Firepower Feature Matrix

Doc type / Publish Date
Cisco Partner Confidential / 1.31.2020
Cisco Firewall Firepower Feature Comparison

Matrix v 6.5
Security Business Group
Network Security Technical Marketing Engineering
06 February 2020
© 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Partner Confidential Information.
Contents
Introduction 2
Platform Selection 2
ASA or FTD 2
ASA Management Selection: 3
NGFW Management Selection: 4
NGFW Management Selection - Continued: 5
Management Features Matrix – ASA 6
Management Features Matrix – FTD 15
Divya & Alan v.6.5 © 2020 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential Information. Page 1 of 27
Introduction
The purpose of this document is to inform and accelerate our users decision-making when choosing between Cisco ASA or FTD
platforms and available management options. More information ASA to FMT migration is available here: Cisco ASA to FTD using
FMT
Platform Selection
ASA or FTD
Management Features Matrix – ASA Management Features Matrix – FTD
ASA Management Selection:
NGFW Management Selection:
NGFW Management Selection - Continued:
Management Features Matrix – ASA
LEGEND
Matured, tested, and verified
Not Supported
Cisco Security Manager Adaptive Security Device Cisco Defense Orchestrator

Features
(4.20) Manager (7.13) (Dec 2019)
Management Features
Location and type of manager Off-box Centralized Manager for Java Based, Integrated on-box Cloud-Based Manager for ASA, FTD,
upto 2500 ASAs (Based on manager for single device. Meraki, AWS VPC and IOS devices.
deployment scenario). Available free with every ASA Subscription based on managed
image device.
ASA can be co-managed with ASDM
FTD can be co-managed with FDM
Managed Devices Manages ASAs including ASAs Available on all form factors Any ASA, FP1000, FP2100, FP4100
that have a FP module running ASA software and FP9300 hardware running ASA,
ASAv, ISA 3000
Available Form Factors Client-server application installed Java based application Cloud based web application
on Windows server.
Multi Tenancy ✗ ✗ ✔
Management Authentication ✔ ✔ SAML 2FA -- Cisco provided (Cisco
Secure Sign-On) or Roll Your Own
Management RBAC ✔ ✔ Three roles: Super Admin, Admin and
(Authorization) Read-Only
Management Audit ✔ ✔ ✔
(Accounting)
Deployment History ✔ ✗ ✔
Pending Changes ✔ ✔ ✔
Policy Compare ✔ ✗ ✔
Configuration Archive ✔ ✗ ✔
Cisco Security Manager Adaptive Security Device Cisco Defense Orchestrator
Features
(4.20) Manager (7.13) (Dec 2019)
Firewall Operating Mode Features
Stateful Transparent Firewall ✔ ✔ ✗
Stateful Routed Firewall ✔ ✔ ✔
Scalability and High Availability Features

Active/Active Failover ✔ ✔ ✗
Active/Standby Failover ✔ ✔ ✔
Clustering on 5500-X ✔ ✔ ✗
Inter-Chassis Clustering on ✔ ✔ ✗
Firepower Appliance
Hardware Specific Features
Fail to wire interfaces ✔ ✔ ✔
ASA & FTD in 9300 (different ✗ ✗ ✔
SMs)
Stateful Firewall Features
Initial Setup Wizard Has a Jumpstart Wizard to help 12 step Startup Wizard for Cloud-native onboarding for FTD -
with initial configuration Interfaces/NAT/DHCP/etc no need for on-prem SDC. Useful
connectivity for the ASA when mgmt IP is DHCP assigned
and for branches.
Simple Secure Device Connector
(SDC) Setup (vAPP if using the
VMWare image), and then easy
onboarding of devices
Interfaces ✔ ✔ ✔
Adaptive Security Device Cisco Defense Orchestrator
Features Cisco Security Manager (4.20)
Manager (7.13) (Dec 2019)
Stateful Firewall Object Features
Object based acc. ctrl policy ✔ ✔ ✔
IP address objects (v4 & 6) ✔ ✔ ✔
Object groups ✔ ✔ ✔
Groups of groups ✔ ✔ ✔
UDP and TCP ports in one ✔ ✔ ✔
object
Address ranges 1.1.1.10-20 ✔ ✔ ✔
Port ranges ✗ ✗ ✗
Object change history ✔ ✗ ✔
Find unused objects ✔ ✗ ✔
IP object based on a ✔ ✔ ✔
host/domain name (FQDN
object)
Classic Firewall Features
Access Ctrl rules (IP, port) ✔ ✔ ✔
Integrated routing and Bridging ✔ ✔ ✔
in the same context
TCP State bypass ✔ ✔ ✔
Only packets that belong to ✔ ✔ ✔
established sessions can be
allowed through the firewall
TCP Sequence random. ✔ ✔ ✔
Connection limits and TCP ✔ ✔ ✔
Intercept
Dead Connection Detection ✔ ✔ ✔
Advanced Protocol Inspection Features
SIP ✔ ✔ ✔
FTP ✔ ✔ ✔
DNS ✔ ✔ ✔
DCE-RPC ✔ ✔ ✔
GTP ✔ ✔ ✔
H323 (H225, RAS) ✔ ✔ ✔
ICMP ✔ ✔ ✔
NetBIOS ✔ ✔ ✔
RTSP ✔ ✔ ✔
SCCP ✔ ✔ ✔
RSH ✔ ✔ ✔
ESMTP ✔ ✔ ✔
SQLNET ✔ ✔ ✔
SUNRPC ✔ ✔ ✔
XDMCP ✔ ✔ ✔
TFTP ✔ ✔ ✔
Stateful Firewall Other Features

