Feature Differences

From DocWiki

Jump to: navigation, search

Feature Differences

The following table lists the feature differences between FWSM and ASA.

Feature FWSM Description ASA Description
Authentication support when sessioning to system context in multiple mode

aaa authentication telnet console command from admin context

In multi mode AAA commands cannot be configured in system context. However, telenet authenication in admin context is used for authenticating sessions from the supervisor engines that enter system context. Does not have session command support, so AAA authentication in the admin context is not used by the system context.
IPSec in multimode

(managment only)

IPSec is supported for management purposed in multimode. No IPSec support in multimode.
Mixed mode support

CLI: firewall transparent

This is a feature in FWSM in which the firewall mode can be set in each context in multimode. Not supported in ASA, and the firewall mode is set for the entire device.
Bridge Groups

CLI: bridge-group interface bvi

This feature in FWSM increased the number of interfaces in transparent mode to eight pairs from a single pair. Not supported in ASA.
Asymmetric Routing

(non active/active mode)

When asymmetic routing was introduced in FWSM, the active/active restriction that is present in ASA was removed. Supported in active/active mode only.
BGP Stub Routing

CLI: router bgp bgp router-id neighbor remote-as neighbor password network

Supported in FWSM. Not supported in ASA.
Failover preemption for active/standby failover FWSM can be configured in an active/standby scenario. When configured, the primary unit always becomes active after a certain time in the following cases:

1. When the primary unit fails and the secondary unit becomes active.

2. When the secondary unit boots before the primary unit, and the secondary unit becomes active.

Not supported in ASA.
Trusted Flow Acceleration

CLI: service-acceleration set connect advanced options

This feature lets the FWSM take advantage of the processing power of the switch supervisor engine that allows for increased throughput by installing EARL shortcuts. Not supported in ASA.
Route Health Inspection

CLI: redistribute connected redistribute nat redistribute static route-inject

This feature installs connected, static, NAT pool routes configured on the FWSM into MSFC on a per-contxt basis. MSFC can then redistribute the routes. Not supported in ASA.
PISA Integration

CLI: deny permit

The FWSM uses this feature to leverage the high-performance deep packet inspection of the PISA card so that it can permit or deny traffic based on the application type. Not supported in ASA.
DHCP Relay interface specific servers

CLI: dhcprelay server <ip_address> interface vlan <vlan id>

FWSM added this feature in 3.2(1). With this feature, users can configure interface specific DHCP servers. The dhcprelay server command can be configured in global mode and in interface specific mode. Not supported in ASA.
Stateful Failover Uauth Table Replication FWSM supports replicating Uauth Table in the failover peer when stateful failover is configured. Not supported in ASA.

Rating: 1.5/5 (2 votes cast)

Personal tools