Adding Cisco ASA is very good, but ASA line up will be soon EOL and replaced with FirePower 2100, 4100, etc. It would beneficial to add support for FirePower and Palo Alto deep Integration support for things like VPN Tunnels, ACL Filters, etc.
Yes. Add Palo Alto!
FirePower Support as part of the enhanced ASA monitoring please. We are planning to move to fire power in the next quarter as i'm sure most ASA users will be.
Yes this should be done asap
this would be great for both please....
A good read for all...
Firepower 2100 – The Architectural “Need to Know”
D
Yep, this is coming for us as well. I like the ASA stuff and this is going to be crucial going forward.
Bump
A must supported device should be in NPM now.
We got both FirePower and Palo Altos. Just got NPM the other day. Tomorrow we will be replacing our ASAs with FirePower 4110s so I will be loosing all the nice ASA features I just got!
Sadly, unless I don't properly understand NCM and its inability to support FTD and FCM, you'll discover you've also lost your ability to manage, alert on, and restore firewall configuration changes.
Or, are you putting ASA software on your 4110's instead of FTD software? In that case you might not be so badly off . . .
A must have. More fire power always desired
This is a critical function needed. We have many customers, more of whom are moving to Cisco FirePower and others who are PaloAlto users.
rschroeder you mean you aren't exactly loving ACI? Do tell
designerfx, did you mean to query me about ACI? The thread you responded to is about ASA's and FTD and FMC, not ACI.
We installed ACI in Network-Centric mode to make the move from a legacy Nexus datacenter environment in a timely manner. Then we discovered that Network-Centric mode doesn't support the segmentation required, and we must move to Application Centric mode to provide the desired security.
Nothing in ACI provides the flow information needed to build the App-Centric rules.
Tetration is Cisco's solution to that discovery. But Cisco requires us to pay $100K+ to use Tetration, above & beyond the ACI infrastructure we've already purchased.
Worse, Cisco determined they would not allow us to use existing rebates/credits unless we met some very narrow requirements, which did not meet our purchasing plans.
So we have ACI, we don't have the promised ACI segmentation security, and there are some frustrations and challenges to overcome. Perhaps a compromise may be reached, but as it stands now, ACI has not proven a superior solution to migrate to from an existing Nexus environment if the primary goal is to segment East-West flows for security.
ACI DOES appear to be useful for a greenfield deployment, where flows may be discovered and adjusted before they are mission-critical, when proper security could be applied to them before they're in production. But for an existing migration, without Tetration, ACI has been an exercise in spending and outages and learning curves that have slowed or restricted our goals.
Cisco and we will do better next time.
rschroeder I was referring to how FTD is hard to monitor in addition to ACI seemingly being somewhat hard to monitor today. Like, everything Cisco seems to be doubling down on being Cisco centric again currently.
Moving to Firepower AS firewalls next quarter as well, please add more support.
Yes, Cisco only gets along with Cisco, which requires more Cisco.
Sort of like Agri-Chemical environments where problem pests or diseases or competing plants are targeted with special chemicals, which requires genetically modified seeds to grow products in the harsher environment of the new chemicals.
And then, after a few years, the competing plants or pests adapt and become pests again.
Rather like hackers and unfriendly nations and aggressive businesses, now that I think of it. There's a parallel here.
Actually the Cisco ASA 5500-X with FirePOWER Services line is not end of life and has none set as yet. I am a state government employee and we cannot use the 2100 or the 4100 series as they have not been given the FIPS 140-2 certification yet.
SolarWinds is going to have a hard time integration into the FirePower system. Even if they where able to, more than likely they are fearful to release a product that the next Cisco update is going to break.
The FirePower is a very clunky system. Also there are many different version and setups depending on what series you have. The 2000 series has the Thread Defense (FTD) OS running on bare metal vs the 4000 series is really a modified UCS motherboard running FTD as a VM. If you expect to manage a HA pair, it must be done on a FirePower Management Center (FMC) which must be a VM unless you can afford the appliance. Also the VM is about 5 to 10 minutes behind what is going on in the FirePower at times. The FMC is really the controller and GUI interface.
You can SSH to the FTD and do some status and troubleshooting, but so far the ACLs and more are locked away in some database. Also Cisco is getting a lot of pressure to push updates to fix bugs, more stability, and offer more features. I am seeing updates and patches every 3 to 5 weeks.
Now the the Palo Altos. We have moved up from version 4 to 7 over the years and so far, the CLI remained nearly the same so integration should be a easier than the FirePowers. Really it looks and operates very similar to Juniper's Junos CLI. They are coming out with updates and patches every few months.
Is this link useful to your concern?
FIPS 140 - Cisco
I've been having troubles getting Cisco 2130 FTD to integrate with SW even to gather basic list of interfaces. SW says to ask Cisco to change where they are storing their interface information within SNMP. (Really?). Cisco says upload the MOBS into Solarwinds. Would really love to use SW to monitor these fitrewalls.
I vote to add FTD to SolarWinds to backup/monitor etc...
Yes, please add support for the Cisco Firepower:
More specifically, complete Firepower support both ASA-OS and FXOS sides. It looks like the FX side snmp configuration is either buggy or is incomplete. I currently have a TAC case open and I am either going to have Cisco TAC or my Account Manager to send a message to the Cisco Business Unit to add better snmp support that mirrors the ASA or Nexus.
Yes please (support for the Cisco Firepower Management Center and the individual sfr modules on the ASA's) Thanks You.
Please add support for the Cisco Firepower Management Center and the individual ASA's.
yes Cisco Firepower 6.2.x and higher Please! As well as asas Thank You
Cisco FMC/FTD monitoring via NPM.
YES! Palo Alto support PLEASE!
Bump. We're doing more FirePOWER with FTD than planning on keeping ASA's in "ASA-mode". More and more of our ASA's are being upgraded to FirePOWER solutions, and our firewall purchases are all going to be managed via FMC.
Better support of this branch of Cisco's solutions is something we need from SolarWinds.
Yes! Cisco FMC and FTD monitoring please.
Yes please add some support for Cisco FMC and FTD. Slowly losing any visibility to our firewalls in Solarwinds as each of our ASAs get replaced with an FTD.
YES!!! Add Firepower, please.
Connection Event logs from Cisco FirePower are an absolute must.
The WebTrafficAudit event misses a lot of traffic.
Please add support for Firepower devices! Thanks!!!!!!!!
Firepower, please!
One vote for adding Firepower monitoring..
Next vote for Cisco FMC and FTD monitoring.
