Cisco Support Community
Community Member

Choose a firewall

I need some help on selection of the firewall. My situation is like this: I have one Web Application Server and a Database Server (which supports the web server). Now I need a firewall hardware to have the following features:

1)switch: so that I can connect both the web server and the database server to it;

2)DMZ: so that I can plug in a caching server.

3)VPN: so that I can use my PC remotely access the web and database servers. (My PC will be installed the VPN CLient software).

Which firewall product(s) should I choose?

As for the DMZ, do I need to purchase the additional/external card to plug into the firewall equipment OR it has already built it in?

Many Thanks.


Community Member

Re: Choose a firewall

You can go for any PIX firewalls. On a smaller scale you can look into Linksys. Juniper also has a Netscreen 4GT firewall with wireless access point.

For DMZ, for PIX/NetScreen, just make sure you have at least 4 ports in it.

Hope this helps.


Re: Choose a firewall

with dmz, you probably needs pix515e or above. if so, asa would be better for the value, since the cost is similar (or less) comparing to pix515e but comes with much more features.

in case the budget is very limited, you may consider 2 pix501/506e in order to create a dmz. e.g.

www <--> pix <--dmz--> pix <--> lan

Community Member

Re: Choose a firewall

Thanks for the response. But I would need some futher clarification:

1)It is said:"with dmz, you probably needs pix515e or above"

--Why need pix515e or above? Would the pix501 or 506 achieve the same?

2)It is said:"consider 2 pix501/506e in order to create a dmz. e.g.

www <--> pix <--dmz--> pix <--> lan"

--Why do I need 2 pix in order to build up a DMZ? (Wouldn't one pix 501 or 506 be good enough?)

3) If my servers are hosted in a hosting company where they have already set up a firewall for the internet, my servers will be located in their server room (like in a LAN). Now if I use the pix501 (or 506) to set up another firewall just for protecting my servers in the room, would this pix 501 (or 506), in combination with the Hosting Company's firewall, satisfy the "www <--> pix <--dmz--> pix <--> lan" model?

4) Microsoft claims the ISA Server 2004 will do better job than the traditional firewall, would you give some comments on this? i.e. using ISA 2004 in comparison with using the pix 50x.

Many thanks.

CreatePlease to create content