So you've decided that you want a Cisco ASA5510 firewall or two. Unfortunately it'll cost you dearly, assuming you can even find one. It seems that Cisco is having some significant production problems with the ASA line, and as a result, ASAs are suddenly as rare as hen's teeth. This is bad news for just about everyone -- except Cisco's competitors.
In the past few weeks, I've had several folks ask me for alternative recommendations for ASA firewalls because they simply cannot source any. I've been sending them to Juniper and the SSG series or even to open source alternatives like pfSense. These folks are from committed Cisco-only shops, too, but they simply can't wait several months for new gear.
[ Read Paul Venezia's detailed, incisive review of Cisco's UCS, a winner of the InfoWorld 2010 Technology of the Year Awards. | Storage requirements out of control? Then read InfoWorld contributor Keith Schultz's Deep Dive Report on Data Deduplication. ]
As with any supply issue, the dearth of Cisco ASAs has caused a run on graymarket hardware, with used ASAs selling for more than the list price on new ones, and new units fetching $2,000 premiums over list. Cisco resellers have back orders numbering in the thousands with no end in sight. Even vendors that have loaner pools say that the waiting lists for those units is equally astronomical.
Assuming Cisco's woes continue, all of those customers will have to head elsewhere for their firewalls and VPN appliances. Some are opting for graymarket PIXes to get them through, some are heading to Juniper, some to Fortinet, and some are looking to open source, like the aforementioned pfSense. Heck, for $700 you can get a 1U pfSense appliance from Hacom with a VPN accelerator that offers 45Mbps AES VPN performance and can handle a wide variety of other tasks. You can even cluster those for redundancy.
But the real problem for Cisco isn't that there are alternatives out there -- it's that suddenly their pure Cisco customers have to take off the blinders and explore other options. These customers are being forced to break the Cisco seal and allow other vendors in the door. Once that's done, there's much less inertia to keep them automatically heading back to the Cisco well.