for one thing i believe FirePass is a dying product, so it will end eventually and faster then APM. APM is nicely intergrated with BIG-IP, so if they already have a BIG-IP is can be a pro. beyond this i lack the FirePass experience to say why APM is better, only that it is a nicely featurefull solution and being experienced in BIG-IP i can make a lot of things work in APM.
these are the things i know APM lacks and FirePass has, so be careful if the customer uses these:
- No web interface for file share access (come on F5, the request is known for ages, built this!)
- No static application tunnels (with the firepass you could control which loopback address to use, APM has something similar with App tunnels and DNS proxy relay, but it requires some extra software)
- IP lease (Network Access) from a DHCP server is not supported and won't be implemented on APM. There's a BUGID for that, if you want to try a RFE. Here: Bug 306860: Network Access DHCP Support
there used to be no local user database, but that is added in APM 11.4, though with limited fields.
if someone else knows any more things do let me know.