结合企业级状态检测和下一代防火墙功能
集成综合全面的下一代网络安全服务
采用久经考验的企业级平台
提供各种规模和外观以供选择
型号对比:
With Cisco ASA firewalls, you can integrate multiple enterprise-class, next-generation network security services without sacrificing performance. Cisco ASA combines the most deployed stateful inspection firewall in the industry with next-generation firewall capabilities.
Read more about the ASA 5505 and ASA 5500-X Series for small and branch offices.
Cisco ASA Model | ASA 5505 / Security Plus | ASA 5512-X / Security Plus | ASA 5515-X |
---|---|---|---|
Stateful Inspection throughput (max1) | Up to 150 Mbps | 1 Gbps | 1.2 Gbps |
Stateful Inspection throughput (multiprotocol2) | - | 500 Mbps | 600 Mbps |
Next-Generation throughput3 (multiprotocol) | - | 200 Mbps | 350 Mbps |
ASA IPS Throughput4 | Up to 75 Mbps with AIP SSC-5 | 250 Mbps (Extra hardware module not required) |
400 Mbps (Extra hardware module not required) |
Concurrent sessions | 10,000 /25,000 | 100,000 | 250,000 |
Connections per second | 4,000 | 10,000 | 15,000 |
Packets per second (64 byte) | 85,000 | 450,000 | 500,000 |
3DES/AES VPN throughput5 | 100 Mbps | 200 Mbps | 250 Mbps |
Site-to-site and IPsec IKEv1 client VPN user sessions | 10/25 | 250 | 250 |
Cisco AnyConnect or Clientless VPN User Sessions6 (AnyConnect license required) | 25 | 250 | 250 |
Cisco Cloud Web Security users | 25 | 2,000 | 3,000 |
VLANs | 3 (trunking disabled) / 20 (trunking enabled) | 50 / 100 | 100 |
High-availability support7 | Stateless Active/Standby Only* | Active/Acitve* and Active/Standby* | A/A and A/S |
Integrated I/O | 8-port FE with 2 Power over Ethernet (PoE) ports | 6-port 10/100/1000 | 6-port 10/100/1000 |
Expansion I/O | Not available | 6-port 10/100/1000 or 6-port GE (SFP) | 6-port 10/100/1000 or 6-port GE (SFP) |
Dual power supplies | Not available | Not available | Not available |
Power | AC/DC | AC/DC | AC/DC |
1 Maximum throughput with UDP traffic measured under ideal test conditions
2 Multiprotocol = Traffic profile consisting primarily of TCP-based protocols/applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS
3Throughput was measured using ASA CX Software Release 9.1.1 with multi-protocol traffic profile with both Application Visibility Control (AVC) and Web Security Essentials (WSE). Traffic logging was enabled as well.
4 Firewall traffic that does not go through IPS service can have higher throughput.
5 VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken into consideration as part of your capacity planning. Maximum throughput numbers are based on IPsec IKEv1 Remote Access VPN Connectivity.
6 2 AnyConnect Premium User Licenses are included by default
7 A/A = Active/Active; A/S = Active/Standby
* Requires security plus license
Cisco ASA next-generation firewalls are available in a wide range of sizes and performance levels to fit your network and budget. They also combine stateful inspection and next-generation firewall capabilities with a comprehensive suite of next-generation network security services. There's a solution to meet your evolving security needs — for security without compromise.
Read more about the ASA 5500 and ASA 5500-X Series for the Internet Edge.
Cisco ASA Model | ASA 5525-X | ASA 5545-X | ASA 5555-X |
---|---|---|---|
Stateful Inspection throughput (max1) | 2 Gbps | 3 Gbps | 4 Gbps |
Stateful Inspection throughput (multiprotocol2) | 1 Gbps | 1.5 Gbps | 2 Gbps |
Next-Generation throughput3 (multiprotocol) | 650 Mbps | 1 Gbps | 1.4 Gbps |
ASA IPS throughput4 | 600 Mbps (Extra hardware module not required) |
900 Mbps (Extra hardware module not required) |
1.3 Gbps (Extra hardware module not required) |
Concurrent sessions | 500,000 | 750,000 | 1,000,000 |
Connections per second | 20,000 | 30,000 | 50,000 |
Packets per second (64 byte) | 700,000 | 900,000 | 1,100,000 |
3DES/AES VPN throughput5 | 300 Mbps | 400 Mbps | 700 Mbps |
Site-to-site and IPsec IKEv1 client VPN user sessions | 750 | 2,500 | 5,000 |
AnyConnect or clientless VPN user sessions6 (AnyConnect license required) | 750 | 2,500 | 5,000 |
Cisco Cloud Web Security users | 500 | 1,500 | 3,000 |
VLANs | 200 | 300 | 500 |
High-availability support7 | A/A and A/S | A/A and A/S | A/A and A/S |
Integrated I/O | 8-port 10/100/1000 | 8-port 10/100/1000 | 8-port 10/100/1000 |
Expansion I/O | 6-port 10/100/1000 or 6-port GE (SFP) | 6-port 10/100/1000 or 6-port GE (SFP) | 6-port 10/100/1000 or 6-port GE (SFP) |
Dual Power Supplies | Not available | Yes | Yes |
Power | AC/DC | AC/DC | AC/DC |
1 Maximum throughput with UDP traffic measured under ideal test conditions
2 Multiprotocol = Traffic profile consisting primarily of TCP-based protocols or applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS.
