Networking-Forums.com

The new FirePowers have been announced and they are moving the ASA feature set into them, very limited feature set at the moment though (hope you don't want things like EIGRP, or VPN capabilities).  They are monster boxes to at ~20Gb for the smallest one.  No management will be done on them, all management is done at the Firepower Management Center thingy (no more CLI or ASDM).  Also my understanding is that they will run as a VM.

http://www.cisco.com/c/en/us/products/security/firepower-4100-series/index.html

Interesting. Do they ship pre-patched for the ASA vulnerabilities?

Quote from: deanwebb on February 19, 2016, 11:29:01 AM
Interesting. Do they ship pre-patched for the ASA vulnerabilities?

Doubtful.  More than likely it will contain more vulnerabilities/bugs that you will bug test for them.

The datasheet shows throughput numbers for VPN/IPSec so it looks like it will do that at least. I would love to play with a couple of these, but I don't want to be the first one running them in production.

datasheet - http://www.cisco.com/c/en/us/products/collateral/security/firepower-4100-series/datasheet-c78-736661.html

-Otanx

We might get to be among the first at a few sites...

2 Maximum throughput with User Datagram Protocol (UDP) traffic measured under ideal test conditions.

HA! Let the firewall spec wars and vendor test methodology accusations begin anew. *cough fortinet numbers cough*

seriously though, its a bit strange how there's no low-mid level offerings (around the 1Gb throughput range) to compete around the SRX340, PA-3020, Fortinet 500D etc. arena.

The Fortinet numbers really are that good. Unless you check *any* kind of NGFW-functionality...

Quote from: mmcgurty on February 19, 2016, 11:49:10 AM

Quote from: deanwebb on February 19, 2016, 11:29:01 AM
Interesting. Do they ship pre-patched for the ASA vulnerabilities?

Doubtful.  More than likely it will contain more vulnerabilities/bugs that you will bug test for them.

Heh heh heh  :problem?:

Quote from: wintermute000 on February 23, 2016, 03:50:16 AM
seriously though, its a bit strange how there's no low-mid level offerings (around the 1Gb throughput range) to compete around the SRX340, PA-3020, Fortinet 500D etc. arena.

Wouldn't the low end be covered by the ASAs with FirePOWER? To me these just extend the product line above the 5585-X.

-Otanx

Quote from: deanwebb on February 19, 2016, 11:29:01 AM
Interesting. Do they ship pre-patched for the ASA vulnerabilities?

This made me laugh

I would advise against buying version 1 of any Cisco hardware system.

Quote from: dlots on February 29, 2016, 10:29:02 AM
I would advise against buying version 1 of any Cisco hardware system.

Fixed that for you  :)

-Otanx