General security question

fdharris1956 · ‎06-20-2008

I am a newly minted CCNA and as such am feeling my way along with the various Cisco products.

I have a client who needs to upgrade their perimeter firewall. They are a small startup provding a hosted solution with 5 web servers that are accessible from the Internet. They serve from 50 to 100 users at a time. Right now they are using a relatively low end Netopia router that is NATing outside traffic to the servers running on a privately addressed LAN. The router is not providing any firewall services. They obviously need to upgrade this situation. In your experience, what is the best Cisco solution for this, a Pix, ASA5500 series? I would welcome any suggestions.

Thank you.

Dan Harris

JORGE RODRIGUEZ · ‎06-20-2008

Dan,

Here is my 2 censt

Definately you want to look into next generation of cisco firewalls ASA5500 product.

For a hosting environment even as a small start-up company you want to provide a firewall architecture where allows for growth and redundancy, being a hosting company I would look into the asa5510 model for one simple reason that it provides for statefull failover capabilities when using active failover scenario architecture.

The entry level of the asa5500s is the 5505 but it does does not provide statefull capabilities only failover.

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

HTH

Jorge

Jorge Rodriguez

fdharris1956 · ‎06-24-2008

Thanks for the reply. I think we are going to propose 5505.