Hi Can you make more videos about this box? Site to site vpn, integration with Active Directory, SSL VPN, AMP and IPS configuration, Traffic analysis etc.
@@juschu Unfortunately I did, and it's a complete unusable piece of junk - I need to find an alternative - non Cisco product. It's the exact opposite of the 5505 that I found so good :-(
To be honest this box is not great for the home. It’s pretty complex to do simple tasks. I am running it in my house but am going to switch over to a meraki mx75. Another option if you are buying it yourself is meraki go. I like meraki go for the small business. Low cost good features and you can buy it on Amazon lol. amzn.to/3FqHWXY
I need to connect my firepower 1010 device to the internet.. But i have no means to connect it to the internet from its outside ip directly.. i do have a system connected on its outside port which i can connect to the internet via usb tethering. Can you suggest how to go about it..
It’s just a firewall. As long as the outside port can get to the internet eventually it will be fine. A lot of people have a dedicated router in front of the firewall. The outside interface does not always need to be a public IP address.
Sal, I currently have the old ASA 5505 Series and everything is working with my ISP provider Spectrum on which I have 5 static IPs. I am switching to fiber internet and now when I connect to port 0, should it pick up DHCP and start working? I do not have access into configuring this device.
@@cyr96 FTD is the most garbage firewall platform ever. Read a bit about it first. It's stunning that Cisco is sticking with Firepower after years of hemorrhaging enterprise customers left and right over it. If you've ever Firepowered, you'll never ever choose to do it again. On top of Cisco's craptastic java's interface, it's why we all ran to Palo and Fortigate.
I am down for fortigate but sometimes your work environment layer 2 and layer 3 stack is all cisco. Fortigates are really really nice with their fabric stuff and cost effective solutions but this cisco firepower 1010 is such a good device.
@@MyVideoHome2012 All Cisco Firepower devices are shit for people that know what they are doing... The non-firepower ASA's are not quite as terrible though.
HA as in “High Availability”? YES you can!! All you need to do is make sure the two FTD devices are: - deployed in the same mode (routed or transparent) - same software - Same NTP - NO uncommitted changes - NO DHCP or PPPoE configured - Same licenses You can connect both FTD devices by a direct connection or using a switch. The two identical FTD devices are connected to each other through a dedicated failover link You should use the same interface on both devices for failover link connections
Hi Sal, i've got a cisco firepower 1010 here from my friend. I already reset factory and what i am planning right now is to configure this for remote access at home. is it possible even if i dont have radius server or server?
Right on. I’m just so used to CLI with various switches, routers and ASA’s. The dashboard looks sweet. Just don’t want the CLI to be a thing of the past
It’s not going to be the same as an ASA. Check this out. www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/command_line_reference.html
I’m just like you! I’ll rather configure the thing from the CLI. There is a cli for this thing buts weird, This thing runs the FTD software and is nothing like the IOS. What’s also stupid is that it supports stuff like WCCP redirects configuration (that are completely typed the same way you’ll do on the ASA cli) but in order for you to do it on this thing, you have to create a “flex config” bs on the GUI and than literally type the same commands you’ll do on the CLI ....at that point - it’s like just give me the CLI commands back to configure the box. The CLI and its commands are not going anywhere, they’re still all over the place! They are also in the new official study guides. The CLI is still relevant and will always be......I hope. I don’t like GUI or software Management because it doesn’t make you technical, it doesn’t make you technical at troubleshooting and why click a million pages when you can just type like 3 lines. Lastly if the GUI/software management is bad (glitchy)...than you won’t be able to configure it correctly. For an example: This firewall FTD software GUI stuff failed to present the policies I configured and would never load.
Thanks for the feedback! I encourage you to reach out to your Cisco Account Manager. The price of the 1010 should not be much more than the 5506. You AM can help with getting you pricing. Licensing is always fun :) It will take some time to get the hang of it, but at least all the licenses are in one place now.
