Cisco Blogs


Cisco Blog > Security

A Firewall for Every Occasion

April 1, 2011
at 8:56 am PST

Few people in the world would disagree that a network firewall is an essential component for any size datacenter. In fact, operating without one could be considered by many to be network asset suicide! But adding a firewall to an existing datacenter is by no means a trivial task. In fact, the amount of work that would be required to re-cable every physical interface to properly tie it in with the rest of the network is enough to make many network administrators think twice about just how badly they really need that shiny new firewall, versus just sticking with what they have. Add to that the additional rack space, power, cooling, and management required by the new device, and some serious ROI questions may be raised.

Though these objections certainly provide fodder for reasonable pause, there are still numerous reasons to seriously consider a new firewall. As with any technology product, firewalls have come a long way over the past few years. If nothing else, the level of performance many enterprise-class firewalls have achieved over the past few years can singlehandedly justify the new purchase. Performance is of particular importance for many data centers, given the seemingly insatiable demand by end users for anytime, anywhere access to data, coupled with the not-so-unreasonable expectation of immediacy of access. This not only means much higher throughput, but an increase in connections per second and more concurrent connections, as well. More VLANs and a higher number of security contexts can also help the organization gain some phenomenal efficiency.

So we can agree that we need a robust firewall. We can probably even agree that it’s relatively simple to justify a new one that provides superior performance over what currently populates our racks. But the time, effort, and energy that will go into properly installing and configuring it – not to mention the ongoing management – can still present some considerable objections! This week Cisco made an announcement that can satisfy both sides of the argument. Rather than adding a full chassis-based firewall, why not get one in a blade form factor?

The Cisco Catalyst 6500 Series ASA Services Module uses the same architecture as the ASA 5585-X adaptive security appliance, converted into a blade that can run inside a Cisco Catalyst 6500 Series Switch. As such, it reaps many of the performance benefits of the ASA 5585-X, but in a form factor that can be integrated into an open slot within your existing Catalyst switch. The ASA Services Module provides twice the performance and four times the session count of competitive network security modules, supporting up to:

  • 20 Gbps maximum firewall throughput (max)
  • 16 Gbps maximum firewall throughput (multi-protocol)
  • 300,000 connections per second
  • 10 million concurrent connections
  • 250 security contexts
  • 1,000 VLANs

By integrating a firewall blade into your existing distribution switch, you can fully integrate security into the central point of the data center – with no need to worry about how many interfaces are needed, no re-cabling, and no need for any additional rack space. The blade simply slides into an empty slot in the chassis of your existing switch. What’s more, you gain unprecedented control with no physical limitations.

So the integrated solution allows you to save time and money, decrease your management burden, increase overall performance, and combine full-featured switching with enterprise-class security. Is there any reason not to do this?

For more about the new Cisco Catalyst 6500 Series ASA Services Module, view the following video from Chris Morosco, Cisco product manager for the ASA Services Module, or visit www.cisco.com/go/asasmc.

Tags: , , ,

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

2 Comments.


  1. Firewalls are an essential copponent for any size datacenter and any administrators that ignore this are taking serious risks with the data they are trying to protect.

       0 likes

  2. I’ve always have some doubts about what is better to deploy, an ASA appliance or a 6500 Firewall Module, some of the doubts have gone because your comparison between Performance and Deployment. Thanks for this post.

       0 likes