Firewall Wizards mailing list archives

Re: Question on Cisco ASA's... do all the features slow it down?

From: jacob c <jctx09 () yahoo com>
Date: Thu, 6 Dec 2007 15:17:42 -0800 (PST)

1) Firewall performance figures from all vendors are highly overrated on the datasheets. 
   
  2)  Personally, I'm not a big fan of the PIX/ASA line for many reasons. From a  performance perspective only, I'd 
much rather go with a Juniper Netscreen appliance or even Fortinet for pure firewall and IPS functionality. Let me say 
it again.. for POWER use the Netscreen. Also, the cli is very Cisco-like so it's an easy migration.
   
  3) If you run a true UTM solution for an All-in-ONE box you might even want to look at the Fortinet box since it has 
great, easy-to-use management in one gui and it won't choke when you enable content filter and anti-virus scanning.
   
  Just my three cents...:)

Brett Cunningham <cssniper22 () gmail com> wrote:
  The IPS feature does slow it down. Of course the more you do with the
packets, the slower it will get. I'd still recommend the ASA with the
SSM though. For the 5510, here is the specs:

Feature

Firewall throughput Up to 300 Mbps

Concurrent threat mitigation throughput (firewall + IPS services)
 Up to 150 Mbps with AIP-SSM-10
 Up to 300 Mbps with AIP-SSM-20


VPN throughput Up to 170 Mbps

(see: http://www.cisco.com/en/US/products/ps6120/products_data_sheet0900aecd802930c5.html)


If 150 Mbps is okay, go with the SSM-10. Otherwise, the SSM 20 hardly
slows it down.

I think the ASA is a huge leap from the PIX and would suggest the ASA
over the PIX.



On 12/4/07, John G. wrote:

hello list,

we are currently running Cisco PIX 515E's with 128 Megs of RAM. the problem
is their CPU's are getting up to high 80% usage. gone through a bunch of
troubleshooting things and i think it is just time to upgrade.

my question is do the IDS/IPS features of the ASA make it kinda slow? i
would hate to have us upgrade to these devices just to find us in the same
spot. what do people think of the ASA's as compared to the vaunted PIX?

we were thinking of getting this model: Cisco ASA5510-SEC-BUN-K9

thanks much,
jg


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


       
---------------------------------
Never miss a thing.   Make Yahoo your homepage.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Question on Cisco ASA's... do all the features slow it down? John G. (Dec 05)
- Re: Question on Cisco ASA's... do all the features slow it down? ChrisSerafin (Dec 06)
- Re: Question on Cisco ASA's... do all the features slow it down? Brett Cunningham (Dec 06)
  - Re: Question on Cisco ASA's... do all the features slow it down? jacob c (Dec 10)
    - Re: Question on Cisco ASA's... do all the features slow it down? Carson Gaspar (Dec 11)
    - Re: Question on Cisco ASA's... do all the features slow it down? John G. (Dec 11)
    - Re: Question on Cisco ASA's... do all the features slow it down? jacob c (Dec 12)
    - Re: Question on Cisco ASA's... do all the features slow it down? Carson Gaspar (Dec 13)