02-28-2007 08:52 AM - edited 03-11-2019 02:39 AM
Hi what do u reccommend a pix 535 or asa 5550. Currently have pix525 but need more through put ?
02-28-2007 04:31 PM
If you are using PIX 525 - then the max Cleartext throughput would be up to 330 Mbps
and the Concurrent connections limit is 280,000.
For ASA 5550 check out the tabular column in the link given below.
http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd802930c5.html
ASA 5520 or ASA 5540 would be enough if you are looking for just a little more throughput.
Hope this helps.
Cheers
Gilbert
Rate this post, if it helps.
03-01-2007 01:22 AM
Thanks how do you check how much your current firewall is processing cleartext throughput. Would you recommend asa instead of pix535
03-01-2007 08:15 AM
I would recommend ASA.
throughput = data transmitted/time
sh traffic would give you the data transmitted and time taken.
Cheers
Gilbert
Rate this post
03-01-2007 08:33 AM
I respectfully disagree. I would go with
Pix instead.
Pix can run both 6.3(5) and 7.x while ASA can
only run on 7.x code, and as far as I know,
ALL 7.x version are labeled as "ED". In other
words, they are full of bugs. with 6.3(5), at
least the code is stable "GD". Sure you will
lose some features in 6.x that you will find
in 7.2.x such as hairpinning but I will give
up features for stabilities any days.
my 2c.
David
03-01-2007 08:36 AM
Just a 1 more question related to the conversation. ASA is getting famous. It is known as "All in 1 " box. But is it really a "All in 1 " box ? I called local Cisco vendor in my city. He said, ASA has 4 different version. I know that too. But the question is can I put all 4 modules/version in to 1 single ASA box ? Or I have to buy 4 different ASA's product wise ?
I am from India. No further information is available. I doubt if ASA is already implemented in WIPRO , Infosys in Pune city where I live. How ever they already have VoIP.
My company is not that big, but we are looking for fail over solution & possibly Cisco ASA. Juniper products are too expensive.
Thank you,
Amey Abhyankar.
03-02-2007 08:44 AM
The ASA 5510,20and 40 modules have 1 SSM slot. There is an IPS SSM device (AIP-xx), and a anti-virus/spam/phishing content (CSC-xx). This page has all of the options
http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd802930c5.html
03-02-2007 11:47 AM
i would like to suggest that asa is far more better then pix.
can act as a vpn concentrator/gateway,as a firewall and as an ips/ids solution.what more do u expect from a single box.
7.X is not stable but gd will be soon out and that could save us from random failures.
so,considering long term technological advancements,asa seems to be a better option then pix.
one lag though,there's only one slot in asa.so,you can install either csc or the ips slot,not both at a time.and as far as i know,cisco is working on this overtime so that we could incorporate both in one box.
03-02-2007 12:38 PM
Hi Guys,
I have one question regarding the same discussion about ASA; as ASA is an "all-in-one" appliance, but would it be performance-wise recommended ro run different features like: IPSec VPN, SSL VPN (which are software-based features), plus IPS (through the IPS module) besides running it as a firewall? I think Cisco does not recommend turning-on all the features at the same device, but what is the determining factor for this and would the recommendation be to have multiple ASA devices back-to-back to achieve the above different requirements?
What do you think?
Regards,
Haitham
03-02-2007 12:55 PM
suschoud,
What you said:
"i would like to suggest that asa is far more better then pix.
can act as a vpn concentrator/gateway,as a firewall and as an
ips/ids solution.what more do u expect from a single box."
- unstable code.
- single point of failure.
ASA is like a dinner buffet. You can get a lot of items on the
plate the the food isn't that good.
"7.X is not stable but gd will be soon out and that
could save us from random failures". I've heard this from Cisco
for almost eight months now. No cigar. Cisco is not the first
vendor on my list, but if I have to go with Cisco, I would go
with pix because I know I can sleep better at night with
version 6.3(5) GD
David
CCIE Security
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide