Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
268
Views
0
Helpful
1
Replies

Your opinion about ASA/ASDM

krauskopf.p
Level 1
Level 1

‎08-13-2007 03:34 AM - edited ‎02-21-2020 01:38 AM

Hello,

in the near future we will have to look for a firewall/IDS combination. But it is difficult to compare the vendors, because all you get are marketing brochures but no real neutral reviews. What are your experiences with the ASA + Adaptive Security Device Manager? Would you buy it again? Do you have experience with multiple vendors so you can compare them?

p.k.

P.S.: The network which the devices have to protect are a medium one (administration network with about 1000 clients) and a large one (university).

P.S.S.: I read that the ASAs have one SSC/SSM expansion slot and that there are several modules, with AIP-SSM for IPS and CSC-SSM for Anti-Virus'n'stuff.

But what do I do when I want an ASA for IPS AND Anti-Virus?

0 Helpful
1 Reply 1

jfgobin01
Level 1
Level 1

‎08-16-2007 09:52 PM

Hello there,

I'm relatively new to ASA, but not to cisco's equipments, having used both switches, routers, pix, fwsm and IDS/IPS.

For a new project, we're planning to deploy ASAs with AIM for the IPS/IDS role as well as a VPN concentrator function, as we found the ASA being superior in the overall integration of all wished functions. The point that made the difference was that the IPS/IDS is an hardware extension and not a part of the firewalling software (as it was in the PIX appliance through the IP AUDIT command).

Currently, we're going to try CSM. If you have a really large network of firewall and security devices, it may help you.

PS-1 : those informations as well as the projected bandwidth is something really useful to determine which ASA appliance to choose and which AIM. -->

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

PS-2 : for the antivirus role on the www line, I would suggest using transparent proxying and antivirus using ICAP : large files can be a mess to handle and the FW has lots of other things to do!

PS-2bis : if you really want it, it is still possible to thing in term of a dual layer of firewalls with proxies and exposed servers in between.

PS-3 : in the past, Cisco lent us several pieces of equipments to review/test/analyze/prove it. Maybe you can ask your dealer to do the same ?

PS-4 : we're reporting to CS-MARS. A definite solution to ease the "log tasks".

Kind regards from Rainy Belgium,

Jean-Fran?ois

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card