ASA 5505 vs. ASA 5510 vs. ASA 5512-X vs. ASA 5515-X




Cisco prepared multiple Cisco ASA firewalls to fit your network of all sizes. ASA 5505 and ASA 5500-X Series (such as the ASA 5505, ASA 5510,ASA 5512-X, and ASA 5515-X) were designed for small and branch offices.

To meet specific needs of small offices and branch offices, Cisco ASA 5500 and ASA 5500-X series next-generation firewalls can do as follows:

  •   Up to 1.2 Gbps of firewall throughput, 15,000 connections per second, and 250,000 concurrent sessions
  •   Supports up to 200 VLANs for improved network segmentation and security
  •   Supports up to 100 security contexts for multilevel control of security policies
  •   Capable of running multiple simultaneous network security services without sacrificing performance

Whether you are a small business with a single location, a midsize business, or a large enterprise with multiple branch offices, Cisco ASA 5500 and ASA 5500-X Series are the very right choice when you need one for your network. Some clients raised a question like this: “Next generation ASA 5512-X, 5515-X doesn’t require IPS module. Is that true?” “Can it block HTTPS web sites? Can it block HotSpot Shield or Ultra Surf?”

Well, you will get detailed answers and information of ASA 5505, ASA 5510, ASA 5512-X and ASA 5515-X in the following Cisco ASA model comparison. It is true that neither ASA 5512-X nor 5515-X require additional hardware for IPS module, it is already embedded.

Cisco ASA Model Comparison: ASA 5505 vs. ASA 5510 vs. ASA 5512-X vs. ASA 5515-X


asa 5505 vs. asa 5510 vs. asa 5512-x vs. asa 5515-x02

More Notes:

  1.     Maximum throughput with UDP traffic measured under ideal test conditions
  2.     Multiprotocol = Traffic profile consisting primarily of TCP-based protocols/applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS
  3.     Throughput was measured using ASA CX Software Release 9.1.1 with multi-protocol traffic profile with both Application Visibility Control (AVC) and Web Security Essentials (WSE). Traffic logging was enabled as well.
  4.     Firewall traffic that does not go through IPS service can have higher throughput.
  5.     VPN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken into consideration as part of your capacity planning. Maximum throughput numbers are based on IPsec IKEv1 Remote Access VPN Connectivity.
  6.      2 AnyConnect Premium User Licenses are included by default.
  7.      A/A = Active/Active; A/S = Active/Standby.
    * Requires security plus license

Cisco ASA Next-Generation Firewall provides services such as Application Visibility and Control (AVC) Services to control specific behaviors within allowed micro applications, Web Security Essentials (WSE) Services to restrict web and web application usage based on reputation of the site and Intrusion Prevention (IPS) to provide critical threat protection from internet edge related attacks on your personal use computing systems. Through Cisco Security Intelligence Operations (SIO), these services provide web reputation that protects against zero-day threats.

With these Cisco ASA firewalls, you can integrate multiple enterprise-classes, next-generation network security services without sacrificing performance. Cisco ASA combines the most deployed stateful inspection firewall in the industry with next-generation firewall capabilities.

More Related Cisco ASA 5500 Series

Cisco ASA5510 Vs ASA5512-X or Cisco 5515-X

Cisco ASA 5520 Basic Configuration Guide

Migrating from Cisco ASA 5500 Series to ASA 5500-X Series

Cisco ASA Failover, Failover Modes & ASA Failover Configuration

Using the Cisco 5500 Series Controller USB Console Port