Cisco Announces New ASA 5585X High Speed Firewall and IPS Appliance

New ASA Hardware pushes 20Gbps at an astounding 350K Conns/Sec of real-world performance

Cisco announced the orderability of its new ASA hardware line called the ASA 5585X. It is made up of a single 5585X 2-slot chassis that has 4 different Security Service Processor (SSP) options. The top one, the SSP-60, is a screamer at over 35Gbps of large packet stateful firewall throughput and more importantly up to 350,000 connections per second setup rate. This type of setup rate is unprecedented and when you consider the ASA 5585X is only a 2RU platform just think of the performance per rack this little rocket can deliver. To say nothing of the power, cooling, space and reduced complexity that comes with a 2RU platform. If we take a 48RU rack then you could put up to 24 ASA 5585X's for a total performance number of a whopping 840Gpbs at 8.4 Million connections per second! To give you a point of reference the Juniper SRX5800 with similar performance to a single ASA 5585X takes up 16RU per platform or 3 per rack. So lets get into the details on what the ASA 5585X will offer.

The ASA 5585X is a hardware upgrade to next gen hardware but will run the existing ASA software. In fact, it will release with 8.2.3 code that has all the same features as 8.2.3 does on any other ASA platform. A future high speed IPS services module will also be released in the Q1CY11 timeframe as well. So the 5585x will be able to do firewall, IPS and VPN. VPN is up to 10,000 users of either ipsec or sslvpn with 5Gbps of throughput.

Here is a look at the hardware:


-Redundant Power Supplies
-2 RU Chassis
-Online Insertion and Removal Capable
-Up to 8 10gig SFP+ Interfaces
-Up to 12 1gig copper interfaces
-Multi-core processors
-Passive multi-gigabit backplane
-2 slots available for security services processors
-24 Gigabits of RAM per SSP module

Here is a look at product line:


Basically four different SSP models are available; SSP10, SSP20, SSP40 and SSP60. Only the SSP20 and SSP60 are orderable today. The SSP10 and SSP40 along with the IPS SSP line will be available in the Q1CY11 timeframe. The IPS SSP line will scale up to 10Gbps.

The potential of this platform is that it works very similarly to a catalyst 6500. To increase performance you just swap out your supervisor module (in this case your SSP) and put in the new shiny faster one. Given the massive backplane of this thing you'll be able to scale it for quite a while by just putting in new SSP modules as Cisco releases them. Another bonus is that the ASA 5585X is a 64bit architecture. Today the ASA code is just 32bit but when Cisco converts it to 64bit I'd expect you to see a free performance boost above the numbers that Cisco released today. If you have any other questions on the ASA 5585X just post them below.

For more info:
www.cisco.com/go/asa

For the ASA 5585X Datasheet see here
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/...

The opinions and information presented here are my PERSONAL views and not those of my employer. I am in no way an official spokesperson for my employer.

More from Jamey Heary:
* Credit Card Skimming: How thieves can steal your card info without you knowing it
* Google Nexus One vs. Top 10 Phone Security Requirements
* Why you should always shred your boarding pass
* Video rental records are afforded more privacy protections than your online data
* The truth about new SSL attacks
* 2009 Top Urban Legends in IT Security/a>

Go to Jamey’s Blog for more articles on security.

• Cisco
• Data Center
• Security
• 5585x
• asa 5585x
• cisco asa 5585x
• Cisco Security
• datacenter security
• Heary
• Jamey Heary
• security