Re: [fw-wiz] Cisco ASA and FWSM



There is also a difference in performance and price. The ASA 5500 line are external
standalone devices with, for the most part, the capabilities of a VPN 3000 concentrator
built-in. The packet throughput is about what you'd expect from a standalone device with
Gig-E interfaces, say around 600 Mb/s. Also, the CPU engine in the ASA 5500 series is
faster than what you find in a PIX.

An FWSM on the other hand is, as has been said, an ASA on a blade. These don't generally
come with VPN concentrator capabilities. However, they can take about 5.5 Gb/s of
aggregated throughput in 1 Gb/s streams. Part of this enhanced performance comes from
the fact that they hook directly into the backplane of a Cisco 6500 switch. I believe
a Sup720 supervisor is also required.


At 05:00 PM 4/25/2007, Avishai Wool wrote:
AFAIK the FWSM is essentially a PIX 7.x that is stuck inside a
catalyst switch chassis. and an ASA is a PIX 7.x that is
bundled with some other (non-firewall) security functions .

the configuration language was 99.9% compatible between the ASA
and the FWSM, at least as of PIX 7.0. I'm not sure if Cisco kept the
code-bases evolving in sync - there were a few months in which FWSM was
shipping but PIX 7.0 was not released yet...

In my opinion, the main differences are "form factor" and pricing. If
all you need
is a firewall then you don't care about the other things the ASA may do.
If you already have a Catalyst with an empty expansion bay - it may
be convenient to get a FWSM (e.g. less rack-space).

HTH,
Avishai

On 4/13/07, Kimberly Fields <kimberlymfields@xxxxxxxxx> wrote:
Can anyone tell me what, if any, are the differences between the Cisco ASA
firewall features and the Cisco FWSM firewall features?

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards




--
Avishai Wool, Ph.D., Cell: +972-52-333-0052
Co-founder and Chief Technical Officer
http://www.algosec.com
******* Firewall Management Made Smarter ******
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

--
Douglas C. Stephens | Network/DNS/Unix/Windows Administrator
System Support Specialist | Postmaster / Webmaster
Information Systems | Phone: (515) 294-6102
Ames Laboratory, US DOE | Email: stephens@xxxxxxxxxxx

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages