FWSM vs PIX vs ASA

Unanswered Question
Mar 26th, 2007

Hi,

Can anybody tell me which one mentioned in the subject is better to use in terms of enterprise deployment.

If somebody can give me a comparison sheet I'll will be very thankful.

Best Regards,

Rahim

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
dirtymunke Mon, 03/26/2007 - 21:15

We use a PIX 515, but are replacing it when it goes end of life in a few months. I dont think they are making a PIX anymore. The ASA is a replacement for it

vitripat Mon, 03/26/2007 - 21:34

If the comparision is only between PIX & ASA, I'd certainly recommend to go for ASA. Reasons are-

ASA can support IPS/CSC modules also, which gives it a capability of acting as any of the following-

* Content Security Edition OR

* IPS Edition

Above is along with ASA running as:

* Firewall Edition &

* VPN Edition

PIX can only run as above two, Firewall + VPN.

Moreover, there are plethora of features which are only available on ASA and not on PIX.

Now, if we also try comparing it with FWSM, FWSM can also act as only Firewall+VPN edition, however you need a Cat 6k or 7k Router to use this module. This module has much superior throughput than PIX/ASA, however it is best suited as a "internal" firewall and not a gateway firewall.

Note: I would still suggest to have a analysis done of your network and after reading through the data sheets only determine which would be the best solution for your enterprise.

Here are the links to data sheets for all the three-

ASA:

http://www.cisco.com/en/US/products/ps6120/index.html

PIX:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/

FWSM:

http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/index.html

Hope this helps.

Regards,

Vibhor.

Actions

This Discussion