08-13-2007 03:34 AM - edited 02-21-2020 01:38 AM
Hello,
in the near future we will have to look for a firewall/IDS combination. But it is difficult to compare the vendors, because all you get are marketing brochures but no real neutral reviews. What are your experiences with the ASA + Adaptive Security Device Manager? Would you buy it again? Do you have experience with multiple vendors so you can compare them?
p.k.
P.S.: The network which the devices have to protect are a medium one (administration network with about 1000 clients) and a large one (university).
P.S.S.: I read that the ASAs have one SSC/SSM expansion slot and that there are several modules, with AIP-SSM for IPS and CSC-SSM for Anti-Virus'n'stuff.
But what do I do when I want an ASA for IPS AND Anti-Virus?
08-16-2007 09:52 PM
Hello there,
I'm relatively new to ASA, but not to cisco's equipments, having used both switches, routers, pix, fwsm and IDS/IPS.
For a new project, we're planning to deploy ASAs with AIM for the IPS/IDS role as well as a VPN concentrator function, as we found the ASA being superior in the overall integration of all wished functions. The point that made the difference was that the IPS/IDS is an hardware extension and not a part of the firewalling software (as it was in the PIX appliance through the IP AUDIT command).
Currently, we're going to try CSM. If you have a really large network of firewall and security devices, it may help you.
PS-1 : those informations as well as the projected bandwidth is something really useful to determine which ASA appliance to choose and which AIM. -->
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
PS-2 : for the antivirus role on the www line, I would suggest using transparent proxying and antivirus using ICAP : large files can be a mess to handle and the FW has lots of other things to do!
PS-2bis : if you really want it, it is still possible to thing in term of a dual layer of firewalls with proxies and exposed servers in between.
PS-3 : in the past, Cisco lent us several pieces of equipments to review/test/analyze/prove it. Maybe you can ask your dealer to do the same ?
PS-4 : we're reporting to CS-MARS. A definite solution to ease the "log tasks".
Kind regards from Rainy Belgium,
Jean-Fran?ois
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide