Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Choose a firewall

I need some help on selection of the firewall. My situation is like this: I have one Web Application Server and a Database Server (which supports the web server). Now I need a firewall hardware to have the following features:

1)switch: so that I can connect both the web server and the database server to it;

2)DMZ: so that I can plug in a caching server.

3)VPN: so that I can use my PC remotely access the web and database servers. (My PC will be installed the VPN CLient software).

Which firewall product(s) should I choose?

As for the DMZ, do I need to purchase the additional/external card to plug into the firewall equipment OR it has already built it in?

Many Thanks.


New Member

Re: Choose a firewall

Personally from a security point of view, I would buy a Pix or ASA depending on your budget. Your setup would consist of 3 interfaces, an outside, inside and dmz. Your VPN would terminate on the outside.

The DMZ interface should not have the database server directly attached, as it only is required for back end communication with the webserver, so a back end swicth would be best, altho you could go cheap and use a crossover if you have no need for expansion and have the spare nics.

So you could get away with a simple Pix506 if you just wanted outside/DMZ, but if you want an inside interface as well then a Pix515 with extra nic card would suffice.

CreatePlease login to create content