Poland
GRANDMETRIC Sp. z o.o.
ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43
info@grandmetric.com
Sweden
Drottninggatan 86
111 36 Stockholm
+46 762 041 514
info@grandmetric.com
UK
Grandmetric LTD
Office 584b
182-184 High Street North
London
E6 2JA
+44 20 3321 5276
info@grandmetric.com
US Region
Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10
info@grandmetric.com
What to expect? When to migrate? How to support ASA 5500-X?
In this post, I am going to focus on recent End-of-Life announcements for Cisco ASA 5500-X products. I will elaborate on what EoL means, what are the consequences, and how to proceed when EoL affects your infrastructure. Then, how Grandmetric can help in such a scenario.
On February 1st, 2021, Cisco announced the EoL for the popular 5516-X and 5508-X series, including Cisco ASA 5506, 5508, 5512-X, 5515-X, 5516-X, 5525, 5545, 5585 (second generation, or “X” generation).
Why am I recalling this today?
End of Life is not a single date. It’s a process of withdrawing a hardware product from the market. In most cases, it takes several years to do so. Recently, I explained how the hardware lifecycle works in a separate article.
As far as Cisco is concerned, the migration of ASA 5500 series to newer solutions is going to continue through the year 2023 even up to 2026.
I grew up with Cisco ASA (and PIX) :). One of the legends about it was that once you deploy ASA you could just forget the firewall issues. That was a legend of ASA stability. Good old ASAs then transformed into Next-Generation firewalls. ASA 5500-X with the SFR modules became popular after the acquisition of Source Fire by Cisco Systems. After a few years of the ASA X series popularity, Firepower appliances appeared on the horizon.
Some of the EoLs might not have as much impact on your environment as the ASA5500 line does. The popular Internet Edge, VPN, and DC firewalls still play a critical role in many organizations. They serve a variety of functions. Starting from stateful filtering, the VPN remote access, WAN connectivity, or application control with the SFR managed by the FMC appliance.
What next? Cisco used to propose migration options for the EoL hardware lines. For the popular models, Cisco suggests:
Please be aware, that the above suggestions (despite coming from Cisco migration options) may not always be taken as gospel. Your IT environment can change. The performance and stack of functions may also be different today than a few years ago when you used to order the ASA series. So please read the last section describing the choices you have.
First of all, Grandmetric engineers are always keen to talk and consider different options. They are related to your business case, technical objectives, and preferences.
Secondly, because network security is burned into our Team DNA, we all have experience in Cisco firewalls. We do the migrations of large-scale (critical) DCs, Internet Edges, HA clusters, VPNs. And we still maintain large production networks running on ASAs. Because of the above, you can expect real advice coming from our practical expertise.
We will put some light on the functionalities you might lose or gain as well as on the performance you might need now or in the future, depending on environment dynamics and specs. We will update you with licensing changes and migration options.
A Proof of Concept project is what we recommend when migration is not an option but a necessity. Followed by technical counselling, PoC most often proves both pros and cons of particular solutions. Therefore, it’s much easier to make an informed decision once you run them. And guided testing is exactly what we can support you with.
Do not be afraid of new solutions. If you prefer guided learning, you can find useful content for free in our knowledge base. The ASA and Firepower course is one of the top-scored training in our portfolio.
Marcin Biały is Network and Security Architect with over 14 years of experience, with Service Provider and Enterprise networking background. He used to work for large service providers, global vendors and integration services companies as Network Architect, Leading Architect and Techincal Solution Manager positions. He designed, implemented and supported dozens large scale projects and infrastructure migrations, solved hundreds of tickets and spent hours with CLI and GUI of many flavors. Marcin is also holding industry recognizable certificates such as CCNP, CCNA, CCSI #35269, FCNSP #7207, FCNSA and more.
We compared the key parameters of high-performance firewalls for small and medium businesses. Download to better choose the right equipment.
Leave a Reply