Beruflich Dokumente
Kultur Dokumente
In late 2010, Cisco introduced the ASA5585-X series in an attempt to directly compete with the Juniper SRX high-end
firewall product line. Cisco’s largest firewall can handle just 40 Gbps large packet whereas SRX can handle over triple that
performance. Any large Enterprise or Service Provider would have to stack at least three of Cisco’s largest chassis to
compete with a single Juniper SRX 5800.
In early 2011, Cisco commissioned an independent testing lab, Miercom, to perform a competitive bake-off. However, the
comparison is misleading. Miercom compared Cisco’s newest highest performing firewall to our mid-range offering, which
was three years old, and demonstrated that Cisco won in some but not all categories, declaring that a win for Cisco. In
this comparison, Cisco has a 10% higher throughput on plain firewall traffic (but Juniper has bigger boxes that can beat
that), can’t match Juniper’s VPN throughput, and each chassis offers services that the other does not (e.g., SSL on the
ASA vs. AppSecure on the SRX).
Bottom Line: Juniper is already three years ahead of Cisco in delivering the performance and scalability required
by large Enterprises and Service Providers. Cisco is still trying to play catch up, whereas Juniper plans to scale
our products even further with a product refresh.
Encourage customers to validate Juniper’s superior feature set, performance, and scalability in our vPOC or onsite at
Juniper Networks. Challenge Cisco’s integrated control and data plane-based architecture which results in degraded
performance when any content security service (including Layer 7 application inspection) is turned on or even when traffic
is beyond simple firewalling (includes IPS, etc.). Use the points below as guides for showcasing and leveraging Juniper’s
strengths and Cisco’s weaknesses.
Advanced Routing
even higher performance through a forthcoming hardware refresh. Cisco is clearly lagging in performance for
high-end security.
• Consistent Security Services across Product Line. The Junos OS is common across SRX product line - FW,
VPN and IPS features available on all SRX products, unlike Cisco’s ASA products. ASA software has no real
integration between components and provides little consistency of services between the various available models.
• Investment Protection. Juniper offers reusable and expandable HW platforms, with multiple options to add
performance and reuse hardware (line cards, advanced HA capabilities, upgrade Junos OS). By contrast, Cisco
ASA 5500 & 5585-X series require customers who want to upgrade from a particular model (e.g. 5585-X with SSP
10) to purchase the next higher model rather than just add service processing cards to increase the performance
of the existing box, unlike Juniper. Also, none of the firewall or IPS modules can be upgraded to increase
throughput – they all have to be removed and a larger module purchased.
• Best Value. Juniper delivers the best value, combining modular platform offerings, performance, and a
comprehensive feature set, providing customer confidence in an overall networking and security solution. Cisco
lacks comprehensive protection against new threats (e.g., no application protection) and advanced routing
features required by Enterprises & Service Providers.
Solution Components
Cisco's portfolio of products and services is focused on three market segments – Enterprise and Service Provider, Small
Business, and Home. In 1994, Cisco introduced the PIX (Private Internet eXchange) firewall. In 1998, the company
acquired the Wheel Group and integrated its intrusion detection & prevention technology into the PIX firewall and IOS
(Internetworking Operating System, the software used on most Cisco routers and current network switches). In May 2005,
Cisco introduced the Adaptive Security Appliance (ASA) line of network security devices, which succeeded and combined
functionality from three product lines:
• Cisco PIX, which provided firewall and network address translation (NAT) functions. Cisco announced end of
sale and end of life for this product line in 2008. Cisco will continue to support Cisco PIX Security Appliance
customers through July 27, 2013.
• Cisco IPS 4200 Series, which worked as intrusion prevention systems (IPS)
• Cisco VPN 3000 Series Concentrators, which provided virtual private networking (VPN)
The ASA series of devices run PIX code 7.0 and later. Through PIX OS release 7.x the PIX and the ASA use the same
software images. Beginning with PIX OS version 8.x, the operating system code diverges, with the ASA using a Linux
kernel and PIX continuing to use the traditional Finesse/PIX OS combination.
Pricing
Cisco network security appliances such as ASA 5500 series starts at approximately $300 for the smallest box (protection
for up to 10 users) and can be as high as $225,000 for the largest box (excluding costs for add-on hardware components,
UTM and/or IPS software subscription services, and support).
For a high level price comparison of Cisco and Juniper products, please refer to the Cisco Competitive Tech Guide
document.
For additional competitive information, please refer to the Cisco Competitive Advantage Portal.