Cisco Firewalls
8 August 2023
Cisco have stopped selling the ASA (Adaptive Security Appliance) 5500 firewalls – End of Life (EoL) and End of Support (EoS) dates have been announced for all ASA5500 models.
The Cisco ASA became one of the most widely used Firewall/VPN solutions for small to medium businesses, but they are now considered legacy and end of life.
We compare the Cisco Firewall options for customers looking to continue with the Cisco Firewall as their Security Solution.
BUYING A CISCO FIREWALL?
Get Guidance and Prices
ASA5500 Replacement Options
Replace your ASA 5500 with an FPR NGFW
The ASA5500 with Firepower Services has now reached End of Life and the Cisco recommended replacement is the FPR1000 or the FPR2100.
The following table compares performance of ASA models running the IPS and Application Visibility Firepower Services with Cisco FPR devices in the same configuration.
The recommendations are based on throughput, number and types of interface and spare capacity to allow for some future growth.
Note that the Cisco FPR NGFW includes Application Visibility Control as standard, but IPS requires a subscription license.
| ASA5500-X | AVC and IPS | Cisco Firepower | AVC and IPS | Refresh Price |
|---|---|---|---|---|
|
ASA5506-X |
125 Mbps |
FPR1010-NGFW-K9 |
650 Mpbs |
|
|
ASA5508-X |
125 Mbps |
FPR1120-NGFW-K9 |
1.5 Gbps |
|
|
ASA5512-X |
150 Mpbs |
FPR1120-NGFW-K9 |
1.5 Gbps |
|
|
ASA5515-X |
250 Mbps |
FPR1140-NGFW-K9 |
2.2 Gbps |
|
|
ASA5516-X |
450 Mbps |
FPR1140-NGFW-K9 |
2.2 Gbps |
|
|
ASA5525-X |
650 Mbps |
FPR1150-NGFW-K9 |
3 Gbps |
|
|
|
|
FPR2110-NGFW-K9 |
2.6 Gbps |
|
|
|
|
FPR2120-NGFW-K9 |
3.4 Gbps |
|
|
ASA5545-X |
1 Gbps |
FPR1150-NGFW-K9 |
3 Gbps |
|
|
|
|
FPR2130-NGFW-K9 |
5.4 Gbps |
|
|
ASA5555-X |
1.25 Gbps |
FPR1150-NGFW-K9 |
3 Gbps |
|
|
|
|
FPR2140-NGFW-K9 |
10.4 Gbps |
Cisco Firepower FPR1000 ASA Firewall Datasheet
The Cisco FPR1000 Firewall is available in two versions, the hardware is identical and the only difference is the image that is factory installed. The FPR1000-ASA models run the latest ASA Firewall Image, and the FPR1000-NGFW models run the FTD Threat Defense NGFW image.
Note that both versions can be reset to run as either an ASA or as an NGFW.
The FPR1000 hardware is available from Cisco Refresh at lower prices than new, the product is identical to the new version and benefits from a standard Cisco warranty and support eligibility.
Savings can sometimes be made if you are willing and able to re-image the FPR1000-ASA version to be an FPR1000-NGFW (Smart Net is required for software downloads).
| Features | FPR1010-ASA | FPR1120-ASA | FPR1140-ASA | FPR1150-ASA |
|---|---|---|---|---|
|
Throughput FW |
2 Gpbs |
4.5 Gbps |
6 Gbps |
7.5 Gbs |
|
IPsec VPN |
500 MBPS |
1 Gbps |
1.2 Gbps |
1.7 Gbps |
|
Connections |
100k |
200k |
400k |
600k |
|
1GE RJ45 |
6 |
8 |
8 |
8 |
|
1GE PoE+ RJ45 |
2 |
|
|
|
|
1GE SFP |
|
4 |
4 |
2 |
|
10GE SFP+ |
|
|
|
2 |
|
Price New |
||||
|
Cisco Refresh Price |
Cisco Firepower FPR1000 NGFW Firewall Datasheet
The Cisco FPR1000 NGFW Firewalls run the Cisco Firepower Threat Defense software now called Cisco Secure Firewall Threat Defense (FTD).
