cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
405
Views
0
Helpful
4
Replies

Advice Needed! - Internet facing ASA

PDEdwards
Level 1
Level 1

Hi

I've been asked to draw up a proposal to replace our existing 3rd party Internet facing firewalls with a new solution.

I have worked a lot in the past with PIX s and Cisco being my area of expertise I am going to propose using an ASA. However I know little about them, and even having read a lot of documentation on the Cisco sites still only have a basic understanding.

The customers network is designed along the 3 layer Campus model, and servers in excess of 6500 users, all of whom require Internet access. My initial leaning is toward the ASA5520. Availability is obviously important, so we'll need at least 2 in failover pair. Does this sound like a reasonable choice?

What I'm not so sure of are the 'Security Contexts' that the ASA apparently has upto 20 of, and the bundle I'm looking at comes with 2. Does this refer to IPS services, the basic firewall function, VPN etc ...? What are the basics you get without all the add-ons?

The 5520 comes with 4 Gigabit and 1 100Mb interface - can the Gig interfcaes be configured as 100Mb?

Any advice v gratefully received!

Regards

Paul

4 Replies 4

Farrukh Haroon
VIP Alumni
VIP Alumni

Hello Paul

You may have a look at the following link for a quick comparison:

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

Security Contexts = Virtual Firewalls. Two come bundled with the firewall. If you need more, you need to purchase that.

And yes you can use the 'Gig' interfaces as 'Fast' but not vice versa (except the special 5510 corner case).

Regards

Farrukh

Hi,

The best place to look at is the Cisco Product advisor site :

http://www.ciscowebtools.com/productadvisor/security.asp

Thanks for the replies guys - v useful.

What does Cisco recommend in terms of firewall monitoring? As these ASAs will be replacing a 3rd party managed service they need to be able to generate alerts based on unusal behaviours, DoS attacks etc. Which software or hardware is required for this?

Also is DoS prevention a standard feature of these ASAs or does it need to be purchased, as I haven't seen it explicitly mentioned in the literature.

Thanks and Regards

Paul

A small MARS box would be the best thing to buy.

What types of DOS attacks...?

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: