Actually, the ASA OS is already on the Cisco roadmap to replace the PIX version of Cisco's FW OS currently running on the FWSM.

(At least according to one major account SE and word put out by at least one Cisco rep at the last Networkers.)

My question is, when?

--------------

Here is a longer explanation of concerns that generated the question...

The list of "issues" with the PIX OS operation on the FWSM is long and well known. As customers begin to transition large-scale DC's towards NEXUS, associated SRND's and assorted other DC validated designs, one of the possible/probable phases is creation of a Services model, thus creating separation from the aggregation layer. The benefits are obvious and another entire discussion. A module-based FW, along with a module-based Load Balancer, VPN concentrator and IDS/IPS, really helps the scaling and consolidation chores.

However, until there is a Cisco FW module that offers an up-to-date and capable OS, (and something similar can be said for the IDS/IPS solution (and with the demise of MARS this area gets even more muddled), folks are stuck with part chassis-based part appliance-bases solutions for their Services module within the data center, (i.e. experienced FW engineers I know prefer the ASA for DC solutions, even if it means appliances all over the place vs. FWSM modules in a chassis. Hopefully for DC engineers this has the obvious look of backwards DC consolidation logic and evidence of foggy Cisco BU vision.)

These technology transition issues are not insurmountable hurdles but when one considers the neat and tidy DC infrastructure and logic architecture Cisco is heavily promoting within NEXUS (top of rack, end of rack,  routing/switching virtualization, OTV, etc.) for engineers it falls apart at the recommended Services module. With today's offerings, unless you can convince a large customer to green-field their DC's with NEXUS and abandon their massive current investment in 6500's (and perhaps VPLS), the transition is a bit of a mess.

Hmmm...what a sec?! Cisco wouldn't being doing this all on pur...no, no, of course not. Forget I thought that.

...ok, I'm done venting ;-}

So, let me try this again in a form that won't get deleted...

I've heard from various Cisco sources that there IS a road map that has a 65xx FWSM running ASA OS instead of old PIX OS.

Can anyone confirm or deny this?

Thanks,

m.

Up till FWSM 2.3 code it almost looked like PIX 6.3. syntax.

FWSM 3.x and above it almost looks like ASA syntax. On the FWSM we are unto 4.0.13 and 4.1.3 now.

The syntax may be the same for the most part but the code is completely diff. meaning you can never upload an ASA image onto an FWSM or vice versa.

Dont' miss my ATE event Starts January 3, 2011: https://supportforums.cisco.com/community/netpro/ask-the-expert

-KS

Thanks for that response.

A bit more elaboration if you know...

1) Any plans to unify FWSM and FW appliances around a single FW OS, (understanding that this may mean a new version of the FWSM that CAN support native ASA code with appropriate changes)?

2) How long will Cisco continue to support the PIX FW OS?

*I'm striving for some guidance because as I've mentioned, I have customers that simply won't invest in the existing PIX FWSM solution going forward.

Thanks much,

m.

...That's useful information and appreciated.

Best regards,

m.