| Features | FPR1010-NGFW | FPR1120-NGFW | FPR1140-NGFW | FPR1150-NGFW |
|---|---|---|---|---|
|
Throughput FW/AVC/IPS |
650 Mbps |
1.5 Gbps |
2.2 Gbps |
3 Gbps |
|
IPsec VPN |
300 Mbps |
1 Gbps |
1.2 Gbps |
1.4 Gbps |
|
Connections |
100k |
200k |
400k |
600k |
|
1GE RJ45 |
6 |
8 |
8 |
8 |
|
1GE PoE+ RJ45 |
2 |
|
|
|
|
1GE SFP |
|
4 |
4 |
2 |
|
10GE SFP+ |
|
|
|
2 |
|
Price New |
$731.00 |
$2,439.10 |
$3,858.99 |
$7,362.72 |
|
Cisco Refresh Price |
$521.40 |
$1,600.43 |
$2,667.12 |
$7,196.81 |
Cisco Firepower FPR2100 ASA Firewall Datasheet
The Cisco FPR2100 Firewall is available in two versions, the hardware is identical and the only difference is the image that is factory installed. The FPR2100-ASA models run the latest ASA Firewall Image, and the FPR2100-NGFW models run the FTD Threat Defense NGFW image.
Note that both versions can be reset to run as either an ASA or as an NGFW.
The FPR2100 hardware is available from Cisco Refresh at lower prices than new, the product is identical to the new version and benefits from a standard Cisco warranty and support eligibility.
Savings can sometimes be made if you are willing and able to re-image the FPR2100-ASA version to be an FPR2100-NGFW (Smart Net is required for software downloads).
| Features | FPR2110-ASA | FPR2120-ASA | FPR2130-ASA | FPR2140-ASA |
|---|---|---|---|---|
|
Throughput FW |
3 Gbps |
6 Gbps |
10 Gbps |
20 Gbps |
|
IPsec VPN |
500 MBPS |
700 Mbps |
1 Gbps |
2 Gbps |
|
Connections |
1 Million |
1.5 Million |
2 Million |
3 Million |
|
1GE RJ45 |
12 |
12 |
12 |
12 |
|
1GE PoE+ RJ45 |
|
|
|
|
|
1GE SFP |
4 |
4 |
|
|
|
10GE SFP+ |
|
|
4 |
4 |
|
Price New |
||||
|
Cisco Refresh Price |
Cisco Secure NGFW Firewall Range and Prices
The following table shows specification and performance of Cisco FPR models running the IPS and Application Visibility Firepower Services.
Note that the Cisco FPR NGFW includes Application Visibility Control as standard, but IPS requires a subscription license.
| Cisco Firepower | AVC and IPS | Interfaces | Refresh Price |
|---|---|---|---|
|
FPR1010-NGFW-K9 |
650 Mpbs |
8 x RJ45 |
|
|
FPR1120-NGFW-K9 |
1.5 Gbps |
8 x RJ45, 4 x SFP |
|
|
FPR1140-NGFW-K9 |
2.2 Gbps |
8 x RJ45, 4 x SFP |
|
|
FPR1150-NGFW-K9 |
3 Gbps |
8 x RJ45, 2 x SFP, 2 x 10G SFP+ |
|
|
FPR2110-NGFW-K9 |
2.6 Gbps |
12 x RJ45, 4 x SFP |
|
|
FPR2120-NGFW-K9 |
3.4 Gbps |
12 x RJ45, 4 x SFP |
|
|
FPR2130-NGFW-K9 |
5.4 Gbps |
12 x RJ45, 4 x SFP+ |
|
|
FPR2140-NGFW-K9 |
10.4 Gbps |
12 x RJ45, 4 x SFP+ |