We want to place the DC firewall at our core layer (Nexus 7K) to separate users/WAN traffic from servers. There is no FWSM yet for the Nexus that I'm aware of and if there was, I wouldn't use it. That's assuming all of your routing is happening at the core for each of your environments.

Also, the ASA can't perform BGP routing. We're debating running BGP vs OSPF in the core. Right now we're using EIGRP as our IGP. If we go Juniper SRX, it would be either BGP or OSPF. Can the ASA run full OSPF routing  at your core layer? If so, is anyone using dynamic routing on the ASA? I never seen any marketing docs on Cisco that show ASA doing full OSPF routing with x number of supported routes.

Hi Bro

As you know, Cisco ASA can run OSPF, but the OSPF features are not as widespread, compared to those Cisco IOS equipment. For example, the Cisco ASA doesn’t support more than one OSPF routing process.

However, you must realize that Cisco ASA wasn’t built to do extensive routing, as its’ primary role. Cisco ASA was built to do far-reaching Firewalling, IPS and VPN (with the inclusion of the SSM modules). Even though the OSPF features are there in a Cisco ASA, but I’m sure Cisco will not position Cisco ASA as a total routing product, if you know what I mean :-)

P/S: If you think this comment was helpful, please do rate it nicely :-)

Most important point - SRX/JunOS, well structured cli language that is missing in the ASA cli.
commit confirm - great feature for the short time commitment feature that is not available in ASA firewalls.
show | compare - easy to understand, what you add/remove in the cli - not at all in the ASA, changes going to running config ASA.
ASA5506 - you can't setup and use few ports in a vlan to act like a switch , it is still available in SRX firewalls.
I love Cisco, .. but srx was very impressive when configuring.