I am looking on some realword feedback on comparing the ASA series to the FWSM on a 6500 series. Looking at things like robustness, flexibilty, IDS/IPS, etc. and anything else that migght be relevant in the real world.
The FWSMs are weird beasts that run a code version somewhere between PIXOS and ASA.
They have crazy throughput and nice vlan support and integrate tightly with the 6500s. I met a guy running a huge finacial datacentre who had 6 in a 6509E :-0
We have three pairs of them. One is in a DataCentre, where these puppies really make sense.
I know lots of hosting providers use them so they can use the virtualization for clients (i.e. one virtual firewall for each client)
The code base doesn't seem to be developed as fast as the ASA it's almost seems to be an afterthought sometimes.
I've got a couple of ASA5580-20s sitting on the loading dock but haven't had time to play with them yet. We were considering the -40 models with 10gig modules but they are crazy expensive (both the Xenpaks & the two additional CPU & Memory Kits).
A limit with any ASA (correct me if I am wrong please) is that you can't port-channel the interfaces so you are limited to a single Gig on your outside interface which is an issue for us in our data centre (and, like I said the 10Gig modules are insanely expensive).
As for the comments about the IDS - you can get the IDSM2 service modules for the 6500 but, again, they are expensive and limited again to 2 gigE taps.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :