Which Operating System and Manager is Right for You?
Manager
FTD REST API
FMC REST API
ASA Managers
Table 2: ASA Managers
Manager
Adaptive Security Device Manager
(ASDM)
CLI
Cisco Defense Orchestrator (CDO)
Cisco Security Manager (CSM)
Description
The FTD REST API lets you automate direct configuration of the FTD. This API is
compatible with FDM and CDO use because they can both discover the configuration
on the firewall. You cannot use this API if you are managing the FTD using FMC.
The FTD REST API is not covered in this guide. For more information, see the
REST API
guide.
The FMC REST API lets you automate configuration of FMC policies that can then be
applied to managed FTDs. This API does not manage an FTD directly.
The FMC REST API is not covered in this guide. For more information, see the
REST API
guide.
Description
ASDM is a Java-based, on-device manager that provides full ASA functionality. You
should use ASDM if you prefer using a GUI over the CLI, and you only need to manage
a small number of ASAs. ASDM can discover the configuration on the firewall, so you
can also use the CLI, CDO, or CSM with ASDM.
To get started with ASDM, see
page
165. If you know you want to use the ASA in Platform mode, see
Mode Deployment with ASDM and Firepower Chassis Manager, on page 185
You should use the ASA CLI if you prefer CLIs over GUIs.
The CLI is not covered in this guide. For more information, see the
guides.
CDO is a simplified, cloud-based multi-device manager. Because it is simplified, some
ASA features are not supported using CDO. You should use CDO if you want a
multi-device manager that offers a simplified management experience. And because
CDO is cloud-based, there is no overhead of running CDO on your own servers. CDO
also manages other security devices, such as FTDs, so you can use a single manager
for all of your security devices. CDO can discover the configuration on the firewall, so
you can also use the CLI or ASDM.
CDO is not covered in this guide. To get started with CDO, see the
CSM is a powerful, multi-device manager that runs on its own server hardware. You
should use CSM if you need to manage large numbers of ASAs. CSM can discover the
configuration on the firewall, so you can also use the CLI or ASDM. CSM does not
support managing FTDs.
CSM is not covered in this guide. For more information, see the
ASA Appliance Mode Deployment with ASDM, on
Cisco Firepower 2100 Getting Started Guide
ASA Managers
FTD
FMC
ASA Platform
ASA configuration
CDO home
page.
CSM user
guide.
3