What replaces the ASA5525?

The FPR1150 is a direct replacement for a Cisco ASA 5525-X.

The Cisco ASA 5525-X is now End of Life and Cisco Support for the ASA5525 Adaptive Security Appliance will cease in September 2025, Cisco recommends that Customers with ASA5525-X products migrate to the Firepower 1000 series firewalls.

The direct replacement for the ASA5525 would be the FPR1150 which can be configured as an ASA initially and reimaged as an FPR NGFW as required.

Assuming your ASA5525 is running as an ASA then the transition to the FPR1150 should be straightforward.

If, however, you would like to upgrade from the Layer 4 ASA Firewall to a Layer 7 NGFW then Cisco recommend the FPR1150-NGFW-K9.

Layer 4 is the OSI Transport Layer, where TCP and UDP function.

Layer 7 is the OSI Application Layer, where Apps such as Facebook and Linkdin function – if you want to manage these then you need NGFW.

FPR1150-ASA-K9

Table of Contents

Replace your ASA5525 with an FPR1150 ASA

ASA5525-X Max Performance FRP1010 Models Max Performance
ASA5525-X
FW 2Gpbs
FPR1150-ASA-K9
Statefull FW 7.5Gbps

Correct as at July 2023 – latest specifications are available on cisco.com

Note that the ASA5525-X refers to the following Cisco ASA 5525 models models running the ASA image without any Firepower FTD enabled or installed.

The FPR1150-ASA is a direct replacement for the ASA5525 and will provide improved performance plus a path to upgrade beyond access control and traffic filtering.

With very few changes, the configuration from your ASA5525 can be pasted directly into your ASA imaged FPR1150, and the only requirement is for the essential license be available in your Smart Account.

ASA5525 to FPR1150 Requirements

As a minimum the FPR1150 requires an essentials feature license to function with the ASA image.

How to replace your ASA5525 with an FPR1150-ASA

Buy FPR1150-ASA-K9 or FPR1150-ASA-K9-RF

The FPR1150-ASA-K9 is a direct replacement for your ASA5525-X.

Offering up to 7.5Gbps Firewall performance and running the ASA Firewall image it will (mostly) accept your existing ASA Config for a minimum downtime hardware upgrade.

Our FPR1150-ASA-K9 is delivered direct from Cisco, will be fully licensed and eligible for Smart Net support should you require it.

We also offer the FPR1150-ASA-K9-RF from Cisco Refresh and FPR1150-ASA-K9-WS from Cisco Excess, these models will be cheaper but could be in short supply.

FPR1000-ASA FPR1150 Essentials License - required

Your FPR1150 needs to have an essentials license (FPR1000-ASA) available in your Cisco Smart Account to register against the device. We include this with our FPR1150-ASA-K9 products but FPR devices from other suppliers may not have this license so we can obtain it for you and provision it to your Smart Account.

Don’t have a Smart Account? Sign up for one here.

Cisco Smart Net for FPR1150-ASA-K9

FPR1150 Cisco Software Support - optional

Cisco Smart Net is Cisco’s award winning support service.

By adding a support contract to your FPR you will gain access to the latest versions of both the ASA and FTD software images, as well as obtaining direct access to Cisco Engineers to assist in the setup and migration of your ASA.

CON-SNT-FPR1150 FPR1010 Cisco Smart Net - recommended

Cisco Smart Net is Cisco’s award winning support service.

By adding a support contract to your FPR you will gain access to the latest versions of both the ASA and FTD software images, as well as obtaining direct access to Cisco Engineers to assist in the setup and migration of your ASA.

This version of Smart Net adds Next Business Day hardware replacement should your FPR1150 develop a fault.

FPR1K-ENC-K9 Strong Encryption (3DES/AES) License

Insufficient Cisco Firepower 1K Series ASA Strong Encryption (3DES/AES) Licenses

Cisco Firepower 1K Series ASA Strong Encryption (3DES/AES)

When the Cisco Firepower 1K Series ASA Strong Encryption (3DES/AES) has been applied you may received an “insufficient licenses” message, this denotes that your Smart Account does not have enough FPR1K-ENC-K9 Licenses and they need to be provisioned. The licenses are free but we charge for the admin required to obtain them.

FPR1K-ENC-K9 Strong Encryption (3DES/AES) License

Once the above Essentials License has been registered the Smart Software Manager will also apply the Strong Encryption License – but only if your Smart Account has permission.

If your Smart Account is not authorized for strong encryption you can (subject to Cisco approval) manually add a strong encryption license to your Smart account to enable the 3DES/AES.

FPR1000 Rack Mounted Models

FPR1120-ASA-K9
Features FPR1120 FPR1140 FPR1150
Throughput
4.5Gbps
6Gbps
7.5Gbs
Connections
200k
400k
600k

FPR1150 NGFW Differences to FPR1150 ASA

The FPR1150-ASA and the FPR1150-NGFW are essentially the same device, the only difference being the image that the device is currently running.

Loading the NGFW image adds application visibility and control and can be licensed to also provide:

0
    0
    Your Cart
    Your cart is emptyReturn to Shop