Firewall Wizards mailing list archives
Re: Question on Cisco ASA's... do all the features slow it down?
From: jacob c <jctx09 () yahoo com>
Date: Thu, 6 Dec 2007 15:17:42 -0800 (PST)
1) Firewall performance figures from all vendors are highly overrated on the datasheets. 2) Personally, I'm not a big fan of the PIX/ASA line for many reasons. From a performance perspective only, I'd much rather go with a Juniper Netscreen appliance or even Fortinet for pure firewall and IPS functionality. Let me say it again.. for POWER use the Netscreen. Also, the cli is very Cisco-like so it's an easy migration. 3) If you run a true UTM solution for an All-in-ONE box you might even want to look at the Fortinet box since it has great, easy-to-use management in one gui and it won't choke when you enable content filter and anti-virus scanning. Just my three cents...:) Brett Cunningham <cssniper22 () gmail com> wrote: The IPS feature does slow it down. Of course the more you do with the packets, the slower it will get. I'd still recommend the ASA with the SSM though. For the 5510, here is the specs: Feature Firewall throughput Up to 300 Mbps Concurrent threat mitigation throughput (firewall + IPS services) Up to 150 Mbps with AIP-SSM-10 Up to 300 Mbps with AIP-SSM-20 VPN throughput Up to 170 Mbps (see: http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd802930c5.html) If 150 Mbps is okay, go with the SSM-10. Otherwise, the SSM 20 hardly slows it down. I think the ASA is a huge leap from the PIX and would suggest the ASA over the PIX. On 12/4/07, John G. wrote:
hello list, we are currently running Cisco PIX 515E's with 128 Megs of RAM. the problem is their CPU's are getting up to high 80% usage. gone through a bunch of troubleshooting things and i think it is just time to upgrade. my question is do the IDS/IPS features of the ASA make it kinda slow? i would hate to have us upgrade to these devices just to find us in the same spot. what do people think of the ASA's as compared to the vaunted PIX? we were thinking of getting this model: Cisco ASA5510-SEC-BUN-K9 thanks much, jg _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards --------------------------------- Never miss a thing. Make Yahoo your homepage.
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Question on Cisco ASA's... do all the features slow it down? John G. (Dec 05)
- Re: Question on Cisco ASA's... do all the features slow it down? ChrisSerafin (Dec 06)
- Re: Question on Cisco ASA's... do all the features slow it down? Brett Cunningham (Dec 06)
- Re: Question on Cisco ASA's... do all the features slow it down? jacob c (Dec 10)
- Re: Question on Cisco ASA's... do all the features slow it down? Carson Gaspar (Dec 11)
- Re: Question on Cisco ASA's... do all the features slow it down? John G. (Dec 11)
- Re: Question on Cisco ASA's... do all the features slow it down? jacob c (Dec 12)
- Re: Question on Cisco ASA's... do all the features slow it down? Carson Gaspar (Dec 13)
- Re: Question on Cisco ASA's... do all the features slow it down? jacob c (Dec 10)