Feature Differences
From DocWiki
(Difference between revisions)
(New page: ==Feature Differences== The following table lists the implicit behavioral differences between FWSM and ASA. {| border="1" cellpadding="2" !width="250" align="left" style="background:#99CCF...) |
|||
Line 1: | Line 1: | ||
==Feature Differences== | ==Feature Differences== | ||
- | The following table lists the | + | The following table lists the feature differences between FWSM and ASA. |
{| border="1" cellpadding="2" | {| border="1" cellpadding="2" | ||
!width="250" align="left" style="background:#99CCFF;" |'''Feature''' | !width="250" align="left" style="background:#99CCFF;" |'''Feature''' |
Revision as of 21:02, 28 August 2009
Feature Differences
The following table lists the feature differences between FWSM and ASA.
Feature | FWSM Description | ASA Description |
---|---|---|
Authentication support when sessioning to system context in multiple mode
aaa authentication telnet console command from admin context | In multi mode AAA commands cannot be configured in system context. However, telenet authenication in admin context is used for authenticating sessions from the supervisor engines that enter system context. | Does not have session command support, so AAA authentication in the admin context is not used by the system context. |
IPSec in multimode
(managment only) | IPSec is supported for management purposed in multimode. | No IPSec support in multimode. |
Mixed mode support
CLI: firewall transparent | This is a feature in FWSM in which the firewall mode can be set in each context in multimode. | Not supported in ASA, and the firewall mode is set for the entire device. |
Bridge Groups
CLI: bridge-group interface bvi | This feature in FWSM increased the number of interfaces in transparent mode to eight pairs from a single pair. | Not supported in ASA. |
Asymmetric Routing
(non active/active mode) | When asymmetic routing was introduced in FWSM, the active/active restriction that is present in ASA was removed. | Supported in active/active mode only. |
BGP Stub Routing
CLI: router bgp bgp router-id neighbor remote-as neighbor password network | Supported in FWSM. | Not supported in ASA. |
Failover preemption for active/standby failover | FWSM can be configured in an active/standby scenario. When configured, the primary unit always becomes active after a certain time in the following cases:
1. When the primary unit fails and the secondary unit becomes active. 2. When the secondary unit boots before the primary unit, and the secondary unit becomes active. | Not supported in ASA. |
Trusted Flow Acceleration
CLI: service-acceleration set connect advanced options | This feature lets the FWSM take advantage of the processing power of the switch supervisor engine that allows for increased throughput by installing EARL shortcuts. | Not supported in ASA. |
Route Health Inspection
CLI: route-inject redistribute nat redistribute connected redistribute static | This feature installs connected, static, NAT pool routes configured on the FWSM into MSFC on a per-contxt basis. MSFC can then redistribute the routes. | Not supported in ASA. |
PISA Integration
CLI: permit deny | The FWSM uses this feature to leverage the high-performance deep packet inspection of the PISA card so that it can permit or deny traffic based on the application type. | Not supported in ASA. |
DHCP Relay interface specific servers
CLI: interface vlan <vlan id> dhcprelay server <ip_address> | This feature is Uauth for FWSM. | |
Stateful Failover Uath Table Replication | FWSM supports replicating Uauth Table in the failover peer when stateful failover is configured. | Not supported in ASA. |