Feature Differences
From DocWiki
Feature Differences
The following table lists the implicit behavioral differences between FWSM and ASA.
| Feature | FWSM Description | ASA Description |
|---|---|---|
| Authentication support when sessioning to system context in multiple mode
aaa authentication telnet console command from admin context | In multi mode AAA commands cannot be configured in system context. However, telenet authenication in admin context is used for authenticating sessions from the supervisor engines that enter system context. | Does not have session command support, so AAA authentication in the admin context is not used by the system context. |
| IPSec in multimode
(managment only) | IPSec is supported for management purposed in multimode. | No IPSec support in multimode. |
| Mixed mode support
CLI: firewall transparent | This is a feature in FWSM in which the firewall mode can be set in each context in multimode. | Not supported in ASA, and the firewall mode is set for the entire device. |
| Bridge Groups
CLI: bridge-group interface bvi | This feature in FWSM increased the number of interfaces in transparent mode to eight pairs from a single pair. | Not supported in ASA. |
| Asymmetric Routing
(non active/active mode) | When asymmetic routing was introduced in FWSM, the active/active restriction that is present in ASA was removed. | Supported in active/active mode only. |
| BGP Stub Routing
CLI: router bgp bgp router-id neighbor remote-as neighbor password network | Supported in FWSM. | Not supported in ASA. |
| Failover preemption for active/standby failover | FWSM can be configured in an active/standby scenario. When configured, the primary unit always becomes active after a certain time in the following cases:
1. When the primary unit fails and the secondary unit becomes active. 2. When the secondary unit boots before the primary unit, and the secondary unit becomes active. | Not supported in ASA. |
| Trusted Flow Acceleration
CLI: service-acceleration set connect advanced options | This feature lets the FWSM take advantage of the processing power of the switch supervisor engine that allows for increased throughput by installing EARL shortcuts. | Not supported in ASA. |
| Route Health Inspection
CLI: route-inject redistribute nat redistribute connected redistribute static | This feature installs connected, static, NAT pool routes configured on the FWSM into MSFC on a per-contxt basis. MSFC can then redistribute the routes. | Not supported in ASA. |
| PISA Integration
CLI: permit deny | The FWSM uses this feature to leverage the high-performance deep packet inspection of the PISA card so that it can permit or deny traffic based on the application type. | Not supported in ASA. |
| DHCP Relay interface specific servers
CLI: interface vlan <vlan id> dhcprelay server <ip_address> | This feature is Uauth for FWSM. | |
| Stateful Failover Uath Table Replication | FWSM supports replicating Uauth Table in the failover peer when stateful failover is configured. | Not supported in ASA. |
