Catalyst 6509 FSM or ASA is better

Haris P · ‎02-02-2010

Dears ,

I'm in a confusion that what to choose from the below 2 when implementing a small data centre

Option 1 : Cisco 6509( WS-C6509 with Sup 720-3B) + FWSM (WS-C6513-FWM-K9)

Option 2 : WS-C6509 and ASA

My requirement is to protect from outside attacks only ..Also what are the failover options available with FWSM ?

I need only certain VLANs to be passed thru FWSM .

Another Question is regarding HSRP , i have two 6509 switches both with 7203b ,but interfaces are different .Whether i Can run HSRP on this ? Whether it need to be the same exact hardware ? .Whether I can put FWSM in one switch only for now or is it needed to put in both switches

Giuseppe Larosa · ‎02-02-2010

Hello Haris,

FWSM:

can be used in multicontext, contexts can be routed or transparent.

FWSM failover option is to have one FWSM on chassis 1 and second FWSM on chassis 2.

the two chassis can be connected by a L2 trunk, you can have one vlan used for failover and one vlan used for stateful exactly as with an ASA pair.

>> I need only certain VLANs to be passed thru FWSM .

this is possible, only vlans specified in firewall vlan-group on C6500 supervisor are passed to the FWSM.

We use this setup in several server farms with good results.

FWSM can process 3 Gbps of traffic.

FWSMs cannot act as VPN terminator as an ASA

The ASA performance depends from the model. ASA 5580-40 outperforms FWSM but this is not true for other models

Hope to help

Giuseppe