Re: ASA vs PIX515

michael.spence · ‎10-25-2006

We are implementing a new primary internet connection. What are your recommendations with regards to firewalls versus the new ASA.

andrew.burns · ‎10-25-2006

Hi,

The ASA is basically the PIX replacement, so I'd definitely recommend it - better value and more flexibility, as well as optional content scanning or intrusion prevention. It's hard to be more specific without more detail on your exact requirements though..

HTH

Andrew.

michael.spence · ‎10-25-2006

Thanks. I need to be able to NAT, setup systems in a DMZ, and restrict access. I am interested in using the IPS module if it is not a big hassel to implement. Have you setup any of the ASA devices? If you have did you find the ASA's hard to implement or manage? Thank you for your initial response.

ethiel · ‎10-25-2006

I agree with Andrew. Cisco has all but said the ASA is the PIX replacement. It is in the same price category, but adds a LOT of performance and enhancements that the PIX does not have. From a configuration point of view, they both run PIXOS 7.x now, so they look the same for configuration.

Since you are interested in IPS, the PIX does not have a module for IPS. The ASA IPS module is the same in function to a full-blown IPS appliance.

I also highly recommend the ASDM interface for configuring (it is included with both) because it provides many wizards and an easy GUI for most firewall tasks.

-Eric

Please remember to rate all helpful posts.