NAT ✔ ✔ ✔
Routing ✔ ✔ ✔
VPN -> Site-to-Site Features
IKEv1, IKEv2 ✔ ✔ ✔
Static, Dynamic Peering ✔ ✔ ✔
IPv4, IPv6 Addressing ✔ ✔ ✔
PSK Authentication ✔ ✔ ✔
Certificate Authentication ✔ ✔ ✔
Route Based VPN ✔ ✔ ✔
Firepower VPN (7xxx and 8xxx ✔ ✔ ✔
appliances)
Monitoring ✔ ✔ ✔
VPN -> Remote Features

Connection Protocol ✔ ✔ ✗
AnyConnect Client ✔ ✔ ✗
Clientless VPN ✔ ✔ ✗
3rd Party Client ✔ ✔ ✗
Authentication Protocol ✔ ✔ ✗
Certificate Authentication ✔ ✔ ✗
2FA/MFA ✔ ✔ ✗
Authorization Protocol ✔ ✔ ✗
Accounting Protocol ✔ ✔ ✗
DAP/HostScan Does not support HostScan 4.6+ ✔ ✗
ISE Posture & CoA ✔ ✔ ✗
AnyConnect Profile Attributes ✔ ✔ ✗
Resiliency & Scalability ✔ ✔ ✗
Layer 2 - 7 Access Control Filter Features
IP address ✔ ✔ ✔
VLAN ✔ ✔ ✔
User ID / User Group ✔ ✔ ✔
Ports ✔ ✔ ✔
Protocol ✔ ✔ ✔
Objects ✔ ✔ ✔
SGT ✔ ✔ ✔
Trusting Traffic / No inspection ✔ ✔ ✔
Tunnel Policies ✔ ✔ ✔
NGFW Identity Awareness & Control Features