@@juschu Who is your Cisco account rep? I can reach out to them for you, and you can discuss pricing. As for PoE, it does work with 6.5. I have it working on my box. If you are still having issues with it, please reach out to TAC.
@@SPatelCartel yes, the fpr1010 came with the ASDM software.. I thought these devices will come with the new FDM installed but No. I had to download the FDM software, change the boot option and reload
No. They run different operating systems. There are tools to help with migration. I would recommend opening a TAC case when you purchase the device. They can help you migrate.
Do you have a regular Cisco ASA? You can still use this FTD device. As for your VPN - all you gotta do is configure the VPN stuff on the ASA and than (depending on your setup) just port forward the correct VPN ports or if you have a transparent setup with this FTD device, just create a policy that allows the outside to communicate with the ASA running the VPN stuff
these things are garbage. thanks for the vid. Nothing on these works as described I've run into so many caveats with these things it's laughable. a DD-WRT home router would be far better than these things.
@@CiscoSal I'm getting conflicting information according to Cisco, Firepower 1010 through 1050 IS supported by asdm. Look here : www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp1010/firepower-1010-gsg/asa.html#task_awr_mxy_xgb
@@CiscoSal ASDM is still supported if you install ASA Software on this box. If you wanna use the Next Generation Firewall Feature you should go with FTD Software. There is a beautiful HTML5 GUI for this. Very easy to use.
He was being dramatic, I have never seen one take that long ffs. lol More like 5 minutes or so IF you want to leave it at default Mgmt of 45.45 - Otherwise, setup from the CLI which most would do anyway and that doesn't take long at all either.
so no more asdm, or java crap, but now they added a need for licensing the hardware as well, w/o which is not working (like fortinet)??? Big PASS. I will stick with Ubiquiti..
Hi Can you make more videos about this box? Site to site vpn, integration with Active Directory, SSL VPN, AMP and IPS configuration, Traffic analysis etc.
Thanks very much for the video - I need to replace a 5505 and your information was invaluable :-)
@@juschu Unfortunately I did, and it's a complete unusable piece of junk - I need to find an alternative - non Cisco product. It's the exact opposite of the 5505 that I found so good :-(
how about a video walk though on how to disable the Sip ALG.
Hi, Do yiu show anything on what you need to setup remote access VPN?
Does it support HA? And do you have a video of how to configure it
Sal what about family / home office? Any chance you have a video on how this would be configured for home as a general home use?
To be honest this box is not great for the home. It’s pretty complex to do simple tasks. I am running it in my house but am going to switch over to a meraki mx75. Another option if you are buying it yourself is meraki go. I like meraki go for the small business. Low cost good features and you can buy it on Amazon lol. amzn.to/3FqHWXY
Thanks Sal!
Would amazing if you did a video on your suggestion for home and what / how you want to have that setup look like.you put out great work!
I tried to set up some ports ie port 9443 and tried to deploy, When deploying - it failed! do you know why?
I need to connect my firepower 1010 device to the internet.. But i have no means to connect it to the internet from its outside ip directly.. i do have a system connected on its outside port which i can connect to the internet via usb tethering. Can you suggest how to go about it..
It’s just a firewall. As long as the outside port can get to the internet eventually it will be fine. A lot of people have a dedicated router in front of the firewall. The outside interface does not always need to be a public IP address.
Out of the box, could this replace a router given that it does some basic routing?
In a smaller network it could.
Sal, I currently have the old ASA 5505 Series and everything is working with my ISP provider Spectrum on which I have 5 static IPs. I am switching to fiber internet and now when I connect to port 0, should it pick up DHCP and start working? I do not have access into configuring this device.
@Cisco Sal, where can I buy one of these?
which one is better to choose this firewall or SonicWall TZ series like 400 or higher?
FTD is one of the most advanced firewall software. Especially if you buy the biggest license (TCM)
@@cyr96 FTD is the most garbage firewall platform ever. Read a bit about it first. It's stunning that Cisco is sticking with Firepower after years of hemorrhaging enterprise customers left and right over it.
