cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1242
Views
12
Helpful
24
Replies

Looking a replacement for the firewall module of c6500

yishaky_ub
Level 1
Level 1

Looking a replacement for the firewall module of c6500

24 Replies 24

Aditya Ganjoo
Cisco Employee
Cisco Employee

Hi,

You can use ASA-SM. More information on this link:

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/module/asa_sm_qsg.html

Regards,

Aditya

Please rate helpful posts and mark correct answers.

Hi,

Thank you for your response

How about this ... FPR2130-BUN ....

your comment on this comparing the one you recommending

Hi,

Yes my recommendation was a replacement for the module on the switch.

But if you want a completely new FW then yes this would be a good fit.

It depends on your choice as this is a Next Gen FW and has a lot of features and capabilities when compared to ASA-SM.

Here is a link for the same:

http://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/datasheet-c78-736661.html

Regards,

Aditya

Please rate helpful posts and mark correct answers.

HI 

here is my current c6500 and the firewall module

Mod Ports Card Type                                                      Model
--- ----- --------------------------------------                               ------------------
1     6        Firewall Module                                              WS-SVC-FWM-1
2     48      CEF720 48 port 10/100/1000mb Ethernet     WS-X6748-GE-TX
3     8        Intrusion Detection System                            WS-SVC-IDSM-2
5     5        Supervisor Engine 720 10GE (Active)           VS-S720-10G

so do you think that "FPR2130-BUN" is compatible with the supervisor engine on c6500?

Thanks

The 2100 series, including the 2130 is not a blade - it is a standalone appliance. Also, as of right now it is only able to run FTD software - not ASA software. The ASA image has been announced and is available for order but is not yet shipping.

Since you have the also end of sales and near end of life IDS module, an FTD appliance may be the best fit as it includes firewall and NGIPS features.

You should work with a qualified Cisco or partner Security SE to make sure your requirements and design map to the new devices, whichever you choose. I'd recommend reaching out to them. If you don't have an established relationship, use the Cisco partner locator tool and the advanced search to look for a Master Security partner.

Hi

Thank you for your mail.

I checked the cisco site and i found that the replacement module for our existing firewall module is "WS-SVC-ASA-SM1-K9" so what i am looking now is a standalone firewall appliance which is comparable to this new firewall module.

If your replacement needs to happen in the near term (less than 90 days) then you would be best off with a Firepower 4110 appliance running the ASA image.

If you can wait longer than that then the 2130 with ASA will be shipping in the fall.

The distinction is relevant because of the cost differential - a 4110 is about 3x the cost of a 2130.

Either one can be coverted to run the FTD image should you decide to replace your IPS module as well. IPS signature updates end for all classic Cisco IPS devices in Spring 2018.

If you are using multiple contexts then only the ASA image can do that for the near- mid-term future.

However the conversation should also be about your requirements and the current threat landscape. What was the right solution in 2010 (or earlier) is not rightly just replaced with a newer shinier box doing more or less the same thing. Security threats have changed and so have the available solutions.

Hi

thank you for your mail again

of course my replacement will take more than 90 days. 

bzw is there compatible products listed in the link below 

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html

moreover i am planning to replace only the firewall module not the IDS/IPS module

regards,

Hi 

Anyone who comment on my post pls

What question remains unaswered?

Hi

bzw is there compatible products from the list in the link below 

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-serie...

Ah - "bzw" is the confusion. I suppose you mean the German "beziehungsweise" and mean it as a question. The primary language on this forum is English and we may miss abreviations in other languages.

The ASA firewalls are mostly compatible feature-wise. The primary considerations are the throughput you require and the interface number and type. We would have to know more about your current implementation to answer the question fully.

Hi

AS I informed you the firewall we are using "WS-SVC-FWM-1" and the throughput is 1.5gps so what i am looking is throughput greater than at least 3gbs ....regarding the interfaces i am not sure how many interfaces i am going to use may be 8 interfaces sufficient...

A Firepower 2120 with ASA image would be the closest match in terms of throughput and interfaces.

See table 3 here:

http://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/datasheet-c78-736661.html

...where you will see 3 Gbps Stateful inspection firewall throughput (multiprotocol).

There are 12 each 10/100/1000 RJ-45 and 4 each SFP Ethernet interfaces built in to the 2120.

Note that you can only add a network module with SFP+ (10 Gbps) interfaces to the 2130 and higher models. So if that's something you might need now or in the future, be aware of that. Also the 2130 and higher have 4 each SFP+ interfaces built-in as well as dual power supply options.

Review Cisco Networking for a $25 gift card