There is also a difference in performance and price. The ASA 5500 line are
external
standalone devices with, for the most part, the capabilities of a VPN 3000
concentrator
built-in. The packet throughput is about what you'd expect from a standalone
device with
Gig-E interfaces, say around 600 Mb/s. Also, the CPU engine in the ASA 5500
series is
faster than what you find in a PIX.
An FWSM on the other hand is, as has been said, an ASA on a blade. These don't
generally
come with VPN concentrator capabilities. However, they can take about 5.5 Gb/s
of
aggregated throughput in 1 Gb/s streams. Part of this enhanced performance
comes from
the fact that they hook directly into the backplane of a Cisco 6500 switch. I
believe
a Sup720 supervisor is also required.
At 05:00 PM 4/25/2007, Avishai Wool wrote:
>AFAIK the FWSM is essentially a PIX 7.x that is stuck inside a
>catalyst switch chassis. and an ASA is a PIX 7.x that is
>bundled with some other (non-firewall) security functions .
>
>the configuration language was 99.9% compatible between the ASA
>and the FWSM, at least as of PIX 7.0. I'm not sure if Cisco kept the
>code-bases evolving in sync - there were a few months in which FWSM was
>shipping but PIX 7.0 was not released yet...
>
>In my opinion, the main differences are "form factor" and pricing. If
>all you need
>is a firewall then you don't care about the other things the ASA may do.
>If you already have a Catalyst with an empty expansion bay - it may
>be convenient to get a FWSM (e.g. less rack-space).
>
>HTH,
> Avishai
>
>On 4/13/07, Kimberly Fields <kimberlymfields@gmail.com> wrote:
>> Can anyone tell me what, if any, are the differences between the Cisco ASA
>> firewall features and the Cisco FWSM firewall features?
>>
>> _______________________________________________
>> firewall-wizards mailing list
>> firewall-wizards@listserv.icsalabs.com
>> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>>
>>
>
>
>--
>Avishai Wool, Ph.D., Cell: +972-52-333-0052
> Co-founder and Chief Technical Officer
> http://www.algosec.com
>******* Firewall Management Made Smarter ******
>_______________________________________________
>firewall-wizards mailing list
>firewall-wizards@listserv.icsalabs.com
>https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
--
Douglas C. Stephens | Network/DNS/Unix/Windows Administrator
System Support Specialist | Postmaster / Webmaster
Information Systems | Phone: (515) 294-6102
Ames Laboratory, US DOE | Email: stephens@ameslab.gov
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|