3Throughput was measured using ASA CX Software Release 9.1.1 with multi-protocol traffic profile with both Application Visibility Control (AVC) and Web Security Essentials (WSE). Traffic logging was enabled as well.
4 Firewall traffic that does not go through IPS service can have higher throughput.
5 VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken into consideration as part of your capacity planning. Maximum throughput numbers are based on IPsec IKEv1 Remote Access VPN Connectivity
6 2 AnyConnect Premium User Licenses are included by default
7 A/A = Active/Active; A/S = Active/Standby
Cisco ASA firewalls protect networks of all shapes and sizes, with consistent security across hybrid infrastructures — physical, virtual, and cloud. These solutions combine the most deployed firewall in the industry with a full complement of next-generation network security services. They protect corporate networks while providing employees with secure access to data — anytime, anywhere, using any device.
Read more about the Cisco ASA firewalls for large enterprises and data centers.
Cisco ASA Model | ASA 5585-X with SSP10 | ASA 5585-X with SSP20 | ASA 5585-X with SSP40 | ASA 5585-X with SSP60 | ASA Services Module |
---|---|---|---|---|---|
Stateful Inspection throughput (max1) | 4 Gbps | 10 Gbps | 20 Gbps | 40 Gbps | 20 Gbps |
Stateful Inspection throughput (multiprotocol2) | 2 Gbps | 5 Gbps | 10 Gbps | 20 Gbps | 16 Gbps |
Next-Generation throughput3(multiprotocol) | 2 Gbps (with ASA CX SSP-10) |
5 Gbps (with ASA CX SSP-20) |
9 Gbps (with ASA CX SSP-40) |
13 Gbps (with ASA CX SSP-60) |
Not available |
IPS throughput4(multiprotocol) | 2 Gbps (with IPS SSP-10) |
3 Gbps (with IPS SSP-20) |
5 Gbps (with IPS SSP-40) |
10 Gbps (with IPS SSP-60) |
Not available |
Concurrent sessions | 1,000,000 | 2,000,000 | 4,000,000 | 10,000,000 | 10,000,000 |
Connections per second | 50,000 | 125,000 | 200,000 | 350,000 | 300,000 |
Packets per second (64 byte) | 1,500,000 | 3,000,000 | 5,000,000 | 9,000,000 | 5,000,000 |
3DES/AES VPN throughput5 | 1 Gbps | 2 Gbps | 3 Gbps | 5 Gbps | 2 Gbps |
AnyConnect or clientless VPN user sessions6(AnyConnect license required) | 5,000 | 10,000 | 10,000 | 10,000 | 10,000 |
AnyConnect or clientless VPN user sessions | 5,000 | 10,000 | 10,000 | 10,000 | 10,000 |
Cisco Cloud Web Security users | 7,500 | 7,500 | 7,500 | 7,500 | 7,500 |
Integtrated I/O | 8-port 10/100/1000 and 2-port 10 GE (SFP+)6 | 8-port 10/100/1000 and 2-port 10 GE (SFP+)7 | 6-port 10/100/1000 and 4-port 10 GE (SFP+) | 6-port 10/100/1000 and 4-port 10 GE (SFP+) | Provided by theswitch or router |
Expansion I/O8 | 8-port 10 GE(SFP/SFP+) or 4-port 10 GE(SFP/SFP+) or 20-port 1 GE (12-port 1 GE SFP and 8-port 10/100/1000) |
Provided by theswitch or router | |||
Dual power supplies | Yes | Yes | Yes | Yes | Yes. Provided by the switch orrouter |
VLANs | 1,024 | 1,024 | 1,024 | 1,024 | 1,000 |
High-availability support9 | 1,024 | 1,024 | 1,024 | 1,024 | 1,000 |
Power | AC | AC | AC | AC | AC/DC provided by the switch orrouter |
1 Maximum throughput with UDP traffic measured under ideal test conditions
2 Multiprotocol = Traffic profile consisting primarily of TCP-based protocols/applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS.
3Throughput was measured using ASA CX Software Release 9.1.1 with multi-protocol traffic profile with both Application Visibility Control (AVC) and Web Security Essentials (WSE). Traffic logging was enabled as well.
4 Firewall traffic that does not go through IPS SSP module can have higher throughput.
5 VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken into consideration as part of your capacity planning. Maximum throughput numbers are based on IPsec IKEv1 Remote Access VPN Connectivity.
6 2 AnyConnect Premium User Licenses are included by default
7 Requires a separate license
8 Half-width modules
9 A/A = Active/Active; A/S = Active/Standby
上一篇:没有了!
下一篇:没有了!