Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Appliance or FW Service module for 6509?

I have a new project that we are likely going to put a 6509 in the core of a new network. I am in need of a firewall for this network, but I am not sure if I want to just get a Firewall Services Module for the 6509 or if I should just get an external Adaptive Security applicance. I like the integration of the service module into the 6509 chassis but it seems like the new ASA's have more features, what do you think?

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: ASA Appliance or FW Service module for 6509?

Hi

Yes the ASA devices do have more functionality especailly when you consider the modules you can use in them. They are multipurpose security devices which can do firewalling/VPN's/IPS/Anti-virus.

The FWSM is pretty much just a firewall. It cannot do any of the additional things an ASA can do and it cannot terminate VPN's for users/remote sites. That is not to say it is not suitable in certain situations. Having the FWSM integrated into the switch gives it the ability to see any vlans. Yes you can do this with trunking on the ASA's, i just think it is more elegant on the FWSM. The other thing to be aware of is that it does not communicate directly, ie via the switch fabric, with any other modules eg the IDS/IPS module. To communicate between the 2 you need something like the CS-MARS software.

It really depends on your requirements. If high throughput is the major concern the FWSM could be the way to go.

What we need now is for Cisco to release an ASA blade :-)

Jon

3 REPLIES
New Member

Re: ASA Appliance or FW Service module for 6509?

It all boils down to your needs. FWSM has better throughput compared to any of the ASA Models and integrates seamlessly with CATC6K. But your would be missing out on the VPN, QoS capabilities of ASA

Hall of Fame Super Blue

Re: ASA Appliance or FW Service module for 6509?

Hi

Yes the ASA devices do have more functionality especailly when you consider the modules you can use in them. They are multipurpose security devices which can do firewalling/VPN's/IPS/Anti-virus.

The FWSM is pretty much just a firewall. It cannot do any of the additional things an ASA can do and it cannot terminate VPN's for users/remote sites. That is not to say it is not suitable in certain situations. Having the FWSM integrated into the switch gives it the ability to see any vlans. Yes you can do this with trunking on the ASA's, i just think it is more elegant on the FWSM. The other thing to be aware of is that it does not communicate directly, ie via the switch fabric, with any other modules eg the IDS/IPS module. To communicate between the 2 you need something like the CS-MARS software.

It really depends on your requirements. If high throughput is the major concern the FWSM could be the way to go.

What we need now is for Cisco to release an ASA blade :-)

Jon

New Member

Re: ASA Appliance or FW Service module for 6509?

"What we need now is for Cisco to release an ASA blade :-)"

Amen to that, thanks for the good information.

446
Views
4
Helpful
3
Replies
CreatePlease login to create content