In January 2011 Cisco announced the newest Cisco ASA 5500 version 8.4. This release is coming after almost one year from the previous major release (version 8.3 was introduced in Feb-March 2010).
You can upgrade to version 8.4 from any previous ASA version but you should know that if your current software release is older than 8.3, you will need memory upgrade as well (for ASA models 5505, 5510, 5520, 5540). Also, ASA version 8.4 requires ASDM GUI version 6.4 and later.
Most Notable Changes in new version
There are not many important changes compared to 8.3 and older except a couple of new features such as EtherChannel support, stateful failover with dynamic routing protocols, ability to see the top CPU processes etc. In more detail:
This is the biggest change in my opinion. With EtherChannel (supported on 5510 and higher models) you can group together up to eight physical interfaces which can form one EtherChannel group (up to 48 EtherChannel groups can be created).
Therefore, you can have flexible incremental bandwidth since the EtherChannel technology allows bandwidth aggregation in multiples of 100Mbps, 1Gbps, or 10Gbps depending on the speed of the aggregated physical links. Also, resiliency and load balancing between the links is improved.
Stateful Failover with Dynamic Routing Protocols
In the past, when you had dynamic routing protocols configured on the device (such as OSPF, EIGRP) and the device was running in Active/Standby redundancy mode, any failover from the active to the standby device resulted in losing all dynamically learned routes.
Now, routes that are learned through dynamic routing protocols on the active unit are now maintained in a Routing table on the standby unit. Upon a failover event, traffic on the secondary unit now passes with minimal disruption because routes are already known on the secondary standby unit.
Show Top CPU Processes
You can now monitor the processes running on the device and see how much CPU is consumed by each process. Use the command show process cpu-usage sorted.
The new release increases some scalability features (such as number of Vlans, connections, contexts, Anyconnect VPN sessions etc) mainly on higher end models such as 5580, 5585-X.
The full additional feature list can be found on the official Cisco release notes here.
- Configuring Connection Limits on Cisco ASA Firewalls – Protect from DoS
- Configuring AAA Authentication-Authorization-Accounting on Cisco ASA Firewall (TACACS+, RADIUS)
- Cisco ASA Firewall Management Interface Configuration (with Example)
- How to Configure Access Control Lists on a Cisco ASA 5500/5500-X Firewall (with Examples)
- Cisco ASA Firewall Packet Tracer for Network Troubleshooting