radar. You can see where a threat originated, where it’s been, and what it’s doing—then automatically stop it.
  • URL filtering prevents access to malicious sites to stop an attack before it happens.
  • Our Talos team of threat researchers provide 24/7 intelligence updates so you’re always protected against known, unknown, and emerging threats. WannaCry, NotPetya, VPNFilter – Cisco NGFW customers were automatically protected from these attacks because of the great work of the Talos group.

2. Reliability and uptime

While the ASA provides proven reliability and uptime, the Cisco NGFW builds on the ASA heritage and provides reliability and uptime even when using advanced security features like NGIPS. In fact, throughput on the Cisco Firepower 2100 does not degrade when NGIPS functionality is turned on. Finally, you can utilize advanced security capabilities built into the firewall without drastically sacrificing network throughput.

3. An integrated architecture

Cisco NGFW wasn’t designed in a silo. It was built to work together with other Cisco security tools. Threat intelligence, policy information and event data are shared across all Cisco security tools as part of Cisco’s Integrated Security architecture. This is important for a couple reasons.

First, these integrations provide more visibility across multiple attack vectors, from edge to endpoint, so you can stop threats faster. Therefore, when a single security tool sees a threat in one place, every tool will instantly know about it, and automatically block it across the entire extended network.

Second, these integrations can automate network and security operations to help save you time so you can focus on high priority tasks. For instance, the Cisco NGFW shares policy information with the Cisco Identity Services Engine (ISE) so that ISE can automatically enforce policy on devices. Cisco Advanced Malware Protection (AMP) for Endpoints will notify the Cisco NGFW if it has quarantined a file on a specific device or multiple devices.

In a time when budgets, staff, and resources are limited (and every day is a struggle to keep up in a never-ending game of whack-a-mole with threat alerts), automation can help your team be strategic rather than just reactive.

Migrate easily with the new Cisco Firepower Migration Tool

If you’re ready to swap out your old ASA for a new Cisco NGFW and take advantage of these added benefits, it’s time to migrate. We’ve made migration easy with the new Firepower Migration Tool. It automatically converts the configuration of a supported ASA platform to a supported Cisco NGFW running our Firepower Threat Defense (FTD) platform. Visit our website, download and launch the tool, use the step-by-step tutorial video to walk you through 6 easy steps to migrate, and then you’re done.

Your firewall should be doing more for you. It should be doing more to streamline your network operations and protect you from threats. The move should also be easy and seamless. Watch a demo, get a free trial, or talk to your Cisco representative about upgrading to a Cisco Firepower NGFW today.

[i] Cisco ASA stateful firewall DOES NOT refer to the “Cisco ASA with Firepower Services” or the Cisco 5500-X Series. Any Cisco ASA with Firepower Services delivers “next-generation” capabilities and is not just a stateful firewall alone.



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

3 Comments

  1. Unless you want to continue using Cisco products like ISE and AnyConnect.

    • Ditto, this is why we brought a new ASA instead of this. They’re pushing this as the future but it doesn’t have the features of the ASA that we needed so we just got the ASA.

  2. If you have upgraded to an X series ASA then, chances are, you already have FirePOWER partially available. You need a license and hard drive from Cisco, though. If you're a little squeamish about jumping into FirePOWER with both feet then it's a decent option to get your feet wet with.