Passive authentication ✔ ✔ ✔
Active Authentication/Captive ✔ ✔ ✔
Portal/Cut Through Proxy and
Direct Authentication
Enforce traffic policy by SGT ✔ ✔ ✔
Read SGT from packets ✔ ✔ ✔
Rapid Threat Containment ✗ ✗ ✗
using ISE
NGFW Layer 4 - 7 Firewall Functionality Features
Application Control ✗ ✗ ✗
Limit bandwidth by ✗ ✗ ✗
user/application (Rate Limiting)
URL Filtering ✗ ✗ ✗
SSL Decryption in software ✗ ✗ ✗
SSL Decryption in hardware ✗ ✗ ✗
OpenAppID ✗ ✗ ✗
AMP For networks ✗ ✗ ✗
ThreatGRID Dynamic Analysis ✗ ✗ ✗
Threat/Risk Reports ✗ ✗ ✗
Web SafeSearch and YouTube ✗ ✗ ✗
Edu
TLS Proxy for Encrypted Voice ✗ ✗ ✗
Inspection
Web Cache Services Using ✔ ✔ ✔
WCCP
Pre-filter Policy (Tunneled & ✔ ✔ ✔
Fastpath)
Firewall management automation
Hit Counts ✔ ✔ ✔
Rule Conflict Detection ✔ ✗ ✔
(Redundant & Shadowed)
Object Conflict detection ✗ ✗ ✔
Logging & Analytic Features
Log connections to ✔ ✔ ✔
management console
Send syslogs- from the ✔ ✔ ✔
management console
Send syslogs - directly from the ✔ ✔ ✔
device
Security Analytics and Logging ✗ ✗ ✗
Dashboards ✔ ✔ ✗
Reporting ✔ ✗ ✗
estreamer ✗ ✗ ✗
CEF ✗ ✗ ✗
Netflow ✔ ✔ ✔
Cisco Threat Response (CTR) ✗ ✗ ✗
Integration
Risk Reports/SRA ✗ ✗ ✗
Health Functionality ✔ ✔ ✗
APIs
REST API ✔ ✔ ✔
Host Input API ✗ ✗ ✗
Remediation API ✗ ✗ ✗
Database Access API ✗ ✗ ✗
Estreamer API ✗ ✗ ✗
Workflows (Submitter, ✔ ✗ ✔
Approver, Deployer)
Ticket Management System ✔ ✗ ✔
Integration
ASA to FTD Migration ✔ ✗ ✔
Management Features Matrix – FTD
LEGEND
Matured, tested, and verified
Not Supported
Firepower Management Center Firepower Device Manager Cisco Defense Orchestrator

Features
(6.5) (6.5) (Dec 2019)
Management Features
Location and type of manager Web-based, Off-box Centralized Simple, Web-based, Intuitive, Cloud-Based Manager for ASA,
Manager for upto 750 Sensors Integrated on-box manager for FTD, Meraki, AWS VPC and IOS
(Based on FMC Appliance single device. devices. Subscription based on
model). Use in conjunction with Available free with every FTD managed device.
CSM to manage ASAs in the image ASA can be co-managed with
case of ASA w/ FP services Co-management with CDO, no ASDM
co-management with FMC FTD can be co-managed with
FDM
Managed Devices Any ASA, FP1000, FP2100, Any ASA, FP1000, FP2100, Any ASA, FP1000, FP2100,
FP4100 and FP9300 hardware FP4100 and FP9300 hardware FP4100 and FP9300 hardware
running FTD running FTD running FTD, VMWare, KVM, ISA
VMWare, KVM, ISA 3000, FTDv VMWare, KVM, ISA 3000, FTDv 3000, FTDv on Azure
in Azure and AWS in Azure
ASA with FP Services
FP 7000 and 8000 appliances
Available Form Factors FS750, FS1000, FS2000, Web-based Cloud based web application
FS2500, FS4000, FS4500
FMC1600, FMC 2600, FMC4600
VMWare (25 count and 300
count), KVM, AWS
Multi Tenancy ✔ ✗ ✔
Management Authentication Local, AD, Radius Local Admin and RADIUS SAML 2FA -- Cisco provided
(Cisco Secure Sign-On) or Roll
Your Own
Features
(6.5) (6.5) (Dec 2019)
Management RBAC Granular RBAC provided locally Available w/ RADIUS Three roles: Super Admin, Admin
(Authorization) authentication and Read-Only
Roles: RO, RW and Admin
Management Audit (Accounting) Audit Logs. report can be ✔ Yes. ChangeLog for all
generated from these logs in Configuration Changes. Data is
HTML, PDF and CSV formats stored and accessible for at least
one year
Deployment History ✔ ✔ ✔
- High level indication in Deploy
Policies window
Pending Changes ✔ ✔
- Interface and ACP changes in
Audit Log
- Available for DNS, File, Health,
Identity, Intrusion, Network
Policy Compare Analysis, SSL policies ✔ ✔
- Interface and ACP changes in
Audit Log
Configuration Archive ✔ ✔ ✗
Firewall Operating Mode Features
Stateful Transparent firewall ✔ ✗ ✗
Stateful Routed firewall ✔ ✔ ✔
Multi-Instance ✔ ✗ ✗
Scalability and High Availability Features
Active/Active Failover ✔ ✗ ✗
Active/Standby Failover ✔ ✔ ✔
Clustering on 5500-X ✔ ✗ ✗
Intra-Chassis Clustering on ✔ ✗ ✗
Firepower Appliance
Inter-Chassis Clustering on ✔ ✗ ✗
Firepower Appliance
Stacking ✔ ✗ ✗
Features
(6.5) (6.5) (Dec 2019)
Hardware Specific Features
Flow Offload on 9300 and 4100 ✔ ✔ ✔
Fail to wire interfaces ✔ ✔ ✔
ASA & FTD in 9300 (different ✗ ✗ ✔

