If you are using PIX 525 - then the max Cleartext throughput would be up to 330 Mbps
and the Concurrent connections limit is 280,000.
For ASA 5550 check out the tabular column in the link given below.
ASA 5520 or ASA 5540 would be enough if you are looking for just a little more throughput.
Hope this helps.
Rate this post, if it helps.
I would recommend ASA.
throughput = data transmitted/time
sh traffic would give you the data transmitted and time taken.
Rate this post
I respectfully disagree. I would go with
Pix can run both 6.3(5) and 7.x while ASA can
only run on 7.x code, and as far as I know,
ALL 7.x version are labeled as "ED". In other
words, they are full of bugs. with 6.3(5), at
least the code is stable "GD". Sure you will
lose some features in 6.x that you will find
in 7.2.x such as hairpinning but I will give
up features for stabilities any days.
Just a 1 more question related to the conversation. ASA is getting famous. It is known as "All in 1 " box. But is it really a "All in 1 " box ? I called local Cisco vendor in my city. He said, ASA has 4 different version. I know that too. But the question is can I put all 4 modules/version in to 1 single ASA box ? Or I have to buy 4 different ASA's product wise ?
I am from India. No further information is available. I doubt if ASA is already implemented in WIPRO , Infosys in Pune city where I live. How ever they already have VoIP.
My company is not that big, but we are looking for fail over solution & possibly Cisco ASA. Juniper products are too expensive.
The ASA 5510,20and 40 modules have 1 SSM slot. There is an IPS SSM device (AIP-xx), and a anti-virus/spam/phishing content (CSC-xx). This page has all of the options
i would like to suggest that asa is far more better then pix.
can act as a vpn concentrator/gateway,as a firewall and as an ips/ids solution.what more do u expect from a single box.
7.X is not stable but gd will be soon out and that could save us from random failures.
so,considering long term technological advancements,asa seems to be a better option then pix.
one lag though,there's only one slot in asa.so,you can install either csc or the ips slot,not both at a time.and as far as i know,cisco is working on this overtime so that we could incorporate both in one box.
I have one question regarding the same discussion about ASA; as ASA is an "all-in-one" appliance, but would it be performance-wise recommended ro run different features like: IPSec VPN, SSL VPN (which are software-based features), plus IPS (through the IPS module) besides running it as a firewall? I think Cisco does not recommend turning-on all the features at the same device, but what is the determining factor for this and would the recommendation be to have multiple ASA devices back-to-back to achieve the above different requirements?
What do you think?
What you said:
"i would like to suggest that asa is far more better then pix.
can act as a vpn concentrator/gateway,as a firewall and as an
ips/ids solution.what more do u expect from a single box."
- unstable code.
- single point of failure.
ASA is like a dinner buffet. You can get a lot of items on the
plate the the food isn't that good.
"7.X is not stable but gd will be soon out and that
could save us from random failures". I've heard this from Cisco
for almost eight months now. No cigar. Cisco is not the first
vendor on my list, but if I have to go with Cisco, I would go
with pix because I know I can sleep better at night with
version 6.3(5) GD