10-25-2006 04:00 AM - edited 02-21-2020 01:15 AM
We are implementing a new primary internet connection. What are your recommendations with regards to firewalls versus the new ASA.
10-25-2006 04:26 AM
Hi,
The ASA is basically the PIX replacement, so I'd definitely recommend it - better value and more flexibility, as well as optional content scanning or intrusion prevention. It's hard to be more specific without more detail on your exact requirements though..
HTH
Andrew.
10-25-2006 07:09 AM
Thanks. I need to be able to NAT, setup systems in a DMZ, and restrict access. I am interested in using the IPS module if it is not a big hassel to implement. Have you setup any of the ASA devices? If you have did you find the ASA's hard to implement or manage? Thank you for your initial response.
10-25-2006 12:36 PM
I agree with Andrew. Cisco has all but said the ASA is the PIX replacement. It is in the same price category, but adds a LOT of performance and enhancements that the PIX does not have. From a configuration point of view, they both run PIXOS 7.x now, so they look the same for configuration.
Since you are interested in IPS, the PIX does not have a module for IPS. The ASA IPS module is the same in function to a full-blown IPS appliance.
I also highly recommend the ASDM interface for configuring (it is included with both) because it provides many wizards and an easy GUI for most firewall tasks.
-Eric
Please remember to rate all helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide