Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
935
Views
4
Helpful
3
Replies

ASA Appliance or FW Service module for 6509?

Go to solution
NPT_2
Level 2
Level 2

‎02-05-2007 10:31 AM - edited ‎03-11-2019 02:29 AM

I have a new project that we are likely going to put a 6509 in the core of a new network. I am in need of a firewall for this network, but I am not sure if I want to just get a Firewall Services Module for the 6509 or if I should just get an external Adaptive Security applicance. I like the integration of the service module into the 6509 chassis but it seems like the new ASA's have more features, what do you think?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎02-05-2007 10:54 AM

Hi

Yes the ASA devices do have more functionality especailly when you consider the modules you can use in them. They are multipurpose security devices which can do firewalling/VPN's/IPS/Anti-virus.

The FWSM is pretty much just a firewall. It cannot do any of the additional things an ASA can do and it cannot terminate VPN's for users/remote sites. That is not to say it is not suitable in certain situations. Having the FWSM integrated into the switch gives it the ability to see any vlans. Yes you can do this with trunking on the ASA's, i just think it is more elegant on the FWSM. The other thing to be aware of is that it does not communicate directly, ie via the switch fabric, with any other modules eg the IDS/IPS module. To communicate between the 2 you need something like the CS-MARS software.

It really depends on your requirements. If high throughput is the major concern the FWSM could be the way to go.

What we need now is for Cisco to release an ASA blade :-)

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
varakantam
Level 1
Level 1

‎02-05-2007 10:47 AM

It all boils down to your needs. FWSM has better throughput compared to any of the ASA Models and integrates seamlessly with CATC6K. But your would be missing out on the VPN, QoS capabilities of ASA

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎02-05-2007 10:54 AM

Hi

Yes the ASA devices do have more functionality especailly when you consider the modules you can use in them. They are multipurpose security devices which can do firewalling/VPN's/IPS/Anti-virus.

The FWSM is pretty much just a firewall. It cannot do any of the additional things an ASA can do and it cannot terminate VPN's for users/remote sites. That is not to say it is not suitable in certain situations. Having the FWSM integrated into the switch gives it the ability to see any vlans. Yes you can do this with trunking on the ASA's, i just think it is more elegant on the FWSM. The other thing to be aware of is that it does not communicate directly, ie via the switch fabric, with any other modules eg the IDS/IPS module. To communicate between the 2 you need something like the CS-MARS software.

It really depends on your requirements. If high throughput is the major concern the FWSM could be the way to go.

What we need now is for Cisco to release an ASA blade :-)

Jon

0 Helpful

Go to solution
NPT_2
Level 2
Level 2
In response to Jon Marshall

‎02-05-2007 11:19 AM

"What we need now is for Cisco to release an ASA blade :-)"

Amen to that, thanks for the good information.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card