Just an FYI the new firepower ASAs have been announced

dlots · February 19, 2016, 10:09:59 AM

The new FirePowers have been announced and they are moving the ASA feature set into them, very limited feature set at the moment though (hope you don't want things like EIGRP, or VPN capabilities). They are monster boxes to at ~20Gb for the smallest one. No management will be done on them, all management is done at the Firepower Management Center thingy (no more CLI or ASDM). Also my understanding is that they will run as a VM.

http://www.cisco.com/c/en/us/products/security/firepower-4100-series/index.html

deanwebb · February 19, 2016, 11:29:01 AM

Interesting. Do they ship pre-patched for the ASA vulnerabilities?

mmcgurty · February 19, 2016, 11:49:10 AM

Quote from: deanwebb on February 19, 2016, 11:29:01 AM
Interesting. Do they ship pre-patched for the ASA vulnerabilities?

Doubtful. More than likely it will contain more vulnerabilities/bugs that you will bug test for them.

Otanx · February 19, 2016, 02:06:49 PM

The datasheet shows throughput numbers for VPN/IPSec so it looks like it will do that at least. I would love to play with a couple of these, but I don't want to be the first one running them in production.

datasheet - http://www.cisco.com/c/en/us/products/collateral/security/firepower-4100-series/datasheet-c78-736661.html

-Otanx

deanwebb · February 19, 2016, 02:15:52 PM

We might get to be among the first at a few sites...

wintermute000 · February 23, 2016, 03:50:16 AM

2 Maximum throughput with User Datagram Protocol (UDP) traffic measured under ideal test conditions.

HA! Let the firewall spec wars and vendor test methodology accusations begin anew. *cough fortinet numbers cough*

seriously though, its a bit strange how there's no low-mid level offerings (around the 1Gb throughput range) to compete around the SRX340, PA-3020, Fortinet 500D etc. arena.

Reggle · February 23, 2016, 04:07:47 AM

The Fortinet numbers really are that good. Unless you check *any* kind of NGFW-functionality...

NetworkGroover · February 23, 2016, 11:07:52 AM

Quote from: mmcgurty on February 19, 2016, 11:49:10 AM
Quote from: deanwebb on February 19, 2016, 11:29:01 AM
Interesting. Do they ship pre-patched for the ASA vulnerabilities?

Doubtful. More than likely it will contain more vulnerabilities/bugs that you will bug test for them.

Heh heh heh

Otanx · February 23, 2016, 01:10:19 PM

Quote from: wintermute000 on February 23, 2016, 03:50:16 AM
seriously though, its a bit strange how there's no low-mid level offerings (around the 1Gb throughput range) to compete around the SRX340, PA-3020, Fortinet 500D etc. arena.

Wouldn't the low end be covered by the ASAs with FirePOWER? To me these just extend the product line above the 5585-X.

-Otanx

Dieselboy · February 28, 2016, 09:36:03 PM

Quote from: deanwebb on February 19, 2016, 11:29:01 AM
Interesting. Do they ship pre-patched for the ASA vulnerabilities?

This made me laugh

dlots · February 29, 2016, 10:29:02 AM

I would advise against buying version 1 of any Cisco hardware system.

Otanx · February 29, 2016, 05:19:28 PM

Quote from: dlots on February 29, 2016, 10:29:02 AM
I would advise against buying version 1 of any ~~Cisco hardware~~ system.

Fixed that for you

-Otanx