New to ASA - Right product for purpose

Unanswered Question
Sep 22nd, 2010

Hi -

I apologize in advance if this is not the correct place for this type of question - it's rather pre-sales.

I've inherited a 400 user Exchange (mostly) setup in a light datacenter.  The datacenter has 3 Exchange servers and 4 other servers for basic SMTP/IMAP routing, maybe 2 light duty RDP servers.  No voice, no video.

The services are reachable across 5 public ips and various standard ports and all I want is the inbound traffic for publicip X port Y to go to privateip A port B.

Based on the specs it looks like even the ASA 5505 would be OK, but maybe the ASA 5510.  Then again I'm new to Cisco and the products cover such a broad spectrum - I'm not even sure I'm in the right product line.  I think if I was looking at Juniper it would be the SRX210 but then the SSG5 looks like the competition for ASA 5505.

Firewall Requirements

-          Replacing 6 public facing ‘consumer’ grade firewalls (e.g. Linksys befsr41v3, Netgear FVX538)

-          Multiple public networks (5 to 10) to .170

-          Multiple private networks (3 to 5)

-          NAT

-          Port translation

-          VPN not needed except to pass through

-          Relatively easy to config / manage.  (I can handle command line but GUI might be nice)

-          Max 1000 users making connections for Exchange (RPC over HTTPS) to a farm of 3 servers

-          SMTP traffic inbound (no cleaning required) but route accept connections from certain IP ranges to server 1, all else to server2

-          RDP traffic for 100 users

-          No end users will sit behind firewall

-     Spam / Virus filtering is handled by a service provider so not a concern here (in fact we would prob have to disable any mail flow filters)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Panos Kampanakis Wed, 09/22/2010 - 12:22

To add to kusankar's suggestion it seems even a 5505 would be able to support you.

But 1K users and potential 100RDP session are load. I would go with something bigger than a 5505 even if bandwidth-wise it would be able to support the current setup. Reason being that at peak times and/or with future might exceed 150Mbps.

I hope it helps.



This Discussion