Nowadays, Cisco ASA 5585-X Series plays a vital role in the Data Center that is more important to the enterprise than ever before. To the need for high performance and scalable network security today, ASA 5580 was introduced to meet the 5 Gbps and 10 Gbps needs of campuses and data centers.
Compared with other firewalls, what are the main highlights of Cisco ASA 5585-X series in data center? Here we list some main points:
1. Expanding the performance envelope of the ASA 5500 Series to offer 2 Gbps to 20 Gbps of real-world HTTP traffic and 35 Gbps of large packet traffic.
2. Supporting up to 350,000 connections per second and a total of up to two million simultaneous connections initially, and is slated to support up to eight million simultaneous connections.
The ASA 5585-X is highly suitable for the security needs of organizations with the most demanding applications, such as voice, video, and data backup, scientific or grid computing, and financial trading systems.
There are main four Cisco ASA 5585-X models: Cisco ASA 5585-X with SSP-10, Cisco ASA 5585-X with SSP-20, Cisco ASA 5585-X withSSP-40, Cisco ASA 5585-X with SSP-60. Which one fits you perfectly? Let’s check the following table of main ASA 5585-X model comparison:
| Cisco ASA Model | ASA 5585-X with SSP10 | ASA 5585-X with SSP20 | ASA 5585-X with SSP40 | ASA 5585-X with SSP60 | ASA Services Module | |||
| Stateful Inspection throughput (max1) | 4 Gbps | 10 Gbps | 20 Gbps | 40 Gbps | 20 Gbps | |||
| Stateful Inspection throughput (multiprotocol2) | 2 Gbps | 5 Gbps | 10 Gbps | 20 Gbps | 16 Gbps | |||
| Next-Generation throughput3(multiprotocol) | 2 Gbps (with ASA CX SSP-10) |
5 Gbps (with ASA CX SSP-20) |
9 Gbps (with ASA CX SSP-40) |
13 Gbps (with ASA CX SSP-60) |
Not available | |||
| IPS throughput4(multiprotocol) | 2 Gbps (with IPS SSP-10) |
3 Gbps (with IPS SSP-20) |
5 Gbps (with IPS SSP-40) |
10 Gbps (with IPS SSP-60) |
Not available | |||
| Concurrent sessions | 1,000,000 | 2,000,000 | 4,000,000 | 10,000,000 | 10,000,000 | |||
| Connections per second | 50,000 | 125,000 | 200,000 | 350,000 | 300,000 | |||
| Packets per second (64 byte) | 1,500,000 | 3,000,000 | 5,000,000 | 9,000,000 | 5,000,000 | |||
| 3DES/AES VPN throughput5 | 1 Gbps | 2 Gbps | 3 Gbps | 5 Gbps | 2 Gbps | |||
| AnyConnect or clientless VPN user sessions6(AnyConnect license required) | 5,000 | 10,000 | 10,000 | 10,000 | 10,000 | |||
| AnyConnect or clientless VPN user sessions | 5,000 | 10,000 | 10,000 | 10,000 | 10,000 | |||
| Cisco Cloud Web Security users | 7,500 | 7,500 | 7,500 | 7,500 | 7,500 | |||
| Integtrated I/O | 8-port 10/100/1000 and 2-port 10 GE (SFP+)6 | 8-port 10/100/1000 and 2-port 10 GE (SFP+)7 | 6-port 10/100/1000 and 4-port 10 GE (SFP+) | 6-port 10/100/1000 and 4-port 10 GE (SFP+) | Provided by the switch or router | |||
| Expansion I/O8 | 8-port 10 GE(SFP/SFP+) or 4-port 10 GE(SFP/SFP+) or 20-port 1 GE (12-port 1 GE SFP and 8-port 10/100/1000) |
Provided by the switch or router | ||||||
| Dual power supplies | Yes | Yes | Yes | Yes | Yes. Provided by the switch or router | |||
| VLANs | 1,024 | 1,024 | 1,024 | 1,024 | 1,000 | |||
| High-availability support9 | 1,024 | 1,024 | 1,024 | 1,024 | 1,000 | |||
| Power | AC | AC | AC | AC | AC/DC provided by the switch or router | |||
1 Maximum throughput with UDP traffic measured under ideal test conditions
2 Multiprotocol = Traffic profile consisting primarily of TCP-based protocols/applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS.
3 Throughput was measured using ASA CX Software Release 9.1.1 with multi-protocol traffic profile with both Application Visibility Control (AVC) and Web Security Essentials (WSE). Traffic logging was enabled as well.
4 Firewall traffic that does not go through IPS SSP module can have higher throughput.
5 VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken into consideration as part of your capacity planning. Maximum throughput numbers are based on IPsec IKEv1 Remote Access VPN Connectivity.
6 AnyConnect Premium User Licenses are included by default
7 Requires a separate license
8 Half-width modules
9 A/A = Active/Active; A/S = Active/Standby
Tips: By the way, if you wanna buy a Cisco ASA 5585-X series, the content you will get includes as follows:
-Redundant Power Supplies
-2 RU Chassis
-Online Insertion and Removal Capable
-Up to 8 10gig SFP+ Interfaces
-Up to 12 1gig copper interfaces
-Multi-core processors
-Passive multi-gigabit backplane
-2 slots available for security services processors
-24 Gigabits of RAM per SSP module
More Cisco ASA Topics and Reviews:
Does Cisco ASA 5500-X Series Support Both IPS and AVC/WSE in One Box?
ASA 5505 vs. ASA 5510 vs. ASA 5512-X vs. ASA 5515-X
Cisco ASA IPS Module Configuration
Cisco ASA CX–Next Generation Firewall or Enterprise Firewall?
