10-06-2009 06:29 PM - edited 03-11-2019 09:23 AM
we are currently using an FWSM over 6509 as firewall for our various services.
In the process of studying if it needs to be replaced in by a more complete firewall rather than using a module.
Is ASA 5520 better than FWSM module. If yes, please suggest the differences.
Thanks.
10-06-2009 08:33 PM
One big difference is that FWSM does not support VPN but 5520 support various VPN such as IPSec, Web VPN.
10-07-2009 04:04 AM
Sunny
As Kevin has noted the ASA supports VPN/IDS/IPS which the FWSM does not.
In addition it really depends on what you are firewalling, the throughput needed etc..
The FWSM will have greater throughput than the 5520. It also integrates directly into the 6500 chassis and if you are also using ACE/CSM modules for load-balancing the FWSM is a good fit. I have used both. I have used FWSMs in a data centre environment where the requirement was to firewall multiple server vlans together with load-balaning. For this scenario the FWSM was a good fit.
But, throughput aside, the same could be done with an ASA 5520 with the additional benefit of being able to add on additional services.
So the answer to your question is do you need more services than just firewalling ie. VPNs, IPS/IDS etc. Note that these additional services can also be provided by 6500 line cards ie. the IDS modules, VPN SPA, but they use slots in the chassis and can be expensive.
Jon
10-07-2009 07:27 AM
Thanks for the response.
Current fwsm is firewalling various server segments in DC used for access by different locations, although with no loadbalancing.
"The FWSM will have greater throughput than the 5520"- this is a new info for me ..i was under the impression that ASA ( since its a firewall box rather than a module like fwsm) supports more throughput or sessions.
Any specific reasons why fwsm is more sturdy for throughput..is it because of the backplane capacity of 650X switches.
I was looking more from throughput,handling capacity and sessions for replacing fwsm with ASA.
10-07-2009 08:28 AM
Sunny
The FWSM can support up to 5.5Gbps throughput and 1 million concurrent connections.
The ASA 5520 can support up to 450Mbps throughput and 280,000 concurrent connections.
So you can see that the FWSM can support a lot more throughput and yes part of the reason is to do with it being integrated into the 6500 chassis.
Note that the ASA 5580s are comparable in terms of performance in throughput to the FWSM.
Attached are links to data sheets for
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide