Feature Differences
From DocWiki
Feature Differences
The following table lists the feature differences between FWSM and ASA.
| Feature | FWSM Description | ASA Description |
|---|---|---|
| Authentication support when sessioning to system context in multiple mode
aaa authentication telnet console command from admin context | In multi mode AAA commands cannot be configured in system context. However, telenet authenication in admin context is used for authenticating sessions from the supervisor engines that enter system context. | Does not have session command support, so AAA authentication in the admin context is not used by the system context. |
| IPSec in multimode
(managment only) | IPSec is supported for management purposed in multimode. | No IPSec support in multimode. |
| Mixed mode support
CLI: firewall transparent | This is a feature in FWSM in which the firewall mode can be set in each context in multimode. | Not supported in ASA, and the firewall mode is set for the entire device. |
| Bridge Groups
CLI: bridge-group interface bvi | This feature in FWSM increased the number of interfaces in transparent mode to eight pairs from a single pair. | Not supported in ASA. |
| Asymmetric Routing
(non active/active mode) | When asymmetic routing was introduced in FWSM, the active/active restriction that is present in ASA was removed. | Supported in active/active mode only. |
| BGP Stub Routing
CLI: router bgp bgp router-id neighbor remote-as neighbor password network | Supported in FWSM. | Not supported in ASA. |
| Failover preemption for active/standby failover | FWSM can be configured in an active/standby scenario. When configured, the primary unit always becomes active after a certain time in the following cases:
1. When the primary unit fails and the secondary unit becomes active. 2. When the secondary unit boots before the primary unit, and the secondary unit becomes active. | Not supported in ASA. |
| Trusted Flow Acceleration
CLI: service-acceleration set connect advanced options | This feature lets the FWSM take advantage of the processing power of the switch supervisor engine that allows for increased throughput by installing EARL shortcuts. | Not supported in ASA. |
| Route Health Inspection
CLI: redistribute connected redistribute nat redistribute static route-inject | This feature installs connected, static, NAT pool routes configured on the FWSM into MSFC on a per-contxt basis. MSFC can then redistribute the routes. | Not supported in ASA. |
| PISA Integration
CLI: deny permit | The FWSM uses this feature to leverage the high-performance deep packet inspection of the PISA card so that it can permit or deny traffic based on the application type. | Not supported in ASA. |
| DHCP Relay interface specific servers
CLI: dhcprelay server <ip_address> interface vlan <vlan id> | FWSM added this feature in 3.2(1). With this feature, users can configure interface specific DHCP servers. The dhcprelay server command can be configured in global mode and in interface specific mode. | Not supported in ASA. |
| Stateful Failover Uauth Table Replication | FWSM supports replicating Uauth Table in the failover peer when stateful failover is configured. | Not supported in ASA. |
