I know this is old, but here's another vote to allow rules to be disabled. My rep convinced me to "upgrade" from ASA-5525 due to them reaching EOL. These MXs are not nearly as feature rich. Cannot NAT across internal ports, cannot disable rules, no test (apply) then commit pattern. On the other hand, traffic analysis is MUCH better. My two mfu use cases: testing a new rule; confirming an old rule is no longer needed.
... View more