09-27-2011 05:47 AM - edited 03-11-2019 02:30 PM
Hi All
Not sure if this is the correct forum for this thread....
I am working for a consultancy firm and we are under increasing pressure from various customers to use Juniper SRX's in place of Cisco ASA equivalent due to cost. The ASA is a great product, and I enjoy working on them far more than the SRX, but it's over twice the cost once licensing is factored in than the SRX.
Just wondering how other members of the community are dealing with this situation, and if Cisco will compete head to head with Juniper on price and features. (or will I have to dust off the books and get the JNCIE cert, boooo!)
Regards
Andrew Radford
CCIE 16499
07-12-2012 03:10 PM
Unless I am missing something, I don't think the FWSM is a good long-term investment based on this:
http://www.cisco.com/en/US/prod/collateral/modules/ps2706/eol_c51-699134.html
No VPN capabilities and routing is limited. They do provide basic firewall features very well in places where a large number of interfaces and/or contexts are needed.
I am looking to deploy the SRX3600 in a datacenter environment over the ASA-5585 series. The price, scale and flexibility is hard to pass up. I agree Cisco TAC is awesome in most cases, but awesome support on a device that doesn't meet my needs isn't really that awesome in this case.
07-13-2012 11:33 AM
We want to place the DC firewall at our core layer (Nexus 7K) to separate users/WAN traffic from servers. There is no FWSM yet for the Nexus that I'm aware of and if there was, I wouldn't use it. That's assuming all of your routing is happening at the core for each of your environments.
Also, the ASA can't perform BGP routing. We're debating running BGP vs OSPF in the core. Right now we're using EIGRP as our IGP. If we go Juniper SRX, it would be either BGP or OSPF. Can the ASA run full OSPF routing at your core layer? If so, is anyone using dynamic routing on the ASA? I never seen any marketing docs on Cisco that show ASA doing full OSPF routing with x number of supported routes.
07-17-2012 12:36 PM
Hi Bro
As you know, Cisco ASA can run OSPF, but the OSPF features are not as widespread, compared to those Cisco IOS equipment. For example, the Cisco ASA doesn’t support more than one OSPF routing process.
However, you must realize that Cisco ASA wasn’t built to do extensive routing, as its’ primary role. Cisco ASA was built to do far-reaching Firewalling, IPS and VPN (with the inclusion of the SSM modules). Even though the OSPF features are there in a Cisco ASA, but I’m sure Cisco will not position Cisco ASA as a total routing product, if you know what I mean :-)
P/S: If you think this comment was helpful, please do rate it nicely :-)
04-11-2018 06:19 AM
11-19-2013 01:08 AM
I want to add to this nice discussion one advantage to ASA over SRX and one for SRX over ASA :
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide