t: +44 (0) 203 515 5555

Historically, Cisco has acquired firewall technology in 1995 during acquisition of Network Translation. For years Cisco PIX appliances were one of the most popular firewalls in the world, until it was replaces by Cisco Adaptive Security Appliance in 2005. Eventually, Cisco announced end-of-sale for PIX in 2008. Adaptive Security Appliances introduced significant performance improvements, new security features as well as Cisco ASDM (Adaptive Security Device Manager). ASA devices can be extended by additional security modules that can provide extended layer of protection mostly designed for data centre networks. IPS (Intrusion Protection System) is often being used first line of defence for DOS and DDOS attacks which are very common in many industries including online gambling and media. Some of our clients have experienced outages during the DOS/DDOS attacks due to lack of capacity on a security appliance. The main benefit of upgrading to a new series of Cisco ASA 5500-X devices is increased performance. VPN Throughput, maximum number of connections, connections per second as well as IPS throughput are significantly increased. From security perspective Cisco SecureX framework that provides a context-aware approach to security was integrated with ASA 5500-X Series of firewalls. These next-generation firewalls provide various additional security services as well as multigigabit performance, multiple interface options, and redundant power supplies—all in a compact 1-RU form factor appliance. As an extension of security features, Cisco ASA 5500-X Series firewalls allow for optional integrated cloud- and software-based identity policies. New Cisco 5500-X series of firewalls is based on the same, reliable hardware platform as its predecessor. The most important improvements: - firewall throughput has been significantly increased - Additional security features are available without any hardware upgrades - Integrated IPS hardware, no additional modules required - Redundant power supplies are available on ASA 5545-X and 5555-X - All devices have a multicore enterprise-class CPUs - Additional copper and SFP Gigabit Ethernet ports are available - All models are equipped with Gigabit Ethernet ports Internet Edge Cisco ASA Comparison:                                                                  
Cisco ASA Model ASA 5505 ASA 5510 ASA 5512-X ASA 5515-X
Firewall Throughput (Max)1 150 Mbps 300 Mbps 1 Gbps 1.2 Gbps
Firewall Throughput (Multi-Protocol) - - 500 Mbps 600 Mbps
  Concurrent Threat Mitigation Throughput (Firewall + IPS Services)   75 Mbps with AIP SSC-5   150 Mbps with AIP SSM-10;  300 Mbps with AIP SSM-20   250 Mbps 400 Mbps
Maximum Firewall Connections 10,000 /25,000 50,000 /130,000 100,000 250,000
Maximum Firewall Connections/Second 4,000 9,000 10,000 15,000
Packets per second (64 byte) 85,000 190,000 450,000 500,000
Maximum 3DES/AES VPN Throughput2 100 Mbps 170 Mbps 200 Mbps 250 Mbps
  Maximum Site-to-Site and IPsec IKEv1 Client VPN User Sessions   10/25 250 250 250
  Maximum AnyConnect or Clientless VPN User Sessions   25 250 250 250
Bundled SSL VPN User Sessions 2 2 2 2
VLANs   3 (trunking disabled)  /20 (trunking enabled)   50 / 100 50 100
High-Availability Support3 Not supported A/A and A/S Not supported A/A and A/S
  Internet Edge Cisco ASA Comparison:                                                                                       
Cisco ASA Model ASA 5520 ASA 5525-X ASA 5540 ASA 5545-X ASA 5550 ASA 5555-X
Firewall Throughput (Max)1  450 Mbps  2 Gbps  650 Mbps  3 Gbps 1.2 Gbps 4 Gbps
Firewall Throughput (Multi-Protocol) - 1 Gbps - 1.5 Gbps - 2 Gbps
  Concurrent Threat Mitigation Throughput (Firewall + IPS Services)     225 Mbps: AIP SSM-10 375 Mbps: AIP SSM-20 450 Mbps: AIP SSM-40   600 Mbps   500 Mbps:AIP SSM-20 650 Mbps:AIP SSM-40   900 Mbps Not Available 1.3 Gbps
Maximum Firewall Connections 280,000 500,000 400,000 750,000 650,000 1,000,000
Maximum Firewall Connections/Second 12,000 20,000 25,000 30,000 33,000 50,000
Packets per second (64 byte) 320,000 700,000 500,000 900,000 600,000 1,100,000
Maximum 3DES/AES VPN Throughput2 225 Mbps 300 Mbps 325 Mbps 400 Mbps 425 Mbps 700 Mbps
  Maximum Site-to-Site and IPsec IKEv1 Client VPN User Sessions   750 750 5,000 2,500 5,000 5,000
  Maximum AnyConnect or Clientless VPN User Sessions   750 750 2,500 2,500 5,000 5,000
Bundled SSL VPN User Sessions 2 2 2 2 2 2
VLANs   150   200 200 300 400 500
High-Availability Support3 A/A and A/S A/A and A/S A/A and A/S A/A and A/S A/A and A/S A/A and A/S
  Enterprise Data Centre Cisco ASA Comparison:                                                              
Cisco ASA Model   ASA 5585-X with SSP10     ASA 5585-X with SSP20     ASA 5585-X with SSP40     ASA 5585-X with SSP60     ASA Services Module  
Firewall Throughput (Max)1 4 Gbps 10 Gbps 20 Gbps 40 Gbps 20 Gbps
Firewall Throughput (Multi-Protocol) 2 Gbps 5 Gbps 10 Gbps 20 Gbps 16 Gbps
Maximum Firewall Connections 1,000,000 2,000,000 4,000,000 10,000,000 10,000,000
Maximum Firewall Connections/Second 50,000 125,000 200,000 350,0002 300,000
Packets Per Second (64 byte) 1,500,000 3,000,000 5,000,000 9,000,000 5,000,000
  Maximum 3DES/AES VPN Throughput   1 Gbps 2 Gbps 3 Gbps 5 Gbps Available mid CY2012
  Maximum Site-to-Site and IPsec IKEv1 Client VPN User Sessions   5,000 10,000 10,000 10,000 Available mid CY2012
  Maximum AnyConnect or Clientless VPN User Sessions   5,000 10,000 10,000 10,000 Available mid CY2012
Bundled SSL VPN User Session 2 2 2 2 Available mid CY2012
VLANs 1,024 1,024 1,024 1,024 1,000
High-Availability Support3 A/A and A/S A/A and A/S A/A and A/S A/A and A/S A/A and A/S
  New Cisco 5500-X Series of firewalls is already available on the market and you can buy them on www.datacentreshop.co.uk. If you need any help with configuration and/or installation of Cisco ASA firewalls you can find more information about our services under following link: https://www.proxar.co.uk/consulting-services/cisco-network-consulting/firewall-configuration-and-installation For more information about network management services please use the link below: http://www.proxar.co.uk/it-services/it-network-management References: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/qa_c67-700608.html