What to expect? When to migrate? How to support ASA 5500-X?
In this post, I am going to focus on recent End-of-Life announcements for Cisco ASA 5500-X products. I will elaborate on what EoL means, what are the consequences, and how to proceed when EoL affects your infrastructure. Then, how Grandmetric can help in such a scenario.
On February 1st, 2021, Cisco announced the EoL for the popular 5516-X and 5508-X series, including Cisco ASA 5506, 5508, 5512-X, 5515-X, 5516-X, 5525, 5545, 5585 (second generation, or “X” generation).
Why am I recalling this today?
End of Life is not a single date. It’s a process of withdrawing a hardware product from the market. In most cases, it takes several years to do so. Recently, I explained how the hardware lifecycle works in a separate article.
As far as Cisco is concerned, the migration of ASA 5500 series to newer solutions is going to continue through the year 2023 even up to 2026.
I grew up with Cisco ASA (and PIX) :). One of the legends about it was that once you deploy ASA you could just forget the firewall issues. That was a legend of ASA stability. Good old ASAs then transformed into Next-Generation firewalls. ASA 5500-X with the SFR modules became popular after the acquisition of Source Fire by Cisco Systems. After a few years of the ASA X series popularity, Firepower appliances appeared on the horizon.
Some of the EoLs might not have as much impact on your environment as the ASA5500 line does. The popular Internet Edge, VPN, and DC firewalls still play a critical role in many organizations. They serve a variety of functions. Starting from stateful filtering, the VPN remote access, WAN connectivity, or application control with the SFR managed by the FMC appliance.
What next? Cisco used to propose migration options for the EoL hardware lines. For the popular models, Cisco suggests:
Please be aware, that the above suggestions (despite coming from Cisco migration options) may not always be taken as gospel. Your IT environment can change. The performance and stack of functions may also be different today than a few years ago when you used to order the ASA series. So please read the last section describing the choices you have.
First of all, Grandmetric engineers are always keen to talk and consider different options. They are related to your business case, technical objectives, and preferences.
Secondly, because network security is burned into our Team DNA, we all have experience in Cisco firewalls. We do the migrations of large-scale (critical) DCs, Internet Edges, HA clusters, VPNs. And we still maintain large production networks running on ASAs. Because of the above, you can expect real advice coming from our practical expertise.
We will put some light on the functionalities you might lose or gain as well as on the performance you might need now or in the future, depending on environment dynamics and specs. We will update you with licensing changes and migration options.
A Proof of Concept project is what we recommend when migration is not an option but a necessity. Followed by technical counselling, PoC most often proves both pros and cons of particular solutions. Therefore, it’s much easier to make an informed decision once you run them. And guided testing is exactly what we can support you with.
Do not be afraid of new solutions. If you prefer guided learning, you can find useful content for free in our knowledge base. The ASA and Firepower course is one of the top-scored training in our portfolio.
Leave a Reply