I am looking for a new firewall for a client. This is an SMB client, around 35 computers and 2 servers. Budget is $800.00 or less. Some of my other clients are using the 5505 and they have been pretty solid firewalls. However, they are lacking in some features like application layer control, IPS, deep packet inspect. I am hesitant on recommending this model since the 5500 series are being phased out and its not a next gen firewall. Would this still be a good way to go?
Sadly I have not personally had the possibility to work with other firewall brands other then Cisco so I can't really compare it with the features of any other vendors models. I also have very little knowledge of the additional modules for ASAs since we use other solutions to in their place.
I would like to state though that ASA5505 is the only original ASA5500 Series model that hasn't received EOL/EOS to my understanding. Last time I was told that it was very popular model of the ASA and that probably the reason it still kept available. I have not heard of any news about a replacing model for it.
Naturally this doesnt guarantee how long it will stay in Ciscos firewall selection (not sure if that is even the correct word so forgive me my english) but it does seem like a popular choice because of its price compared to other ASAs. On the other hand its Licensing can be a pain and annoying.
Jouni is correct that the 5505 is alone among the older ASA product line models in that it is NOT included in the End of Sales announcements to date. True it doesn't have many of the NGFW features but for the price it is a pretty capable little appliance. It's also very popular among engineers who want a lab / home firewall to use in certification studies.
IPS, even among Cisco high-powered IPS appliance doesn't fall in the magic quadrant as defiend by Gartner for NGIPS capabilities. One could guess that's why Cisco recently announced the agreement to acquire SourceFire, one of the market leaders in that space. Their FirePower and FireAmp products are very advanced and capable with respect to not only NGIPS but also NGFW features. However, they don't address the SOHO or SMB markets much in their product line as it is more focused on the larger enterprises.
So...5505 is still good for now. Small investment and it can run the latest ASA software. As long as you are fine with its limited throughput it is a perfectly capable appliance.
Thanks for your replies. I've been researching other firewall options and keep coming back to the ASA as the solution. I've been working with these for a while and know they are a solid product. Also, the support for these devices is the best I've dealt with. There is one other product that caught my interest. Can anyone provide some input on the Cisco ISA 570? It seems to fit exactly what I'm looking for in features and price. But, the reviews I'm reading on these are mixed.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...