Purchasing ASA for DC and Internet

Answered Question
Oct 28th, 2014
User Badges:

Dears 

Hi

we have a customer request ASA firewall for Data Center , Internet, and VOIP. 

 

for DC firewall : i was suggesting that ASA 5585-X next generation firewall. and i have suggested to include IPS SSP10 module with it. but when i was searching in Cisco Commerce workflow (CCW), IPS SSP10 is end of sales. so i don't know what to use alternative in the design 

 

For Internet firewall : i was confused to go for ASA 5525- CX. i don't know much about CX and license i need. do i have to use Prime to configure CX in ASA 5585 ?

 

for VOIP firewall, i really have no idea if firewall can protect VOIP traffic? it is recommended to bypass the firewall.

 

please advise

Correct Answer by Karsten Iwen about 2 years 9 months ago

> but i notice that this firewall doesn't support cluster license in CCW. does ASA CX doesn't support cluster ?

No, CX is not supported with cluster:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/ha-cluster.html#78299 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Karsten Iwen Tue, 10/28/2014 - 13:19
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Firewalling, VPN

The ASA with FirePOWER is the "new" way to do firewalling with IPS. For the Datacenter you choose the IPS-License.

http://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.html

Instead of the ASA CX (or NGFW) you again can use ASA with FirePOWER. Here you choose the NGFW which also includes Websecrity.

Both will be managed by the FireSIGHT Management Center:

http://www.cisco.com/c/en/us/products/security/defense-center/index.html 

For VoIP there are different strategies. The ASA has inspections for voice-protocols like SIP or SCCP, but very often the voice-traffic is just allowed completely without inspection.

Wailess84 Tue, 10/28/2014 - 14:17
User Badges:

Dear Karsten

Hi

thanks for your reply

but for DC firewall i already choose ASA CX SP10 . but i notice that this firewall doesn't support cluster license in CCW. does ASA CX doesn't support cluster ?

 

 

Actions

This Discussion