Cisco NGFW Migration Options-ASA 5550 to ASA 5555-X, ASA 5520 to ASA 5525-X, ASA 5510 to ASA 5515-X
ASA 5550 vs. ASA 5555-X, ASA 5520 vs. ASA 5525-X, ASA 5510 vs. ASA 5515-X
Most of Cisco ASA 5500 Models have been announced end-of-life and end-ofsale, such as the ASA 5505, ASA 5510, ASA 5520, ASA 5540, and ASA 5550. Cisco ASA users and customers are encouraged to migrate to the newer Cisco ASA 5500-X Series of next-generation firewalls (NGFW), which includes the ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X and so forth.
In the following tables we will share the main Product Comparisons of ASA 5500 Models and the new ASA 5500-X models, which include the ASA 5550 and ASA 5555-X, ASA 5520 and ASA 5525-X, ASA 5510 and ASA 5515-X ASA 5550 vs. ASA 5555-X
Feature
Cisco ASA 5550 Adaptive Security Appliance
Cisco ASA 5555-X Adaptive Security Appliance
Next-Generation Firewall
No
Yes
Application Visibility and Control Service
No
Yes
Web Security Service
No
Yes
IPS Service
No
Yes (Does not require separate hardware module)
Content Security Service
No
Similar functionality available through Cloud Web Security (formerly known as ScanSafe)
Firewall Throughput (Max)
1.2 Gbps
4 Gbps
IPS Throughput (Max)
Not Applicable
1.3 Gbps
VPN Throughput (Max)
425 Mbps
700 Mbps
Connections (Max)
600,000
1,000,000
Connections Per Second
33,000
50,000
Integrated I/O
8 GE Copper and 1 FE
8 GE Copper + Dedicated GE Copper Management Port
Expansion I/O
Not Available
6-port GE Copper, or 6-port GE SFP
Feature
Cisco ASA 5550 Adaptive Security Appliance
Cisco ASA 5555-X Adaptive Security Appliance
CPU
Single Core
Multiple Cores
Memory
4 GB
16 GB
Dual Power Supplies
No
Yes
IPS Accelerator hardware
No
In-built hardware accelerator for both default and custom signatures
Hardware support for 2048-bit certificates
No
Yes
Reference from http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-seriesnext-generation-firewalls/eol_C51-727352.html
ASA 5540 to Cisco ASA 5545-X Feature
Cisco ASA 5540 Adaptive Security Appliances
Cisco ASA 5545-X Adaptive Security Appliance
Next-Generation Firewall
No
Yes
Application Visibility and Control Service
No
Yes
Web Security Service
No
Yes
IPS Service
Yes (Requires
Yes (Does not require separate
Feature
Cisco ASA 5540 Adaptive Security Appliances
Cisco ASA 5545-X Adaptive Security Appliance
separate Hardware module)
hardware module)
Content Security Card Module
Available
Similar functionality available through Cloud Web Security (formerly known as ScanSafe)
Firewall Throughput (Max)
650 Mbps
3 Gbps
IPS Throughput (Max)
650 Mbps
900 Mbps
VPN Throughput (Max)
325 Mbps
400 Mbps
Connections (Max)
400,000
750,000
Connections Per Second
25,000
30,000
Dual Power Supplies
No
Yes
Integrated I/O
4GE Cu + 1FE
6GE Cu
Expansion I/O
4-port GE Cu or 4port GE SFP
6-port GE Cu or 6-port GE SFP
CPU
Single-core
Multiple cores
Memory
2GB
12GB
Hardware support for 2048-bit certificates
No
Yes
Migration Options-ASA 5520 to ASA 5525-X The Cisco ASA 5525-X offers increased throughput, better interface density, and the ability to run services like IPS, AVC (Application Visibility and Control), WSE (Web Security Essentials), etc., without requiring a separate hardware module. Additionally, the ASA 5525-X includes a hardware chip to speed up IPS signature execution (for both default and custom signatures). Refer to the table below for a detailed comparison between the ASA 5520 and ASA 5525-X. Customers can also upgrade to the Cisco ASA 5545-X, which provides the option of dual power supplies in addition to better performance and scaling. Product Comparisons-ASA 5520 vs. ASA 5525-X Feature
Cisco ASA 5520 Adaptive Security Appliance
Cisco ASA 5525-X Adaptive Security Appliance
Next-Generation Firewall
No
Yes
Application Visibility and Control Service
No
Yes
Web Security Service
No
Yes
IPS Service
Yes (Requires separate Hardware module)
Yes (Does not require separate hardware module)
Content Security Card Module
Yes
Similar functionality available through Cloud Web Security (formerly known as ScanSafe)
Firewall Throughput (Max)
450 Mbps
2 Gbps
IPS Throughput (Max)
450 Mbps
600 Mbps
Feature
Cisco ASA 5520 Adaptive Security Appliance
Cisco ASA 5525-X Adaptive Security Appliance
VPN Throughput (Max)
225 Mbps
300 Mbps
Connections (Max)
280,000
500,000
Connections Per Second
12,000
20,000
Integrated I/O
4 GE Copper + 1 FE
8 GE Copper
Expansion I/O
4-port GE Cu or 4port GE SFP
6-port GE Copper or 6-port GE SFP
CPU
Single Core
Multiple Cores
Memory
2 GB
8 GB
IPS Accelerator hardware
No. All signatures run on IPS Security Module CPU.
In-built hardware accelerator for both default and custom signatures
Hardware support for 2048-bit certificates
No
Yes
Migration Options-ASA 5510 to ASA 5515-X The Cisco ASA 5512-X and ASA 5515-X offer increased throughput, better interface density, and the ability to run services like IPS, AVC (Application Visibility and Control), WSE (Web Security Essentials), etc., without requiring a separate hardware module. Customers can choose the ASA 5512-X if they do not want high availability, which comes as a default option on the ASA 5515-X. Note that there is a license on the ASA 5512-X that enables high availability, should that be required later. Product Comparisons: ASA 5510 vs. ASA 5515-X
Feature
Cisco ASA 5510 Adaptive Security Appliance
Cisco ASA 5515-X Adaptive Security Appliance
Next-Generation Firewall
No
Yes
Application Visibility and Control Service
No
Yes
Web Security Service
No
Yes
IPS Service
Yes (Requires separate Hardware module)
Yes (Does not require separate hardware module)
Content Security Service
Yes (Requires separate Hardware module)
Similar functionality available through Cloud Web Security (formerly known as ScanSafe)
Firewall 300 Mbps Throughput (Max)
1.2 Gbps
IPS Throughput (Max)
300 Mbps
400 Mbps
VPN Throughput (Max)
170 Mbps
250 Mbps
Connections (Max)
100,000
250,000
Connections Per Second
9,000
15,000
Integrated I/O
2GE Copper and 3FE
6 GE Copper
Expansion I/O
4-port GE Copper, or 4-port GE SFP
6-port GE Copper 6-port GE SFP
CPU
Single core
Multiple cores
Memory
1 GB
8 GB
Hardware support for 2048-bit certificates
No
Yes
USB thumb drive support
No
Yes (can be used to store logs and configuration files)
More Related… Migration to Cisco NGFW Does Cisco ASA 5500-X Series Support Both IPS and AVC/WSE in One Box? EoS and EoL Announcement for the Cisco ASA 5512-X and ASA 5515-X