SMs)
Stateful Firewall Features
Initial Setup Wizard Improved initial setup experience: 3 step Easy Setup Wizard: Cloud-native onboarding for FTD
- Default boot protocol set to - Outside/DHCP/NTP connectivity - no need for on-prem SDC.
DHCP (Support for Non-DHCP for the FTD Useful when mgmt IP is DHCP
environments) - Create default for NAT and assigned and for branches.
- UI or CLI based configuration (3 Routing in the background. Simple Secure Device Connector
steps) - Creates default deny ACL Rule (SDC) Setup (vAPP if using the
- Change password - Has a Live topology display that VMWare image), and then easy
- Accept EULA changes color as it progresses onboarding of devices
- Configure Network
Interfaces ✔ Except Redundant, Inline, PPPoE Except Redundant, Port Channel,
interfaces Inline, PPPoE interfaces
Features
(6.5) (6.5) (Dec 2019)
Stateful Firewall Object Features
Object based acc. ctrl policy ✔ ✔ ✔
IP address objects (v4 & V6) ✔ ✔ ✔
Object groups ✔ ✔ ✔
Groups of groups ✔ ✔ ✔
UDP and TCP ports in one object ✔ ✔ ✔

Address ranges 1.1.1.10-20 ✔ ✔ ✔
Port ranges ✔ ✔ ✔
Object change history ✔ ✔ ✔
Find unused objects ✔ ✗ ✔
IP object based on a host/domain ✔ ✔ ✔

name (FQDN object)
Features
(6.5) (6.5) (Dec 2019)
Stateful Firewall Predefined Object Features
IPv4 Private-Use - All RFC1918 ✔ ✔ ✔
IPv4 Private-Use - 10/8 ✔ ✔ ✔
IPv4 Private-Use - 172.16/12 ✔ ✔ ✔
IPv4 Private-Use - 192.168/16 ✔ ✔ ✔

IPv6 Private-Use - Unique Local ✔ ✔ ✔
Addresses
IPv4 Link-Local ✔ ✔ ✔
IPv6 Link-Local ✔ ✔ ✔
IPv4 Multicast ✔ ✔ ✔
IPv6 to IPv4 Relay Anycast ✔ ✔ ✔
IPv4 Benchmark Tests ✔ ✔ ✔
IPv6 - IPv4 Mapped ✔ ✔ ✔
any ipv4 ✔ ✔ ✔
any ipv6 ✔ ✔ ✔
any both (our keyword any) ✔ ✔ ✔
Features
(6.5) (6.5) (Dec 2019)
Classic Firewall Features
Acc. ctrl rules (IP, port) ✔ ✔ ✔
Integrated routing and Bridging ✔ ✔ ✔

in the same context
✔ Flexconfig Flexconfig
TCP State bypass
Only packets that belong to ✔ Flexconfig Flexconfig
established sessions can be
allowed through the firewall
✔ Flexconfig Flexconfig
TCP Sequence randomization
Connection limits and TCP ✔ Flexconfig Flexconfig
Intercept
Flexconfig Flexconfig Flexconfig
Dead Connection Detection
Features
(6.5) (6.5) (Dec 2019)
Advanced Protocol Inspection Features
SIP ✔ ✔ ✔
FTP ✔ ✔ ✔
DNS ✔ ✔ ✔
DCE-RPC ✔ ✔ ✔
GTP ✔ ✔ ✔
H323 (H225, RAS) ✔ ✔ ✔
ICMP ✔ ✔ ✔
NetBIOS ✔ ✔ ✔
RTSP ✔ ✔ ✔
SCCP ✔ ✔ ✔
RSH ✔ ✔ ✔
ESMTP ✔ ✔ ✔
SQLNET ✔ ✔ ✔
SUNRPC ✔ ✔ ✔
XDMCP ✔ ✔ ✔
TFTP ✔ ✔ ✔
Stateful Firewall Other Features
NAT Firepower NAT also included ✔ GUI also includes a NAT Wizard
for some use cases
Routing OSPF, BGP, RIP, Multicast, Static and Route Tracking(SLA) Static via UI; Other protocols via
Static, Route Tracking(SLA) - on UI FDM UI
Supported on UI OSPF, BGP and respective route
EIGRP, PBR, ISIS, BFD, ECMP - object - SmartCLI
Flexconfig Other Dynamic Routing protocols
Only API for static route + PBR - FlexConfig
APIs available for Static Route,
OSPF, BGP and generic
Flexconfig
Features
(6.5) (6.5) (Dec 2019)
VPN -> Site-to-Site Features
IKEv1, IKEv2 ✔ ✔ ✔
Static, Dynamic Peering ✔ ✔ ✔
IPv4, IPv6 Addressing ✔ ✔ ✔
PSK Authentication ✔ ✔ ✔
Certificate Authentication ✔ ✔ ✗
Route Based VPN ✗ ✗ ✗
Firepower VPN (7xxx and 8xxx ✔ ✗ ✗
appliances)
Monitoring ✔ ✗ ✔
VPN -> Remote Features

