Cisco ASA 5516-X vs Firepower 1000 Series
The ASA 5516-X with FirePOWER Services (ASA5516-FPWR-K9) is the top end-of-life desktop ASA 5500-X NGFW; the Firepower 1120 in the 1000 Series is its modern replacement with unified FTD software and far higher inspected throughput. Migrate to the Firepower 1000 Series.
Cisco ASA 5516-X with FirePOWER Services
Top desktop ASA 5500-X NGFW with bundled FirePOWER Services, now end-of-life.
- 1.8 Gbps stateful firewall throughput
- 450 Mbps AVC and NGIPS throughput via FirePOWER module
- Eight Gigabit Ethernet ports in a desktop chassis
- End-of-sale; replaced by the Firepower 1000/1100 Series
Cisco Firepower 1120 (1000 Series)
Current 1RU NGFW running unified Firepower Threat Defense or ASA software for branch and small campus.
- 2.3 Gbps firewall throughput with AVC and IPS enabled together
- Unified FTD or ASA software, no separate module
- Eight Gigabit copper ports plus four SFP ports
- 1.2 Gbps IPsec VPN throughput and 200,000 sessions
Cisco ASA 5516-X with FirePOWER Services vs Cisco Firepower 1120 (1000 Series): spec comparison
| Spec | Cisco ASA 5516-X with FirePOWER Services | Cisco Firepower 1120 (1000 Series) |
|---|---|---|
| Form factor | Desktop | 1RU rack |
| Stateful firewall throughput | 1.8 Gbps | 2.3 Gbps (FW+AVC+IPS) |
| Throughput with AVC + NGIPS | 450 Mbps | 2.3 Gbps |
| IPsec VPN throughput | 250 Mbps | 1.2 Gbps |
| Maximum concurrent sessions | 250,000 | 200,000 |
| New connections per second | 20,000 | 15,000 |
| Maximum VPN peers | 300 | 150 |
| Integrated interfaces | 8x 10/100/1000 | 8x 10/100/1000 + 4 SFP |
| Security software model | ASA + FirePOWER module | Unified FTD or ASA image |
| Support status | End-of-sale | Current shipping platform |
Choose Cisco ASA 5516-X with FirePOWER Services if
Choose the 5516-X only to match an existing desktop installed base during migration; it is not suitable for new deployments. If a desktop form factor is mandatory, the Firepower 1010 is the current desktop option.
Choose Cisco Firepower 1120 (1000 Series) if
Choose the Firepower 1120 for new branch edges that need unified FTD policy, SFP uplinks and roughly 5x the full-inspection throughput of the 5516-X module.
Verdict
The ASA 5516-X is the strongest legacy desktop ASA but is end-of-sale and caps full inspection at 450 Mbps. The Firepower 1120 replaces it with unified FTD software, 2.3 Gbps of full inspection, SFP uplinks and much higher VPN throughput; if the desktop form factor matters more than throughput, use the Firepower 1010 instead. Migrate to the Firepower 1000 Series.
Frequently asked questions
Is the Cisco ASA 5516-X discontinued?
Yes. The ASA 5516-X with FirePOWER Services has reached end-of-sale and is moving toward end-of-support, so it should be replaced.
Which Firepower model replaces the ASA 5516-X?
For throughput, the Firepower 1120 is the closest replacement. If you must keep a desktop form factor, the Firepower 1010 is the current desktop option, though at lower throughput.
How much faster is full inspection on the Firepower 1120?
The 1120 sustains 2.3 Gbps with firewall, AVC and IPS on together, versus about 450 Mbps of AVC/NGIPS on the 5516-X module, roughly a fivefold improvement.
The 5516-X lists more sessions and VPN peers than the 1120, why upgrade?
The 5516-X shows higher legacy session and peer numbers, but the 1120 delivers far higher inspected and VPN throughput plus unified FTD software and active support. For more sessions or peers, step up to the Firepower 1140 or 1150.
More ASA comparisons
Specs are for planning and may change; Uniqcli confirms the current Cisco bill of materials and pricing on your quote. Cisco, Catalyst, Nexus, Meraki, and Firepower are trademarks of Cisco Systems, Inc.; Uniqcli LLC is an independent authorized Cisco partner.