Thinking of upgrading from a Netscreen NS100 and PIX515e to a ASA5510

Unanswered Question
Jan 29th, 2010
User Badges:

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Hello everyone. My current environment contains an ancient NS100 (Grey box not blue) doing firewall/NAT duties and a Cisco PIX 515e doing VPN duties. I've looked at the following UTM devices to replace my current setup:

Cisco ASA5510
Juniper SRX240
SonicWall NSA2400

The SonicWall NSA2400 seems compelling but i haven’t had good experiences with sonic walls in the past, my previous employer dumped all there sonic walls for net screen firewalls some 6 years ago and i havent seen or used one since.


I've used juniper products extensively at my previous job so I'm very comfortable with the netscreen products running ScreenOS, but i hear the latest models use the JUNOS which is drastically different than the previous ScreenOS. Also i've seen plenty of complaints on the SRX line in regards to stability.


I would love to have the Cisco but I'm afraid of setup having seeing that making changes on my PIX was a chore since i'm not well versed in the CLI. Also the price point is much higher then the other 2.


What I’m primarily looking to do is the following:

- Bandwidth shaping
- Firewall Services
- Intrusion Detection
- Client VPN access

anyone care to share their opinions or experience moving from an older Netscreen and VPN solution to an ASA5000 series? Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Sun, 01/31/2010 - 09:07
User Badges:
  • Cisco Employee,

The service you want can be provided my the ASA. There is an extra SSM card that can provide the IPS/IDS part.

They can provided traffic, shapping, prioritization and policing for QoS also.

As for VPN, tehy more or less support VPN and WebVPN fine. Depending on the number of users you need to check the load on the firewall.

As far as stability the ASAs have been doing very well and I can say they are pretty stable in the latest releases for the vast majority of people. There are boxes that run fine for hundreds of days, and there are no major significantly affecting defects with no workarounds.


Depending on the bandwidth requirement you will need to decide which model is best for you.


I hope it helps.


PK

voxmedica Tue, 02/02/2010 - 10:26
User Badges:

Thanks for the info! As for the Bandwidth requirment we currently two bonded T1's. Would the ASA5510 be overkill for that?

Panos Kampanakis Tue, 02/02/2010 - 10:50
User Badges:
  • Cisco Employee,

It could very easilty support well above 100Mbps real world traffic. Its name throughput is 300Mbps.

So 2 T1s will be a piece of cake.


PK

Actions

This Discussion