Most of Cisco ASA 5500 Models have been announced end-of-life and end-of-sale, such as the ASA 5505, ASA 5510, ASA 5520, ASA 5540, and ASA 5550. Users should migrate to the newer Cisco ASA 5500-X Series of next-generation firewalls (NGFW), which includes the ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X and so forth.
The Cisco ASA 5512-X and ASA 5515-X offer increased throughput, better interface density, and the ability to run services like IPS, AVC (Application Visibility and Control), WSE (Web Security Essentials), etc., without requiring a separate hardware module. Customers can choose the ASA 5512-X if they do not want high availability, which comes as a default option on the ASA 5515-X.
Note that there is a license on the ASA 5512-X that enables high availability, should that be required later.
Product Comparisons: ASA 5510 vs. ASA 5515-X
|
Feature |
Cisco ASA 5510 Adaptive Security Appliance |
Cisco ASA 5515-X Adaptive Security Appliance |
|
Next-Generation Firewall |
No |
Yes |
|
Application Visibility and Control Service |
No |
Yes |
|
Web Security Service |
No |
Yes |
|
IPS Service |
Yes (Requires separate Hardware module) |
Yes (Does not require separate hardware module) |
|
Content Security Service |
Yes (Requires separate Hardware module) |
Similar functionality available through Cloud Web Security (formerly known as ScanSafe) |
|
Firewall Throughput (Max) |
300 Mbps |
1.2 Gbps |
|
IPS Throughput (Max) |
300 Mbps |
400 Mbps |
|
VPN Throughput (Max) |
170 Mbps |
250 Mbps |
|
Connections (Max) |
100,000 |
250,000 |
|
Connections Per Second |
9,000 |
15,000 |
|
Integrated I/O |
2GE Copper and 3FE |
6 GE Copper |
|
Expansion I/O |
4-port GE Copper, or 4-port GE SFP |
6-port GE Copper 6-port GE SFP |
|
CPU |
Single core |
Multiple cores |
|
Memory |
1 GB |
8 GB |
|
Hardware support for 2048-bit certificates |
No |
Yes |
|
USB thumb drive support |
No |
Yes (can be used to store logs and configuration files) |
Migration Options-ASA 5520 to ASA 5525-X
The Cisco ASA 5525-X offers increased throughput, better interface density, and the ability to run services like IPS, AVC (Application Visibility and Control), WSE (Web Security Essentials), etc., without requiring a separate hardware module. Additionally, the ASA 5525-X includes a hardware chip to speed up IPS signature execution (for both default and custom signatures).
Refer to the table below for a detailed comparison between the ASA 5520 and ASA 5525-X. Customers can also upgrade to the Cisco ASA 5545-X, which provides the option of dual power supplies in addition to better performance and scaling.
Product Comparisons-ASA 5520 vs. ASA 5525-X
|
Feature |
Cisco ASA 5520 Adaptive Security Appliance |
Cisco ASA 5525-X Adaptive Security Appliance |
|
Next-Generation Firewall |
No |
Yes |
|
Application Visibility and Control Service |
No |
Yes |
|
Web Security Service |
No |
Yes |
|
IPS Service |
Yes (Requires separate Hardware module) |
Yes (Does not require separate hardware module) |
|
Content Security Card Module |
Yes |
Similar functionality available through Cloud Web Security (formerly known as ScanSafe) |
|
Firewall Throughput (Max) |
450 Mbps |
2 Gbps |
|
IPS Throughput (Max) |
450 Mbps |
600 Mbps |
|
VPN Throughput (Max) |
225 Mbps |
300 Mbps |
|
Connections (Max) |
280,000 |
500,000 |
|
Connections Per Second |
12,000 |
20,000 |
|
Integrated I/O |
4 GE Copper + 1 FE |
8 GE Copper |
|
Expansion I/O |
4-port GE Cu or 4-port GE SFP |
6-port GE Copper or 6-port GE SFP |
|
CPU |
Single Core |
Multiple Cores |
|
Memory |
2 GB |
8 GB |
|
IPS Accelerator hardware |
No. All signatures run on IPS Security Module CPU. |
In-built hardware accelerator for both default and custom signatures |
|
Hardware support for 2048-bit certificates |
No |
Yes |
More Related…
Does Cisco ASA 5500-X Series Support Both IPS and AVC/WSE in One Box?
EoS and EoL Announcement for the Cisco ASA 5512-X and ASA 5515-X