Cisco ASA 5500-X Model Comparison: ASA 5525-X vs. ASA 5545-X vs. ASA 5555-X
Compared with the previous ASA 5500 series, Cisco ASA 5500-X next-generation firewall has some new features, for example, it provides services such as Application Visibility and Control (AVC) Services to control specific behaviors within allowed micro-applications, Web Security Essentials (WSE) Services to restrict web and web application usage based on reputation of the site and Intrusion Prevention (IPS) to provide critical threat protection from internet edge related attacks on your personal use computing systems. Through Cisco Security Intelligence Operations (SIO)*, these services provide web reputation that protects against zero-day threats.
- •Cisco Prime Security Manager can now be used to centrally manage core ASA-X features along with Next-Generation services such as Application Visibility and Control, Web Security and IPS.
- •ASA IPS is the only context aware IPS that uses device awareness, network reputation of the source, target value and user identity to drive mitigation decisions and provides a proactive protection against threats. It uses a combination of on- and off-box intelligence and does not require an additional hardware module.
- •4x increase in firewall throughput protects users as their current and future data consumption demands increase.
- •Redundant power supplies (on the ASA 5545-X and 5555-X appliances) protect against power outages.
- •Multicore enterprise-class CPUs deliver better performance.
- •Additional copper and small form-factor pluggable (SFP) Gigabit Ethernet ports provide greater flexibility for network configuration.
- •Cisco Cloud Web Security provides unmatched web security, application visibility and control for organizations of all sizes through a network of global data centers.
- •Cisco AnyConnect enables seamless secure remote access by providing an always-on secure connectivity experience across a broad set of desktop and mobile devices.
Your business, regardless of size, can get an end-to-end network security solution with the Cisco ASA 5500-X Series Next-Generation Firewalls. Cisco ASA 5525-X, ASA 5545-X or ASA 5555-X model? There is a Cisco ASA 5500-X series firewalls comparison table showing you the difference, which make you find the right one.
Cisco ASA Model | ASA 5525-X | ASA 5545-X | ASA 5555-X |
|
|
| |
Stateful Inspection throughput (max1) | 2 Gbps | 3 Gbps | 4 Gbps |
Stateful Inspection throughput (multiprotocol2) | 1 Gbps | 1.5 Gbps | 2 Gbps |
Next-Generation throughput3(multiprotocol) | 650 Mbps | 1 Gbps | 1.4 Gbps |
ASA IPS throughput4 | 600 Mbps | 900 Mbps | 1.3 Gbps |
Concurrent sessions | 500,000 | 750,000 | 1,000,000 |
Connections per second | 20,000 | 30,000 | 50,000 |
Packets per second (64 byte) | 700,000 | 900,000 | 1,100,000 |
3DES/AES VPN throughput5 | 300 Mbps | 400 Mbps | 700 Mbps |
Site-to-site and IPsec IKEv1 client VPN user sessions | 750 | 2,500 | 5,000 |
AnyConnect or clientless VPN user sessions6(AnyConnect license required) | 750 | 2,500 | 5,000 |
Cisco Cloud Web Security users | 500 | 1,500 | 3,000 |
VLANs | 200 | 300 | 500 |
High-availability support7 | A/A and A/S | A/A and A/S | A/A and A/S |
Integrated I/O | 8-port 10/100/1000 | 8-port 10/100/1000 | 8-port 10/100/1000 |
Expansion I/O | 6-port 10/100/1000 or 6-port GE (SFP) | 6-port 10/100/1000 or 6-port GE (SFP) | 6-port 10/100/1000 or 6-port GE (SFP) |
Dual Power Supplies | Not available | Yes | Yes |
Power | AC/DC | AC/DC | AC/DC |
1Maximum throughput with UDP traffic measured under ideal test conditions
2Multiprotocol = Traffic profile consisting primarily of TCP-based protocols or applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS.
3Throughput was measured using ASA CX Software Release 9.1.1 with multi-protocol traffic profile with both Application Visibility Control (AVC) and Web Security Essentials (WSE). Traffic logging was enabled as well.
4Firewall traffic that does not go through IPS service can have higher throughput.
5VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken into consideration as part of your capacity planning. Maximum throughput numbers are based on IPsec IKEv1 Remote Access VPN Connectivity
62 AnyConnect Premium User Licenses are included by default
7A/A = Active/Active; A/S = Active/Standby
More Related Cisco ASA Firewall Topics:
Does Cisco ASA 5500-X Series Support Both IPS and AVC/WSE in One Box?
ASA 5505 vs. ASA 5510 vs. ASA 5512-X vs. ASA 5515-X