Connection Protocol SSL, IKEv2 SSL SSL
AnyConnect Client ✔ ✔ ✔
Clientless VPN ✗ ✗ ✗
3rd Party Client ✗ ✗ ✗
Authentication Protocol RADIUS, LDAP RADIUS, LDAP, Local RADIUS, LDAP, Local
Certificate Authentication ✔ ✔ ✔
2FA/MFA ✔ ✔ ✔
Authorization Protocol RADIUS, LDAP(Flexconfig) RADIUS, LDAP RADIUS

Accounting Protocol RADIUS, RADIUS RADIUS
DAP/HostScan ✗ ✗ ✗
ISE Posture & CoA ✔ ✔ ✔
AnyConnect Profile Attributes Flexconfig Flexconfig Flexconfig
Resiliency & Scalability A/S HA A/S HA A/S HA
Features
(6.5) (6.5) (Dec 2019)
NGFW Layer 2 - 7 Access Control Filter Features
Zone (a logical group of physical ✔ ✔ ✔
or virtual interfaces)
IP address ✔ ✔ ✔
Geolocation ✔ ✔ ✔
VLAN ✔ ✔ ✔
User ID / User Group ✔ ✔ ✔
VDI user identity ✔ ✗ ✗
AppID ✔ ✔ ✔
Ports ✔ ✔ ✔
Protocol ✔ ✔ ✔
URL ✔ ✔ ✔
Objects ✔ ✔ ✔
SGT ✔ ✔ ✗
Device type (ISE) ✔ ✔ ✗
Location IP (ISE) ✔ ✔ ✗
Trusting Traffic / No inspection ✔ ✔ ✔
Tunnel Policies ✗ ✗ ✗
X-Forwarded-For policy ✔ ✗ ✗
NGFW Traffic Awareness & Network Discovery Features
Network Discovery ✔ ✗ ✗
Application Discovery ✔ ✗ ✗
User Discovery ✔ ✗ ✗
Indicators Of Compromise, ✔ ✗ ✗
Impact Analysis, Firepower
recommendation, etc.
Features
(6.5) (6.5) (Dec 2019)
NGFW Identity Awareness & Control Features
Passive authentication ✔ ✔ ✔
Active Authentication/Captive ✔ ✔ ✔
Portal/Cut Through Proxy and
Direct Authentication
Enforce traffic policy by SGT ✔ ✔ ✗
Read SGT from packets ✔ ✔ ✗
Rapid Threat Containment using ✔ ✗ ✗
ISE
NGFW Threat Prevention (IPS & Malware) Features
Snort - best in class IPS ✔ ✔ ✔
Normalization and inspection of ✔ ✔ ✔
traffic up to application layer for
anti-evasion
Custom IPS Rules ✔ ✗ ✗
FQDN based Security intelligence ✔ ✔ ✔

