SA 540 or ASA 5505???

Answered Question
Dec 5th, 2009

I want to know what's the difference between both products and which to buy if I am deploying a Small Business Server 2008.

I have this problem too.
0 votes
Correct Answer by Albert Wilhelm about 7 years 1 month ago

Hello,

Well, it depends on what your security requirements are for your network and the SBS 2008. Can you provide some additional information on what you would like to protect or services to provide.

For example:

1. Do you need secure remote access to the server? If so, do you want to use SSL, client base VPN application or the ability for remote users to download the VPM client from the security appliance?

2. Do you need to have a DMZ zone for email and/or web service?

3. Or do you need to port forward or use Outlook secure access?

4. Do you need web threat or content filtering services?

5. Do you need site-to-site tunnel to a remote office/branch office?

6. Do you need email scanning for viruses, malware, etc?

I have deployed both products, depending on the requirements from the customer and what they need to protect.

Hope this helps.

Bert Wilhelm

APW Solutions

Austin, TX

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Albert Wilhelm Sat, 12/05/2009 - 15:02

Hello,

Well, it depends on what your security requirements are for your network and the SBS 2008. Can you provide some additional information on what you would like to protect or services to provide.

For example:

1. Do you need secure remote access to the server? If so, do you want to use SSL, client base VPN application or the ability for remote users to download the VPM client from the security appliance?

2. Do you need to have a DMZ zone for email and/or web service?

3. Or do you need to port forward or use Outlook secure access?

4. Do you need web threat or content filtering services?

5. Do you need site-to-site tunnel to a remote office/branch office?

6. Do you need email scanning for viruses, malware, etc?

I have deployed both products, depending on the requirements from the customer and what they need to protect.

Hope this helps.

Bert Wilhelm

APW Solutions

Austin, TX

rlobera2607 Sat, 12/05/2009 - 15:20

Bert, thank you for your help.

I will deploy a Small Business Server 2008 Premium so I will have an Exchange Server. However the Exchange Server is installed in the same server with the Windows Server that manages my network so I really don't know if this server should be connected to the DMZ port.

I will need remote access to the office network using either VPN client software or web browser with SSL. If users can download the VPN client from the appliance it's better but risky, or not?

Small Business Server 2008 comes with a Remote Web Workspace so users should connect to the server and of course to Outlook Web Access.

Right now I don't need site-to-site tunnel but maybe in the near future.

I will deploy the Symantec Protection Suite Small Business Edition that includes features to protect email, exchange server, viruses, worms, spyware and malware.

I hope this information is useful so you can help me choose the right security appliance.

Thank you very much.

Regards,

Rodrigo

Albert Wilhelm Wed, 12/09/2009 - 23:34

Hello Rodrigo,

Sorry for the delay in responding and thank you for the additional information. You are correct about keeping the server behind the firewall. We have implemented a SBS 2003 server, kept it behind the firewall and port forwarded the port numbers (i.e. 465, 993 and 443) to the Exchange server. Generally, we would put a web and/or mail server on the DMZ. Sometimes, if the server is used for e-commerce and needs access to resources inside the network, then we will also allow access to specific servers on the inside.

The SA 500 series platform is a good overall security appliance for SMB companies that have a fairly simple network infrastructure. We have deployed the product into sites where the customer mainly needs firewall, IPS (Cisco just announced the feature), integrated TrendMicro Protectlink security service (for spam, malware, web browsing filtering) and SSL VPN for remote users.

We like the ASA 5500 series for clients that require granular security into and out of their network. The ASA is a very flexible platform and can provide various security levels depending on the customers requirements. One feature that is we deploy is the AnyConnect client. This software is loaded onto the ASA. Remote users will simply point their browser to the ASA via Web SSL, login, ASA checks the OS and downloads the appropriate OS version for the AnyConnect. We have deployed this for clients that have a mixture of WinXP, Vista, Win7 and MacOS remote users. All works very well.

Both platforms are good, but it depends on the requirements and what you would like to do. If you like, let's chat. I will send you my phone number via PM.

Regards,

Bert Wilhelm

APW Solutions, Austin TX

Actions

This Discussion