Feature Differences

From DocWiki

(Difference between revisions)
Jump to: navigation, search
(New page: ==Feature Differences== The following table lists the implicit behavioral differences between FWSM and ASA. {| border="1" cellpadding="2" !width="250" align="left" style="background:#99CCF...)
(Feature Differences)
 
(One intermediate revision not shown)
Line 1: Line 1:
==Feature Differences==
==Feature Differences==
-
The following table lists the implicit behavioral differences between FWSM and ASA.
+
The following table lists the feature differences between FWSM and ASA.
{| border="1" cellpadding="2"
{| border="1" cellpadding="2"
!width="250" align="left" style="background:#99CCFF;" |'''Feature'''
!width="250" align="left" style="background:#99CCFF;" |'''Feature'''
Line 60: Line 60:
|Route Health Inspection
|Route Health Inspection
CLI:
CLI:
-
'''route-inject'''
 
-
'''redistribute nat'''
 
'''redistribute connected'''
'''redistribute connected'''
 +
'''redistribute nat'''
'''redistribute static'''
'''redistribute static'''
 +
'''route-inject'''
|This feature installs connected, static, NAT pool routes configured on the FWSM into MSFC on a per-contxt basis. MSFC can then redistribute the routes.
|This feature installs connected, static, NAT pool routes configured on the FWSM into MSFC on a per-contxt basis. MSFC can then redistribute the routes.
|Not supported in ASA.
|Not supported in ASA.
Line 69: Line 69:
|PISA Integration
|PISA Integration
CLI:
CLI:
-
'''permit'''
 
'''deny'''
'''deny'''
 +
'''permit'''
|The FWSM uses this feature to leverage the high-performance deep packet inspection of the PISA card so that it can permit or deny traffic based on the application type.
|The FWSM uses this feature to leverage the high-performance deep packet inspection of the PISA card so that it can permit or deny traffic based on the application type.
|Not supported in ASA.
|Not supported in ASA.
Line 76: Line 76:
|DHCP Relay interface specific servers
|DHCP Relay interface specific servers
CLI:
CLI:
-
'''interface vlan''' <''vlan id''>
 
'''dhcprelay server''' <''ip_address''>
'''dhcprelay server''' <''ip_address''>
-
|This feature is Uauth for FWSM.
+
'''interface vlan''' <''vlan id''>
 +
|FWSM added this feature in 3.2(1). With this feature, users can configure interface specific DHCP servers. The '''dhcprelay server''' command can be configured in global mode and in interface specific mode.
 +
|Not supported in ASA.
|-
|-
-
|Stateful Failover Uath Table Replication
+
|Stateful Failover Uauth Table Replication
|FWSM supports replicating Uauth Table in the failover peer when stateful failover is configured.
|FWSM supports replicating Uauth Table in the failover peer when stateful failover is configured.
|Not supported in ASA.
|Not supported in ASA.
|}
|}

Latest revision as of 22:27, 28 August 2009

Feature Differences

The following table lists the feature differences between FWSM and ASA.

Feature FWSM Description ASA Description
Authentication support when sessioning to system context in multiple mode

aaa authentication telnet console command from admin context

In multi mode AAA commands cannot be configured in system context. However, telenet authenication in admin context is used for authenticating sessions from the supervisor engines that enter system context. Does not have session command support, so AAA authentication in the admin context is not used by the system context.
IPSec in multimode

(managment only)

IPSec is supported for management purposed in multimode. No IPSec support in multimode.
Mixed mode support

CLI: firewall transparent

This is a feature in FWSM in which the firewall mode can be set in each context in multimode. Not supported in ASA, and the firewall mode is set for the entire device.
Bridge Groups

CLI: bridge-group interface bvi

This feature in FWSM increased the number of interfaces in transparent mode to eight pairs from a single pair. Not supported in ASA.
Asymmetric Routing

(non active/active mode)

When asymmetic routing was introduced in FWSM, the active/active restriction that is present in ASA was removed. Supported in active/active mode only.
BGP Stub Routing

CLI: router bgp bgp router-id neighbor remote-as neighbor password network

Supported in FWSM. Not supported in ASA.
Failover preemption for active/standby failover FWSM can be configured in an active/standby scenario. When configured, the primary unit always becomes active after a certain time in the following cases:

1. When the primary unit fails and the secondary unit becomes active.

2. When the secondary unit boots before the primary unit, and the secondary unit becomes active.

Not supported in ASA.
Trusted Flow Acceleration

CLI: service-acceleration set connect advanced options

This feature lets the FWSM take advantage of the processing power of the switch supervisor engine that allows for increased throughput by installing EARL shortcuts. Not supported in ASA.
Route Health Inspection

CLI: redistribute connected redistribute nat redistribute static route-inject

This feature installs connected, static, NAT pool routes configured on the FWSM into MSFC on a per-contxt basis. MSFC can then redistribute the routes. Not supported in ASA.
PISA Integration

CLI: deny permit

The FWSM uses this feature to leverage the high-performance deep packet inspection of the PISA card so that it can permit or deny traffic based on the application type. Not supported in ASA.
DHCP Relay interface specific servers

CLI: dhcprelay server <ip_address> interface vlan <vlan id>

FWSM added this feature in 3.2(1). With this feature, users can configure interface specific DHCP servers. The dhcprelay server command can be configured in global mode and in interface specific mode. Not supported in ASA.
Stateful Failover Uauth Table Replication FWSM supports replicating Uauth Table in the failover peer when stateful failover is configured. Not supported in ASA.

Rating: 1.5/5 (2 votes cast)

Personal tools