I'm returning to ASA's after having spending the last 4 years working with Checkpoint firewalls. I am getting set up to port my current configuration from the Checkpoints over to the ASA's, so I'm starting from scratch.
I noticed that 8.3 came out recently, and I had to smile when I read the release notes. It seems that Cisco has taken the things I liked most about Checkpoint (mainly object-based configuration), and incorporated it into 8.3.
My configuration isn't too complex - I have a pair of 5540's that will be in active/passive failover. There will be a few NATs, but nothing too heavy. Where many ASA's protect business users from the Internet (most traffic being initiated from inside-to-outside), my situation is that the ASA's are protecting a fairly large website (99% of traffic is initiated from outside-to-inside). While I'll set up VPN, it's only for use by our admins to do remote administration and usage is really light.
I'm aware of the 2GB memory requirement, and like I said, I don't have any existing config to upgrade. However, if there's a lot of NAT bugs or crashes, I'll stick with 8.2 until 8.3 stabilises a bit.
Does anyone have any input?
If the config is simple with no bidirectional which is called as twice nat in 8.3 etc.. I'd say go with 8.3.
People love the global acl and object based NAT configuration.
I'd suggest to configure from start using 8.3 and not configure in 8.2.2. and then issue an upgrade as we have seen issues with converting the config to 8.3 when policy nat is configured with "any" as destination etc.. You probably already read that in the RN.