If you've ever Firepowered, you'll never ever choose to do it again. On top of Cisco's craptastic java's interface, it's why we all ran to Palo and Fortigate.
for the terrible license costs... i wouldn't use this for soho or even smb purposes
Please get with your Cisco Account Manager. They can work on price with you.
As someone working with cisco products since 90s ie PIX line etc.. just get a Fortigate 60F and call a day.
I am down for fortigate but sometimes your work environment layer 2 and layer 3 stack is all cisco. Fortigates are really really nice with their fabric stuff and cost effective solutions but this cisco firepower 1010 is such a good device.
@@davidg4512 translation - shit!
@@assamali-mlgca-5032 All Cisco devices are "shit" for people who don't know what they are doing...
@@MyVideoHome2012 All Cisco Firepower devices are shit for people that know what they are doing...
The non-firepower ASA's are not quite as terrible though.
@@eric3434 then you probably don't know what you are doing.
Hi. Is it possible to configure HA with two ftd 1010 using FDM?
HA as in “High Availability”? YES you can!!
All you need to do is make sure the two FTD devices are:
- deployed in the same mode (routed or transparent)
- same software
- Same NTP
- NO uncommitted changes
- NO DHCP or PPPoE configured
- Same licenses
You can connect both FTD devices by a direct connection or using a switch. The two identical FTD devices are connected to each other through a dedicated failover link
You should use the same interface on both devices for failover link connections
@@NO-FILTER-EXPERT be sure to have the HA license for ftd!!
Good for portect one PC WInodw 11Pro ?
Sure. It will protect 1 PC or 100 PCs
I want to buy one. Once my 90 day trial is over... how much are these licenses?? Not 10s of thousands right?
Not too much
Too much.
Firepower is hot garbage. avoid it all costs.
@@eric3434 I agree theres way better solutions.
You can chain the eval license infinitely using FMCv
HI, Can I manage it with FMC?
Hi yes you can!
Hi Sal, i've got a cisco firepower 1010 here from my friend. I already reset factory and what i am planning right now is to configure this for remote access at home. is it possible even if i dont have radius server or server?
Yes you don’t need a radius server. It has a local database you can use
I reset mine and now can't access the web interface. Anyone know any tricks to get that working?
never mind i had to console in and accept the eula.
Try this IP 192.168.45.45
Can i install ASDM image to 1120 device to access them via ASDM (Like i do with 5506) @Cisco Sal please suggest
You can run ASA code on the firepower box and then use asdm. You can either order the box with the code on it or flip the code after.
Is the CLI available?
There is but most people would either use the on box management or if you have multiple boxes firepower management center.
Right on. I’m just so used to CLI with various switches, routers and ASA’s. The dashboard looks sweet. Just don’t want the CLI to be a thing of the past
It’s not going to be the same as an ASA. Check this out. www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/command_line_reference.html
I’m just like you! I’ll rather configure the thing from the CLI. There is a cli for this thing buts weird, This thing runs the FTD software and is nothing like the IOS. What’s also stupid is that it supports stuff like WCCP redirects configuration (that are completely typed the same way you’ll do on the ASA cli) but in order for you to do it on this thing, you have to create a “flex config” bs on the GUI and than literally type the same commands you’ll do on the CLI ....at that point - it’s like just give me the CLI commands back to configure the box.
The CLI and its commands are not going anywhere, they’re still all over the place! They are also in the new official study guides. The CLI is still relevant and will always be......I hope. I don’t like GUI or software Management because it doesn’t make you technical, it doesn’t make you technical at troubleshooting and why click a million pages when you can just type like 3 lines. Lastly if the GUI/software management is bad (glitchy)...than you won’t be able to configure it correctly. For an example: This firewall FTD software GUI stuff failed to present the policies I configured and would never load.
Nice box, but these cost too much. And the new licensing is kind of frustrating.
Thanks for the feedback! I encourage you to reach out to your Cisco Account Manager. The price of the 1010 should not be much more than the 5506. You AM can help with getting you pricing. Licensing is always fun :) It will take some time to get the hang of it, but at least all the licenses are in one place now.
