For networking pros who want to segment and secure internal traffic, the Firewall Services Module (FWSM) for the Catalyst 6500 chassis has been a workhorse. But given that it’s based on Cisco’s old PIX firewall products, it’s no surprise that its days are numbered. Network engineers have been lamenting its pending demise ever since Cisco made it clear that the Nexus 7000 is the future of its data center switching line.
Given the angst over the FWSM, I was surprised to see how little fanfare Cisco gave the unveiling of its new ASA (Adaptive Security Appliance) Services Module for the Catalyst 6500. It merited a one sentence reference in Cisco’s press release and just a bullet point in the slide-deck I was shown this week as Cisco rolled out a huge slate of new data center technologies. Cisco gave more publicity to a new Application Control Engine (ACE) module for the 6500 that can do dynamic load balancing of VM workloads across data centers.
The ASA Services Module has 20 Gbps of maximum firewall throughput and it supports 300,000 connections per second, 10 million concurrent connections and 1,000 VLANs. You can install four of them in a single Catalyst 6500.
It’s nice to see these new service modules for the Catalyst 6500, but customers want to see comparable products for the Nexus 7000 products. Cisco hasn’t offered any guidance on what the future holds for bringing such functionality to its newer switch line. However, Cisco has developed a Virtual Security Gateway product which runs as software on the Nexus 1010 box, a command and control appliance for the Nexus 1000v virtual switch. Perhaps Cisco plans on doing all this stuff in software rather than hardware with Nexus.