Cisco Blogs
Share

Improve network and security operations with Firepower multi-instance and Cisco Threat Response


December 4, 2018 - 3 Comments

As one of the largest security companies in the world, we take great pride in building solutions that many thousands of organizations trust to secure their networks. Small businesses and large enterprises alike rely on Cisco firewalls to keep their organizations running. With our latest release, Firepower Threat Defense (FTD) 6.3, our team is delivering value and bringing new possibilities to Firepower customers of all sizes.

Multi-instance: Multi-tenancy and segmentation

New in FTD 6.3, multi-instance capability for Firepower 4100 and 9300 allows enterprises with multiple departments to completely isolate their management and traffic planes from one another through strict hardware resource reservation. Customers can now deploy multiple logical devices, each with a Firepower Threat Defense instance in a Docker container, on a single security module.

There are a number of reasons why an organization would want to partition a single physical security appliance into multiple virtual firewalls. Cisco Adaptive Security Appliance (ASA) software has supported virtual firewalls with multiple-context mode for quite some time. We previously discussed the problems that virtual firewalls can help solve and why we decided to take a fresh approach with the multi-instance capability for FTD.

Instances are fully independent and fault-isolated. This approach ensures that there are no questions about what the NGFW is doing and which resources it can access. And unlike other approaches, one NGFW instance can’t impact another’s resources.

Deployment is quick and easy. Once created, each instance looks and operates within Firepower Management Center like a physical device. Large environments and service providers can even deploy NGFW instances at scale using our open API.

To illustrate the benefits of multi-instance, let’s imagine a large enterprise that does a lot of business around the holidays, like a retailer or airline. Say that they have production and staging environments behind the same firewall. With a classic firewall multi-tenancy solution (such as ASA or a competitor’s), the DevOps folks who play in the staging environment during the holidays may inadvertently cause a spike of traffic, overload the firewall, and take down the production environment, causing loss of revenue. With multi-instance, each firewall partition is contained to its resources so no cross-impact on either management or data planes can take place; business is safe.

Watch the latest episode of ThreatWiseTV to learn more about multi-instance. Cisco Customer Connection Program members can join a special briefing about multi-instance on January 16th here.

Firepower integration with Cisco Threat Response

Cisco Threat ResponseCisco Threat Response automates integrations across select Cisco Security products and accelerates detection, investigation and remediation. Firepower is the latest product to be integrated, with high-priority IPS events available in the Cisco Threat Response dashboard. Visit the Cisco Threat Response webpage to learn more. 

 

Migrate easily with the new Cisco Firepower Migration Tool

ASA to Firepower migration

It’s never been easier to move from an ASA to a Cisco NGFW, thanks to our new Firepower Migration Tool. It automatically converts the configuration of a supported ASA platform to a supported Cisco NGFW running Firepower Threat Defense. Visit our webpage to download and launch the tool and follow the step-by-step tutorial video.

Dive deeper into 6.3

The FTD 6.3 release truly offers something for everyone. For the complete list of new features and functionality, check out the release notes.

Try Cisco NGFW today

We’re laser-focused on developing firewall innovations that will help our customers prevent breaches, gain deep visibility, and automate operations to save time and work smarter. If you’re considering moving to Cisco NGFW, watch our demo or sign up for a free NGFW trial today.

Resources:



Leave a comment

We'd love to hear from you! Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed and HTML formatting will not appear.

3 Comments

  1. Need to improve the UI. Cisco competitors are more user friendly interfaces compare to ASA

  2. Is it true that will not possible to run FTD 6.3 on ASA5506?

    • That's correct. Support for ASA 5506-X, 5506W-X, 5506H-X, and 5512-X removed starting with FTD 6.3. The final supported FTD release for these platforms is 6.2.3. This is documented in the release notes: https://www.cisco.com/c/en/us/td/docs/security/firepower/630/relnotes/firepower-release-notes-630/new_features.html