Networks Training

New Cisco ASA 5506-X / 5508-X will replace ASA 5505

asa 5505

Currently the smallest ASA appliance is the 5505 which has been in the market for several years with millions of installations worldwide. This small, passively cooled firewall still receives all the latest ASA software upgrades and features and has been a favorite firewall appliance for SOHO or Small/Medium Businesses.

The ASA 5505 is equipped with 8-port 10/100Mbps switch ports with 2 of them having Power over Ethernet (PoE) capabilities. However, the 100Mbps started to be a bottleneck for some networks.

Cisco is finally planning some new lower-end models that will be the successors of the 5505. There is no official public information yet but I have heard that the new models will be the ASA 5506-X (with 5506W-X variant) and the ASA 5508-X.

EDIT: The ASA 5506-X has been released since 2014. Here is a basic configuration guide for 5506-X.

The new models are supposed to have the FirePOWER engine and also equipped with Gigabit ports. The FirePOWER module (most probably will be a software module on the low-end modules) offers next-generation firewall services, including Next-Generation Intrusion Prevention System (NGIPS), Application Visibility and Control (AVC), URL filtering, and Advanced Malware Protection (AMP). However, I don’t know which of the above services will be able to run on the 5506-X / 5508-X and what the licensing and other requirements will be.

MORE READING:  Connections and Translations on Cisco ASA Firewalls

Again, there is no public release info from Cisco yet but stay tuned and will be announced pretty soon. That will be an interesting development for the ASA family of products.

Related Posts

Filed Under: Cisco ASA General

Download Cisco Commands Cheat Sheets

Enter your Email below to Download our Free Cisco Commands Cheat Sheets for Routers, Switches and ASA Firewalls


By submitting this form, you agree that the information you provide will be transferred to Elastic Email for processing in accordance with their Terms of Use and Privacy Policy. Also, you allow me to send you informational and marketing emails from time-to-time.












Comments

  1. Bengt Akerberg says

    Dear Harris, i’t really time for Cisco to take a grip within this segment products since the other ones like CheckPoint, Palo Alto, Watchguard do have complete UTM/IDS… sollutions on the market since realitve long time back.

    I think the company acquisition of the FirePower technology is mandatory
    for Cisco to stay in the competition.
    I’ve been on some Cisco seminars about the “Next Generation” firewalls and it’s very interesting.
    Juniper with SRX do not have a “own” complete sollution as they rely on other partners to get a complete solution, but they are working on it I heard.

    Thank You for the information.

    Best Regards
    Bengt Akerberg

  2. BlogAdmin says

    Yes I totally agree with you Bengt.

    The ASA has been behind the competitors in terms of UTM solutions. Especially in small to medium businesses, the UTM concept is much more appealing rather than having separate boxes for each different task (firewall, IPS etc).

  3. DMS says

    Cisco had rested on their laurels of the ASA platform for a long time. The fact that they continue the “bolt on” approach via modules is far from ideal considering what the competition brings to the table (i.e., Palo Alto). However, Palo Alto remains a point product while Cisco can offer a complete Edge Security solution all in house (Client Identity for instance) and make no mistake about it, the acquisition of Sourcefire is a major deal for Cisco Security.

    From what I see thus far, ASA with FirePOWER services is a major player and far exceeds the previous “NGFW” attempt that was Cisco CX. Now if they can only condense manageability into one product FireSIGHT then that is yet another major step forward.

    I’d like to see Cisco reinvent the ASA from the ground up, there should be no modules and traffic flow should not be redirected into a module only to exit and the ASA perform final services (NAT etc) but that may be asking too much?

  4. BlogAdmin says

    Great points here. Yeah, the greatest advantage of Cisco is that they can offer you complete end-to-end security solutions and Sourcefire will be a major component of their ecosystem. I hope they make advancements also in their “management systems” because that was one of their weak areas so far. If you see the management system of Checkpoint for example you will be blown away :)

  5. Wayne says

    I’ve Engineered Enterprise Networks utilizing all the big names, from Cisco, Juniper, Palo Alto, and Checkpoint. Cisco is status quo technology and if you know IOS you pretty much going to be able configure an ASA. Juniper requires you to know Unix, if your using there SRX platform. With Palo Alto there is a learning curve, but if you need an Internet Edge device then you’ll be in Good shape. I’d lump Checkpoint in the same boat as Palo Alto, but for a company that has been around since the beginning of the Internet, they have taken a lot of different roads to get where they are today. If you remember when Checkpoint was just a Software based Firewall then your like me, there Secure OS was OK, and the Crossbeam line was OK, but with current Gaia OS coupled with the Large suite of appliances I think they have finally got it right. Note, if your not a fan of the the RXX dashboards, they rewrote the new version as a multi-tenant manager called R80.

  6. BlogAdmin says

    Yeah I agree that Checkpoint is one of the leaders in this game. Except their prices are a little “stiff”.

  7. Marco says

    http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/models-comparison.html

    High-availability support A/S* (requires security plus license …)
    No problem for Security Plus License, no problem hor HA A/S.
    But if it dont manage Dual Isp A/A … 5506 is better of 5505 but have same limitations.

    I want to use both ISPs at the same time!
    One for http and other for SMTP.
    in the absence of this feature … 5506 is the same of 5505, only more maximum .

    Meraki is better for Dual ISP ?

  8. BlogAdmin says

    Meraki is more flexible for dual ISPs indeed. Also, 5506 will support Firepower which the 5505 does not.

  9. Don't Believe The Hype says

    I can tell you Cisco is far behind the competition when it comes to the UTM/NGFW discussion. Their performance for the price people are willing to pay amazes me. Palo Alto, Fortinet, Sonicwall are all much better firewall options, in regards to performance, functionality and then when you add price into the equation it’s not even comparable. The SourceFire acquisition helps it actually to getting to a true UTM firewall, but they are still just slapping that onto the ASA’s and it kills their performance. Maybe that will change with an ASA hardware refresh, but right now they still have a lot of catching up to do in this area. People will just blindly throw money at it, because it’s “Cisco” though. Like moths to a flame.

  10. HEC says

    Hello Harris.
    I have bought all your books and they are very good and useful.
    Help us and make your book about the Cisco New Generation Firewall (5500 X) we all will appreciate it.
    Thank you

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Networks Training

We Provide Technical Tutorials and Configuration Examples about TCP/IP Networks with focus on Cisco Products and Technologies. This blog entails my own thoughts and ideas, which may not represent the thoughts of Cisco Systems Inc. This blog is NOT affiliated or endorsed by Cisco Systems Inc. All product names, logos and artwork are copyrights/trademarks of their respective owners.

Amazon Disclosure

As an Amazon Associate I earn from qualifying purchases.
Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

Suggested Cisco Training

CISCO CERTIFICATION TRAINING
CISCO CCNA 200-120 TRAINING
CCNA SECURITY 640-554 TRAINING
CCENT ICND1 TRAINING
CISCO ICND2 TRAINING
CISCO CCNP TRAINING