Cisco Firepower Threat Defense (FTD) devices are expensive! Which one should you get?
This post goes hand-in-hand with my FMC blog
Cisco FTD devices are expensive!…and they are announcing new more expensive one’s next week…here are the current as of right now:
Cisco’s 2100, 4100 and 9300 FTD Devices
So which one of these expensive FTD devices do you need?
Did you know it’s actually pretty easy to figure out the FTD device(s) you need for your network?
Only one small caveat to this easy way is that you need a CCO login and then access to page ngfwpe.cisco.com
Most of you probably already have this access, but ask your rep if not. This is what your rep will use to determine on what to sell you…if he says you can’t have access (BS), then tell him you want to watch him perform this…
Here is the home page of ngfwpe.cisco.com after logging into Cisco.
First pick your threat inspected throughput wanted/needed for your network:
Then choose your typical network packet size on your network, or leave default
…Most importantly, add Enabled Features:
It’s best to keep clicking on various features to see different products suggested…
IMPORTANT NOTE: Let me stop and discuss the Features listed above. I actually had a customer that didn’t buy any licenses for any features. This means you’ll only get Base licensing (which is included by default), so they couldn’t add any SI, IPS, Malware or URL. At a minimum you NEED Threat licensing, which provides Security Intelligence (SI) and IPS capability. If you don’t want to buy at a minimum Threat, then just go to BestBuy and buy a NetGear Firewall for $50.
Now add the typical network utilization you think you’ll use…I usually click on the <40 to get as many possible solutions shown as possible
In Advanced choose the model you have or are possibly thinking of getting:
Add other filters, such as OS. However, I just typically click on FTD to make it easy…
Now, go to the top and click APPLY.
In the following output, I had filtered on 1Gbps inspected throughput, common packet size, <40 Utilization, Base, IPS and URL filtering, and then choose FTD OS.
You can see the 11 hardware devices that it is suggesting…
Just keep adding filters to narrow down and find your device! It’s actually fun to see what Cisco comes up with on your filters.