Sign up and stay connected to your favorite communities.

sign uplog in
0

FTDv - is IPS feature managed?

Hello, we are looking into using the FTDv on the edge of our Azure network. Is the IPS feature-set managed by Cisco? Will the definitions be automatically updated? If not, would it be better to use an ASAv and then purchase a separate virtual appliance outsourced to another company?

Just to clarify a little more, our on-prem consists of a physical ASA and an outsourced IPS device (iSensor by Dell Secureworks) that sits in front of the ASA. My question is, are the IPS, AMP, and other security features of the FTDv managed by Cisco? For example will they automatically update definition files, actively quarantine/drop packets? In essence we don't have the man power to commit someone fully to managing rules and security, we'd like something with minimal management. Should we be looking at possibly using an ASAv with a separate outsourced IPS appliance in the cloud?

Thanks for any help with this question!

4 comments
33% Upvoted
What are your thoughts? Log in or Sign uplog insign up

Assuming you configured the rules to do so the FTDv will update the rules and the geolocation database automatically. However what you're really wanting it sounds like is a managed service. Just tossing an FTDv into the cloud and not having someone actively manage it will not do much for your security posture IMO.

There are 3rd party providers out there that can shove an IPS into your network and remotely manage it for you but you'd have to find one that supports a presence in Azure.

Original Poster1 point · 10 days ago

However what you're really wanting it sounds like is a managed service.

Yep! Definitely what we're looking for, thanks for your help. I am having a hard time finding documentation on whether or not Cisco manages those things for us. I think you're right, may need to look into a separate device altogether.

I think Meraki can be quite good, it's certainly easier to manage than FTD. Have a look at their MX series.

1 point · 9 days ago

Cisco isn't going to "manage" anything for you. They have professional services of course - but that would only provide assistance with thw intial deployment.

As another poster said, Firepower with and FMC could be configured to automatically download and use updates including IPS signatures from Cisco, and of course will block traffic it identifies as bad but that doesn't mean Cisco is "managing" anything.

Security (especially border security) isn't a set and forget thing when done right. I agree with the other poster - you are better off looking for an MSSP or other third-party to manage Azure security for you though a monthly contract/spend IMO.

Community Details

121k

Subscribers

453

Online

###Enterprise Networking Routers, switches and firewalls. Network blogs, news and network management articles. Cisco, Juniper, Brocade and more all welcome.

Create Post

r/networking Rules

1.
Rule #1: No Home Networking.
2.
Rule #2: No Certification Brain Dumps / Cheating.
3.
Rule #3: No BlogSpam / Traffic re-direction.
4.
Rule #4: No Low Quality Posts.
5.
Rule #5: No Early Career Advice.
6.
Rule #6: Educational Questions must show effort.
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.