Migrating to AWS but existing 5525 CPU maxed out

jroy777 · ‎05-23-2023

We are migrating Data Center (DC) to AWS and have 5525 Pair in DC today. CPU constantly reaching 95% and bandwidth is limited to 1Gig. The migration is going to take much longer that Management hoped due to complex nature of SaaS design. We want to place a more powerful ASA model in the DC and buy a support contract as a stop gap. We know ASA 5500 series are EOL. I want to know if there are ASA models that support 2.5G 5G and 10G standards and which models have these ports available or is there a module I can purchase and install on a higher end model?

Rob Ingram · ‎05-23-2023

@jroy777 the Firepower 2100 series hardware supports up to 10G (basic firewall features) on the 2130 model or 20G (basic firewall features) on the 2140 model, both models support SFP+ (10Gb) builtin and an additional module. NGFW features reduces the performance.

The 2100 series datasheet has all the information regarding performance - https://www.cisco.com/c/en/us/products/collateral/security/firepower-2100-series/datasheet-c78-742473.html

The lower spec 1000 series hardware model, the 1150 supports a max 5.3Gb performance, with SFP+ interfaces bulit in. The 1000 series does not support additional interface modules. https://www.cisco.com/c/en/us/products/collateral/security/firepower-1000-series/datasheet-c78-742469.html

The 1000 and 2100 series hardware comes with either the traditional ASA software or the NGFW FTD software.

jroy777 · ‎05-23-2023

What are your opinions on a used 5585 Pair?

Rob Ingram · ‎05-23-2023

@jroy777 well only if it's for the short term/interim solution, yes it will do the job. It's EOL, but there is a recent software upgrade (17 May 2023), so at present Cisco are releasing updates.

MHM Cisco World · ‎05-23-2023

If I am right
you can get Firepower 2100 with ASA image not with FTD image.