What ASA to use?

Graham Prouse · ‎07-22-2014

I work for a tourist attraction and the network is a state, no firewall, no vlans, no qos. Everything running on one subnet (very cramped), that includes corporate clients, servers, private wifi, VoIP and EPOS!! Still relatively new in the job, so not my fault!

I plan to put a Cisco ASA in place to manage the network and vlans etc, with a separate adsl/fibre router as our internet connection.  We are likely going to add visitor wifi also at some point, so we need comprehensive VLANning and PCI Compliance.

We have two points of internet presence - 1 for corporate use, 1 dedicated for EPOS and card payments systems.
I was looking at the ASA5515-K9 for the corporate use, but now thinking the ASA5515-IPS-K9, may be better.
An ASA5510 to be added on the EPOS internet link.

An additional internet link to be added for visitor wifi, and run that through the 5515.


What model of ASA would you recommend, or does what I have planned sound right?
Do you think a model with IPS is required?

Thanks, 
Graham

Marvin Rhoads · ‎07-22-2014

Selecting from the 5500-X series (15, 25 etc.) is more driven by your throughput and number of interfaces required. Please refer to the data sheet for info on those parameters.

With respect to the IPS, I would counsel you not use the legacy IPS (-IPS models). Those are based on the old Cisco technology which is widely expected to be completely discontinued within the year. If you want an IPS, you are better off specifying a model with the CX module (and required SSD storage) and buy the Next Generation Firewall (NGFW) IPS service subscription.