FWSM vs PIX vs ASA 5550

Unanswered Question
Mar 26th, 2007

Hi,

Can anybody tell me which one mentioned in the subject is better to use in terms of enterprise deployment.

If somebody can give me a comparison sheet I'll will be very thankful.

Best Regards,

Rahim

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ydemissie Mon, 03/26/2007 - 11:01

Hi Rahim,

This is by no means an authoritative answer but this is my take on it.

For me the question is more between FWSM and ASA.

The FWSM has a 5GBps throughput versus the 650MBps of the ASA5540. 100,000 connections per second versus 20,000. 1 million concurrent connections versus 400,000. So, performance wise, you get the point. On top of this, if you have multiple vlans configured on your switch and are doing ACLs and QoS, etc already and want to do Virtual Firewalls, then you might as well go with the FSWM and integrate it all together. Plus, you'll be managing them all from a single place; your 6500 series switch. It doesn't mean you can't do these things on the ASA but you may duplicate your effort by configuring certain things on the switch and others on the ASA. You'll also ended doing your administration on multiple devices. For example, everytime you add a VLAN or something you want to firewall, you'll need to make the changes on the switch and then do the ASA and make necessary modification while you could have done it all from the switch if you used a FWSM.

But if price is an issue and/or you don't have a complex firewall configuration requirement, you can go with the ASA.

Also, the FWSM might give you a better technology protection if somewhere down the road you decide to do NAC or MARS or the other cool technologies Cisco is coming up with.

I hope this helps.

Cheers!

Yared

Actions

This Discussion