Based on the configured policies the instance will take a decision and sent it back to the ASA in order to send it back to the destination.The FirePOWER instance receives the traffic and inspects it.If the traffic is accepted, it will be redirected to the FirePOWER instance if not, the traffic will be dropped without further inspection. The packet will be checked against the policies setup on the ASA platform.In case the traffic is encrypted and belongs to a tunnel, it will be decrypted.A packet arrives at the outside interface.Since this post ist related to the ASA with FirePOWER services in a specific mode, we will see how it works. This text has been written with the simple purpose to describe the functionality, architecture and design without going too deep in detail. While reading this post, keep in mind that it is NOT a configuration guide. In contrast to this, when Cisco speaks about Firepower then they are mentioning the Firepower Threat Defense device. When Cisco mentions the word FirePOWER, then they talk about ASA-Devices with a Firepower Image on top running as a module. We also have to assume that there are still a lot of ASA Firewalls out there and they will remain for a while before replacement.Īt first sight, we may not find any difference between the wording Firepower and FirePOWER. On the other side I also recently bought a Firepower 1010 to see the evolution Cisco made from ASA to ASA with FirePOWER and finally Firepower. On one side I recently bought myself an ASA-5506-X with FirePOWER services, to extend my lab, to see how it works, and to do some experiments I can not do on a customer environment :). Yes, it is 2020 and I am still speaking about ASA…
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |