Overblog
Edit post Follow this blog Administration + Create my blog
Cisco & Cisco Network Hardware News and Technology

Cisco ASA 5500-X Model Comparison: ASA 5525-X vs. ASA 5545-X vs. ASA 5555-X

July 30 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco Switches - Cisco Firewall

Compared with the previous ASA 5500 series, Cisco ASA 5500-X next-generation firewall has some new features, for example, it provides services such as Application Visibility and Control (AVC) Services to control specific behaviors within allowed micro-applications, Web Security Essentials (WSE) Services to restrict web and web application usage based on reputation of the site and Intrusion Prevention (IPS) to provide critical threat protection from internet edge related attacks on your personal use computing systems. Through Cisco Security Intelligence Operations (SIO)*, these services provide web reputation that protects against zero-day threats.

  1. Cisco Prime Security Manager can now be used to centrally manage core ASA-X features along with Next-Generation services such as Application Visibility and Control, Web Security and IPS.
  2. ASA IPS is the only context aware IPS that uses device awareness, network reputation of the source, target value and user identity to drive mitigation decisions and provides a proactive protection against threats. It uses a combination of on- and off-box intelligence and does not require an additional hardware module.
  3. •4x increase in firewall throughput protects users as their current and future data consumption demands increase.
  4. •Redundant power supplies (on the ASA 5545-X and 5555-X appliances) protect against power outages.
  5. •Multicore enterprise-class CPUs deliver better performance.
  6. •Additional copper and small form-factor pluggable (SFP) Gigabit Ethernet ports provide greater flexibility for network configuration.
  7. •Cisco Cloud Web Security provides unmatched web security, application visibility and control for organizations of all sizes through a network of global data centers.
  8. •Cisco AnyConnect enables seamless secure remote access by providing an always-on secure connectivity experience across a broad set of desktop and mobile devices.

 

Your business, regardless of size, can get an end-to-end network security solution with the Cisco ASA 5500-X Series Next-Generation Firewalls. Cisco ASA 5525-X, ASA 5545-X or ASA 5555-X model? There is a Cisco ASA 5500-X series firewalls comparison table showing you the difference, which make you find the right one.

Cisco ASA Model

ASA 5525-X

ASA 5545-X

ASA 5555-X

 

Stateful Inspection throughput (max1)

2 Gbps

3 Gbps

4 Gbps

Stateful Inspection throughput (multiprotocol2)

1 Gbps

1.5 Gbps

2 Gbps

Next-Generation throughput3(multiprotocol)

650 Mbps

1 Gbps

1.4 Gbps

ASA IPS throughput4

600 Mbps
(Extra hardware module not required)

900 Mbps
(Extra hardware module not required)

1.3 Gbps
(Extra hardware module not required)

Concurrent sessions

500,000

750,000

1,000,000

Connections per second

20,000

30,000

50,000

Packets per second (64 byte)

700,000

900,000

1,100,000

3DES/AES VPN throughput5

300 Mbps

400 Mbps

700 Mbps

Site-to-site and IPsec IKEv1 client VPN user sessions

750

2,500

5,000

AnyConnect or clientless VPN user sessions6(AnyConnect license required)

750

2,500

5,000

Cisco Cloud Web Security users

500

1,500

3,000

VLANs

200

300

500

High-availability support7

A/A and A/S

A/A and A/S

A/A and A/S

Integrated I/O

8-port 10/100/1000

8-port 10/100/1000

8-port 10/100/1000

Expansion I/O

6-port 10/100/1000 or 6-port GE (SFP)

6-port 10/100/1000 or 6-port GE (SFP)

6-port 10/100/1000 or 6-port GE (SFP)

Dual Power Supplies

Not available

Yes

Yes

Power

AC/DC

AC/DC

AC/DC

1Maximum throughput with UDP traffic measured under ideal test conditions
2Multiprotocol = Traffic profile consisting primarily of TCP-based protocols or applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS.
3Throughput was measured using ASA CX Software Release 9.1.1 with multi-protocol traffic profile with both Application Visibility Control (AVC) and Web Security Essentials (WSE). Traffic logging was enabled as well.
4Firewall traffic that does not go through IPS service can have higher throughput.
5VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken into consideration as part of your capacity planning. Maximum throughput numbers are based on IPsec IKEv1 Remote Access VPN Connectivity
62 AnyConnect Premium User Licenses are included by default
7A/A = Active/Active; A/S = Active/Standby

 

More Related Cisco ASA Firewall Topics:

Does Cisco ASA 5500-X Series Support Both IPS and AVC/WSE in One Box?

ASA 5505 vs. ASA 5510 vs. ASA 5512-X vs. ASA 5515-X

Cisco ASA5510 Vs ASA5512-X or Cisco 5515-X

Cisco ASA 5500-X vs. ASA 5500

Share this post
Repost0
To be informed of the latest articles, subscribe:
Comment on this post