@@juschu Who is your Cisco account rep? I can reach out to them for you, and you can discuss pricing. As for PoE, it does work with 6.5. I have it working on my box. If you are still having issues with it, please reach out to TAC.
40 minutes to boot up? *WHAT* ? You have got to be fricking kidding! That *right* *there* will kill this product in many people's eyes.
I startet the firepower ... the DHCP is not working anywhere and once I get access having a static IP it is only launching the ASDM. Any thoughts?
Factory reset? Maybe there was an old config on the box.
same here, web browsing to the 192.168.1.1 IP gets me to the page to install ASDM.. I want the FDM screen
@@omarduenas5593 I am getting the same issue, did you figure this out?
@@SPatelCartel yes, the fpr1010 came with the ASDM software.. I thought these devices will come with the new FDM installed but No. I had to download the FDM software, change the boot option and reload
@@omarduenas5593 is there a guide to do this? Do I have to pay for a smart net contract or a license to get access to FDM?
Con you copy the config files from 5505 to 1010 and boot it?
No. They run different operating systems. There are tools to help with migration. I would recommend opening a TAC case when you purchase the device. They can help you migrate.
you can still install ASA software on Firepower firewalls. But obviously you lost all NGFW capabilities
Hi, do anyconnect VPN licenses come with this or do you have to pay separately?
Buy seperately at 25 minimums. I think 2 are standard.
@@dgoeloe No, with FTD Software there is no 2 standard VPN license. Only if you install the legacy ASA Software.
Hi ! The cisco box host an ddos protection ?
No. The 4300/9300 (?) have the ability to sideload radware which does but the 1010 does not.
You can configure a small number of DDOS-oriented policies (you will need manage it with FMC instead FDM), but it is not firepower main function.
damm shit... Cisco FDM doesn't came with cisco VPN anyconnect license. Beware of this! Bought it by an IT solution vendor.
Do you have a regular Cisco ASA?
You can still use this FTD device. As for your VPN - all you gotta do is configure the VPN stuff on the ASA and than (depending on your setup) just port forward the correct VPN ports or if you have a transparent setup with this FTD device, just create a policy that allows the outside to communicate with the ASA running the VPN stuff
these things are garbage. thanks for the vid. Nothing on these works as described I've run into so many caveats with these things it's laughable. a DD-WRT home router would be far better than these things.
Does this device support ASDM?
Nope! Not needed anymore. There is an updated on box manager. Just web into the box.
@@CiscoSal That sucks ass!, I use ASDM extensively for our environment, even using the FMC things like packet tracer is shit!, damn Cisco!
@@CiscoSal I'm getting conflicting information according to Cisco, Firepower 1010 through 1050 IS supported by asdm. Look here : www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp1010/firepower-1010-gsg/asa.html#task_awr_mxy_xgb
@@CiscoSal ASDM is still supported if you install ASA Software on this box. If you wanna use the Next Generation Firewall Feature you should go with FTD Software. There is a beautiful HTML5 GUI for this. Very easy to use.
@@assamali-mlgca-5032 Read the damn reply, it has a FDM aka onbox manager.
40 minutes to an hour for boot time!
😬
I may have been a little dramatic :) Just want the people to know the initial boot takes a while.
Cisco Sal I figured... that thing wouldn’t reach FCS with performance levels like that.
He was being dramatic, I have never seen one take that long ffs. lol More like 5 minutes or so IF you want to leave it at default Mgmt of 45.45 - Otherwise, setup from the CLI which most would do anyway and that doesn't take long at all either.
Back2Black not surprised the acquisition was a mess and google firepower rant I have never laughed so much.
so no more asdm, or java crap, but now they added a need for licensing the hardware as well, w/o which is not working (like fortinet)??? Big PASS. I will stick with Ubiquiti..
Ubiquiti would be more in line with cisco small business. You could do meraki go. No licenses on that.
Nnnnnn