Today I caught word of a next generation of Cisco Adaptive Security Appliances (ASAs) that will be released in Q3 2010. Details are low, but it sounds like the focus of the next series will be around performance, and bundling the IDS functionality right on box. So to spare the marketing crap, here are the actual figures that I have heard.
- Cisco 5555, 5565, 5575, 5585 appliances.
- The 5555 Firewall performance starts out at about 4 Gbits/s with IDS functionality running at around 2 Gbits/s
- The 5585 performance is topping out at around 15 Gbits/s with IDS functionality into the 10 Gbit/s range.
- These devices will support ASA software version 8.4 which is also coming out soon, the main feature from that is direct Active Directory support, no more RADIUS/TACACS+ integration in between, but being able to directly talk LDAP and Active Directory.
- For the new appliances, the firewall services basically sits in its own unit, and an IDS/IPS is bolted onto the top, with both systems able to be logically configurable from each other. Each one of these systems also carries its own set of physical ports in case segregation beyond contexts is required.
To me this sounds like a response ( or at least a much needed hardware revision) to Juniper’s SRX platform which offers ASA type functionality with better performance numbers than Cisco’s current ASAs at the same price point.
However while my experience with Juniper is limited, I would be very interested to see their offerings since beyond the security aspects such as firewall/IDS/IPS and VPN, their SRX platforms offer full router functionality, and not the bizarrely crippled ASA software which does not support things such as GRE tunnels or full routing protocol suites.
Fun times ahead.