feeds
DNS Inspection and sinkholing ✔ No sinkholing No sinkholing
File Archive support (zip, rar..) ✔ ✔ ✗
File pre-classification and local ✔ ✔ ✔
malware inspection
IoC Update Feed ✔ ✗ ✗
Integration with CWS ✔ ✗ ✗
Features
(6.5) (6.5) (Dec 2019)
NGFW Layer 4 - 7 Firewall Functionality Features
Application Control ✔ ✔ ✔
Limit bandwidth by ✔ Flexconfig ✗
user/application (Rate Limiting)
URL Filtering ✔ ✔ ✔
SSL Decryption in software ✔ ✔ ✔
SSL Decryption in hardware ✔ ✔ ✔
OpenAppID ✔ ✔ ✔
AMP For networks ✔ ✔ ✔
ThreatGRID Dynamic Analysis ✔ ✗ ✗
Threat/Risk Reports ✔ ✗ ✗
Web SafeSearch and YouTube ✔ ✔ ✔
Edu
TLS Proxy for Encrypted Voice ✗ ✗ ✗
Inspection
Web Cache Services Using WCCP Flexconfig Flexconfig ✗
Pre-filter Policy (Tunneled & ✔ ✗ ✗
Fastpath)
Firewall management automation
Hit Counts ✔ ✔ ✗
Rule Conflict Detection ✔ ✗ ✗
(Redundant & Shadowed)
Object Conflict detection ✗ ✔ ✔
Features
(6.5) (6.5) (Dec 2019)
Logging & Analytic Features
Log connections to management ✔ ✔ ✔
console
Send syslogs- from the ✔ ✔ ✗
management console
Send syslogs - directly from the ✔ ✔ ✔
device
Security Analytics and Logging ✗ ✗ ✔
Dashboards ✔ ✔ Dashboards available for:
- Predefined and Customizable - Multiple predefined dashboards Top Applications
dashboard and widgets for for health, network and threat Top Attackers
network and threat Top Destinations
- Limited Device health Top Targets
Top Threats
Reporting ✔ including ✗ ✗
- Provides templates for reports.
- Reports can be exported etc.
- Report Designer can convert
Dashboard to Reports
estreamer ✔ ✗ ✗
CEF ✗ ✗ ✗
Netflow Flexconfig Flexconfig Flexconfig
Cisco Threat Response (CTR) ✔ ✔ ✔
Integration
Risk Reports/SRA ✔ ✗ ✗
Health Functionality ✔ ✔ ✗
Features
(6.5) (6.5) (Dec 2019)
APIs
REST API ✔ - Limited FTD APIs available for all FDM FTD APIs available in co-
existance with CDO
Host Input API ✔ ✗ ✗
Remediation API ✔ ✗ ✗
Database Access API ✔ ✗ ✗
Estreamer API ✔ ✗ ✗
Workflows (Submitter, Approver, ✗ ✗ ✗
Deployer)
Ticket Management System ✗ ✗ Via Rest API
Integration
ASA to FTD Migration ✔ Use CDO Tool ✔

Firepower Feature Matrix

Uploaded by

Copyright:

Available Formats

Firepower Feature Matrix

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Firepower Feature Matrix

Uploaded by

Copyright:

Available Formats

Doc type / Publish Date

Cisco Partner Confidential / 1.31.2020

Cisco Firewall Firepower Feature Comparison

Management Features Matrix – ASA Management Features Matrix – FTD

Cisco Security Manager Adaptive Security Device Cisco Defense Orchestrator

Stateful Routed Firewall ✔ ✔ ✔

Scalability and High Availability Features

Stateful Firewall Other Features

VPN -> Remote Features

NGFW Identity Awareness & Control Features

ASA to FTD Migration ✔ ✗ ✔

Firepower Management Center Firepower Device Manager Cisco Defense Orchestrator

ASA & FTD in 9300 (different ✗ ✗ ✔

Object based acc. ctrl policy ✔ ✔ ✔

IP address objects (v4 & V6) ✔ ✔ ✔

UDP and TCP ports in one object ✔ ✔ ✔

Object change history ✔ ✔ ✔

Find unused objects ✔ ✗ ✔

IP object based on a host/domain ✔ ✔ ✔

IPv4 Private-Use - 172.16/12 ✔ ✔ ✔

IPv4 Private-Use - 192.168/16 ✔ ✔ ✔

IPv6 to IPv4 Relay Anycast ✔ ✔ ✔

IPv4 Benchmark Tests ✔ ✔ ✔

IPv6 - IPv4 Mapped ✔ ✔ ✔

any both (our keyword any) ✔ ✔ ✔

Acc. ctrl rules (IP, port) ✔ ✔ ✔

Integrated routing and Bridging ✔ ✔ ✔

VPN -> Remote Features

Authorization Protocol RADIUS, LDAP(Flexconfig) RADIUS, LDAP RADIUS

FQDN based Security intelligence ✔ ✔ ✔

ASA to FTD Migration ✔ Use CDO Tool ✔

You might also like