Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SA 540 or ASA 5505???

I want to know what's the difference between both products and which to buy if I am deploying a Small Business Server 2008.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: SA 540 or ASA 5505???

Hello,

Well, it depends on what your security requirements are for your network and the SBS 2008. Can you provide some additional information on what you would like to protect or services to provide.

For example:

1. Do you need secure remote access to the server? If so, do you want to use SSL, client base VPN application or the ability for remote users to download the VPM client from the security appliance?

2. Do you need to have a DMZ zone for email and/or web service?

3. Or do you need to port forward or use Outlook secure access?

4. Do you need web threat or content filtering services?

5. Do you need site-to-site tunnel to a remote office/branch office?

6. Do you need email scanning for viruses, malware, etc?

I have deployed both products, depending on the requirements from the customer and what they need to protect.

Hope this helps.

Bert Wilhelm

APW Solutions

Austin, TX

3 REPLIES
New Member

Re: SA 540 or ASA 5505???

Hello,

Well, it depends on what your security requirements are for your network and the SBS 2008. Can you provide some additional information on what you would like to protect or services to provide.

For example:

1. Do you need secure remote access to the server? If so, do you want to use SSL, client base VPN application or the ability for remote users to download the VPM client from the security appliance?

2. Do you need to have a DMZ zone for email and/or web service?

3. Or do you need to port forward or use Outlook secure access?

4. Do you need web threat or content filtering services?

5. Do you need site-to-site tunnel to a remote office/branch office?

6. Do you need email scanning for viruses, malware, etc?

I have deployed both products, depending on the requirements from the customer and what they need to protect.

Hope this helps.

Bert Wilhelm

APW Solutions

Austin, TX

New Member

Re: SA 540 or ASA 5505???

Bert, thank you for your help.

I will deploy a Small Business Server 2008 Premium so I will have an Exchange Server. However the Exchange Server is installed in the same server with the Windows Server that manages my network so I really don't know if this server should be connected to the DMZ port.

I will need remote access to the office network using either VPN client software or web browser with SSL. If users can download the VPN client from the appliance it's better but risky, or not?

Small Business Server 2008 comes with a Remote Web Workspace so users should connect to the server and of course to Outlook Web Access.

Right now I don't need site-to-site tunnel but maybe in the near future.

I will deploy the Symantec Protection Suite Small Business Edition that includes features to protect email, exchange server, viruses, worms, spyware and malware.

I hope this information is useful so you can help me choose the right security appliance.

Thank you very much.

Regards,

Rodrigo

New Member

Re: SA 540 or ASA 5505???

Hello Rodrigo,

Sorry for the delay in responding and thank you for the additional information. You are correct about keeping the server behind the firewall. We have implemented a SBS 2003 server, kept it behind the firewall and port forwarded the port numbers (i.e. 465, 993 and 443) to the Exchange server. Generally, we would put a web and/or mail server on the DMZ. Sometimes, if the server is used for e-commerce and needs access to resources inside the network, then we will also allow access to specific servers on the inside.

The SA 500 series platform is a good overall security appliance for SMB companies that have a fairly simple network infrastructure. We have deployed the product into sites where the customer mainly needs firewall, IPS (Cisco just announced the feature), integrated TrendMicro Protectlink security service (for spam, malware, web browsing filtering) and SSL VPN for remote users.

We like the ASA 5500 series for clients that require granular security into and out of their network. The ASA is a very flexible platform and can provide various security levels depending on the customers requirements. One feature that is we deploy is the AnyConnect client. This software is loaded onto the ASA. Remote users will simply point their browser to the ASA via Web SSL, login, ASA checks the OS and downloads the appropriate OS version for the AnyConnect. We have deployed this for clients that have a mixture of WinXP, Vista, Win7 and MacOS remote users. All works very well.

Both platforms are good, but it depends on the requirements and what you would like to do. If you like, let's chat. I will send you my phone number via PM.

Regards,

Bert Wilhelm

APW Solutions, Austin TX

2020
Views
0
Helpful
3
Replies
CreatePlease login to create content