First impression on new Cisco ASA 5500-X Series firewalls

From security perspective Cisco SecureX framework that provides a context-aware approach to security was integrated with ASA 5500-X Series of firewalls. These next-generation firewalls provide various additional security services as well as multigigabit performance, multiple interface options, and redundant power supplies—all in a compact 1-RU form factor appliance. As an extension of security features, Cisco ASA 5500-X Series firewalls allow for optional integrated cloud- and software-based identity policies. New Cisco 5500-X series of firewalls is based on the same, reliable hardware platform as its predecessor.

The most important improvements:
- firewall throughput has been significantly increased
- Additional security features are available without any hardware upgrades
- Integrated IPS hardware, no additional modules required
- Redundant power supplies are available on ASA 5545-X and 5555-X
- All devices have a multicore enterprise-class CPUs
- Additional copper and SFP Gigabit Ethernet ports are available
- All models are equipped with Gigabit Ethernet ports


Internet Edge Cisco ASA Comparison:

Cisco ASA ModelASA 5505ASA 5510ASA 5512-XASA 5515-X
   
Firewall Throughput (Max)1 150 Mbps 300 Mbps 1 Gbps 1.2 Gbps
Firewall Throughput (Multi-Protocol) - - 500 Mbps 600 Mbps

Concurrent Threat Mitigation

Throughput (Firewall + IPS Services)

75 Mbps with AIP SSC-5

150 Mbps with AIP SSM-10;

 300 Mbps with AIP SSM-20

250 Mbps 400 Mbps
Maximum Firewall Connections 10,000 /25,000 50,000 /130,000 100,000 250,000
Maximum Firewall Connections/Second 4,000 9,000 10,000 15,000
Packets per second (64 byte) 85,000 190,000 450,000 500,000
Maximum 3DES/AES VPN Throughput2 100 Mbps 170 Mbps 200 Mbps 250 Mbps

Maximum Site-to-Site and IPsec IKEv1

Client VPN User Sessions

10/25 250 250 250

Maximum AnyConnect or Clientless

VPN User Sessions

25 250 250 250
Bundled SSL VPN User Sessions 2 2 2 2
VLANs

3 (trunking disabled)

 /20 (trunking enabled)

50 / 100 50 100
High-Availability Support3 Not supported A/A and A/S Not supported A/A and A/S

 

Internet Edge Cisco ASA Comparison:
 

Cisco ASA ModelASA 5520ASA 5525-XASA 5540ASA 5545-XASA 5550ASA 5555-X
         
Firewall Throughput (Max)1  450 Mbps  2 Gbps  650 Mbps  3 Gbps 1.2 Gbps 4 Gbps
Firewall Throughput (Multi-Protocol) - 1 Gbps - 1.5 Gbps - 2 Gbps

Concurrent Threat Mitigation

Throughput (Firewall + IPS Services)

225 Mbps: AIP SSM-10

375 Mbps: AIP SSM-20

450 Mbps: AIP SSM-40

600 Mbps

500 Mbps:AIP SSM-20

650 Mbps:AIP SSM-40

900 Mbps Not Available 1.3 Gbps
Maximum Firewall Connections 280,000 500,000 400,000 750,000 650,000 1,000,000
Maximum Firewall Connections/Second 12,000 20,000 25,000 30,000 33,000 50,000
Packets per second (64 byte) 320,000 700,000 500,000 900,000 600,000 1,100,000
Maximum 3DES/AES VPN Throughput2 225 Mbps 300 Mbps 325 Mbps 400 Mbps 425 Mbps 700 Mbps

Maximum Site-to-Site and IPsec IKEv1

Client VPN User Sessions

750 750 5,000 2,500 5,000 5,000

Maximum AnyConnect or Clientless VPN User Sessions

750 750 2,500 2,500 5,000 5,000
Bundled SSL VPN User Sessions 2 2 2 2 2 2
VLANs

150

200 200 300 400 500
High-Availability Support3 A/A and A/S A/A and A/S A/A and A/S A/A and A/S A/A and A/S A/A and A/S

 

Enterprise Data Centre Cisco ASA Comparison:

 

 

Cisco ASA Model

ASA 5585-X

with SSP10

ASA 5585-X

with SSP20

ASA 5585-X

with SSP40

ASA 5585-X

with SSP60

ASA Services

Module

 
Firewall Throughput (Max)1 4 Gbps 10 Gbps 20 Gbps 40 Gbps 20 Gbps

Firewall Throughput (Multi-Protocol)
2 Gbps 5 Gbps 10 Gbps 20 Gbps 16 Gbps
Maximum Firewall Connections 1,000,000 2,000,000 4,000,000 10,000,000 10,000,000
Maximum Firewall Connections/Second 50,000 125,000 200,000 350,0002 300,000
Packets Per Second (64 byte) 1,500,000 3,000,000 5,000,000 9,000,000 5,000,000

Maximum 3DES/AES VPN

Throughput

1 Gbps 2 Gbps 3 Gbps 5 Gbps Available mid CY2012

Maximum Site-to-Site and IPsec

IKEv1 Client VPN User Sessions

5,000 10,000 10,000 10,000 Available mid CY2012

Maximum AnyConnect or

Clientless VPN User Sessions

5,000 10,000 10,000 10,000 Available mid CY2012
Bundled SSL VPN User Session 2 2 2 2 Available mid CY2012
VLANs 1,024 1,024 1,024 1,024 1,000
High-Availability Support3 A/A and A/S A/A and A/S A/A and A/S A/A and A/S A/A and A/S

 

New Cisco 5500-X Series of firewalls is already available on the market and you can buy them on www.datacentreshop.co.uk. If you need any help with configuration and/or installation of Cisco ASA firewalls you can find more information about our services under following link:
http://www.proxar.co.uk/it-services/cisco-network-consulting/firewall-configuration-and-installation
For more information about network management services please use the link below:
http://www.proxar.co.uk/it-services/it-network-management
References:
http://www.cisco.com/en/US/products/ps6120/prod_models_home.html
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/qa_c67-700608.html
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/at_a_glance_c45-701635.pdf