My case is like this: an (web)applcation server hosts multiple web apps for the public to access. Moderate traffic. The server is located in a Commercial Hosting Company's server room. So the server can directly plug into the LAN (which is connected to the internet).
1) Among the PIX 50x series, which firewall fits this situation better? (I'll need the firewall to support the NAT, DMZ and VPN). Or I may even need other firewalls (budget sensitive).
2) Is the double firewall necessary to build the DMZ? (i.e. PIX --DMZ-- PIX)
3) Any opinion or comment on the Microsoft ISA Server 2004 (which claims to be a better firewall).
2.) No it is not necessary to build a DMZ. Usually you just use your third interface as DMZ inteface and allow some traffic in to your Web Servers.
3.) A firewall that rules an operating system is vulnerable to OS vulnerabilities need more patch management so there are more risks for bugs and holes, usully less performance, you need to buy a server (hardware).
In my opinion MS ISA is a good Caching and SSL Proxy product that is optimised for Microsoft but I prefer a hardware based firewall appliance that is just doing his firewall job.
Finaly you will get MS ISA for about 1500$ plus a server another 1500$ plus installation and maintenance so this is finaly more expensive than a PIX Firewall 515R.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :