This is a discussion on Re: [fw-wiz] Cisco ASA and FWSM - Firewalls ; There is also a difference in performance and price. The ASA 5500 line are external standalone devices with, for the most part, the capabilities of a VPN 3000 concentrator built-in. The packet throughput is about what you'd expect from a ...
There is also a difference in performance and price. The ASA 5500 line are external
standalone devices with, for the most part, the capabilities of a VPN 3000 concentrator
built-in. The packet throughput is about what you'd expect from a standalone device with
Gig-E interfaces, say around 600 Mb/s. Also, the CPU engine in the ASA 5500 series is
faster than what you find in a PIX.
An FWSM on the other hand is, as has been said, an ASA on a blade. These don't generally
come with VPN concentrator capabilities. However, they can take about 5.5 Gb/s of
aggregated throughput in 1 Gb/s streams. Part of this enhanced performance comes from
the fact that they hook directly into the backplane of a Cisco 6500 switch. I believe
a Sup720 supervisor is also required.
At 05:00 PM 4/25/2007, Avishai Wool wrote:
>AFAIK the FWSM is essentially a PIX 7.x that is stuck inside a
>catalyst switch chassis. and an ASA is a PIX 7.x that is
>bundled with some other (non-firewall) security functions .
>the configuration language was 99.9% compatible between the ASA
>and the FWSM, at least as of PIX 7.0. I'm not sure if Cisco kept the
>code-bases evolving in sync - there were a few months in which FWSM was
>shipping but PIX 7.0 was not released yet...
>In my opinion, the main differences are "form factor" and pricing. If
>all you need
>is a firewall then you don't care about the other things the ASA may do.
>If you already have a Catalyst with an empty expansion bay - it may
>be convenient to get a FWSM (e.g. less rack-space).
>On 4/13/07, Kimberly Fields
>> Can anyone tell me what, if any, are the differences between the Cisco ASA
>> firewall features and the Cisco FWSM firewall features?
>> firewall-wizards mailing list
>Avishai Wool, Ph.D., Cell: +972-52-333-0052
> Co-founder and Chief Technical Officer
>******* Firewall Management Made Smarter ******
>firewall-wizards mailing list
Douglas C. Stephens | Network/DNS/Unix/Windows Administrator
System Support Specialist | Postmaster / Webmaster
Information Systems | Phone: (515) 294-6102
Ames Laboratory, US DOE | Email: email@example.com
firewall-wizards mailing list