I have not seen a firmware update to the SA520 and SA520W since last year. They are still rife with problems and missing essential features. Have these products been abondoned by the developers? We bought 3 years of service and 2 years in dev appears to have stopped. Is this what I can expect from Cisco going forward? I used to be impressed with Cisco's dedication to their products, but that impression is beginning to sour.
There was a post from a Cisco rep a few days ago stating that a firmware release is currently undergoing regression testing and due out the third week of September. We're actually testing that firmware release (188.8.131.52_1) in production right now.
One bug that has been fixed is that uPnP wasn't working after reboots. In order to get it to work after a reboot we either had to disable/re-enable uPnP or unplug (and plug back in) the cord going to the WAN port. uPnP works after each reboot now.
There is still no inter-VLAN ACL support in this version.
It seems that the SA540 MIGHT work with Cisco AnyConnect with this release. I have attempted to get it to work and it gets much further now but the iPhone app doesn't support the device yet.
There is more robust Trend Micro ProtectLink Web logging in this version as well. It now spits out the exact links that are blocked and/or not displayed due to overflow.
This release seems to use less memory as well. Usually after a couple of days after a reboot our SA540 is at 80% - 85% memory usage. Right now it is < 70%.
We have only been testing this new version for two days now so that's all that I have noticed.
Thanks Curtis! At least it hasn't been abondoned.
When our PIX501's reached end-of-life I wasn't sure what to get. I ended up with the SA520 and since then I've done nothing but kick myself for not buying the ASA5000 series. The Cisco sale support person I spoke to told me it had specific features I asked for when it did not. Overall the experience has been a nightmare. We're a small company with limited resources and a mistake like this means living with it for years.
If I don't reboot our 520's at least twice per month the internet becomes nearly unusable until I do. With the PIX's I could EASILY let them run for 6 months at a time without rebooting with zero change in performance.
There is another beta firmware going around (2.1.78) that supposedly fixes an issue with Verisign VIP. There may be some other bug fixes included that may stabilize your environment. You might call the CSBC, ask for level 2 tech support because you want access to beta firmware, and ask for beta version 2.1.78 and/or 184.108.40.206_1.
Fortunately for us, 2.1.71 has been extremely stable. We only deployed the latest beta version to fix an issue with Verisign VIP, not for stability reasons.
Cicso has no F-ing clue how to deal with the SMB market. They are used foisting overpriced buggy crap onto partners who make a fortune on callbacks to large businesses with the never ending promise that it will get better. Because the investments and rollouts are so large, the large business has no real choice but to bend over and take it. The partner gets paid and cisco gets paid, over and over.
This business model does not work for small business. If a small IT company installs crap, it either gets fixed or the partner and the crap get tossed out the front door. The bottom line, you need to be a dishonest SOB to sell a customer any of this stuff. It is not well supported and it is buggy. The funny part is that we all sit around waiting for Cisco to pull their head out of their ass, and it never happens.
Go poke through the UC320 forum if you want a good laugh. That entire project team needs to be fired (I don't say that lightly, esp in this tough economy). The product is a complete bug riddled joke. I dropped in here to look for something to replace my no longer supported 871Ws. We tried a few RV220Ws but they are bug riddled crap. I am starting to think the SA520 and RV220W are pretty much the same device.
IME, the SA540 is far superior than the other Cisco SMB routers. Our's is extremely stable. We only reboot the device monthly for preventive reasons... and only during scheduled maintenance. We have gone over two months without rebooting it without incident.
The SA500 Series routers have been around for quite a bit longer than the RV220W. Cisco has been working hard over the past two years to stabilize the firmware and its feature set. We are currently Beta testing firmware version 220.127.116.11_1, and it is has proved to be just as stable as 2.1.71. This version of firmware also includes a lot of fixes and enhancements. We are looking forward to the final build (GA release). We are told it is due out in mid-September, but as long as they get it *right* we don't mind waiting a little longer.
Unfortunately 18.104.22.168_1 doesn't include inter-VLAN ACL support which we really need. I haven't spoken to Cisco tech support, but I don't think inter-VLAN ACL support is even on the roadmap.
Something else that has been on the roadmap for the SA500 Series routers is Cisco AnyConnect support. 22.214.171.124_1 seems to have support for it but the iPhone/iPad app just doesn't seem to support it yet. You get an error when you try to connect, but Cisco AnyConnect is able to talk to the SA540 because it spits out the device ID, serial number, etc. (basically a different error than you get with 2.1.71). Fingers crossed for Cisco AnyConnect support!!! Especially since support for the Cisco VPN Client 5.x is nearing EOL.
We are extremely happy with our SA540. Using the 30-day trials, I was able to convince the powers that be around here to purchase 3-year licenses for IPS, extended support, and Trend Micro's ProtectLink Web. I'm not ready to tackle ProtectLink Gateway, Endpoint, or Verisign VIP, but I'm sure they are well worth the price tag.
For well under $1k we have a solid UTM solution in place. We are located in Kansas City so we are looking forward to Google Fiber coming to town. The SA540 only has the horse power for 300 Mbps WAN throughput, but we will probably just *settle* for that. We don't have the $$$ in the budget for an ASAxxx that it would take to not only be able to handle the 1 Gbps throughput, but also add all the features that the SA540 has (IPS, ProtectLink Web, # of concurrent SSL VPN sessions, etc.).
I have asked SmallNetBuilder to review the SA540 because it hasn't reviewed by a credible group and especially not recently. I asked them to hold off until firmware 2.2.0.x is released though. I hope Cisco gives them the go ahead to review it. SmallNetBuilder has reviewed pretty much every other Cisco SMB router so the comparsion would be very interesting.
Now that we are no longer maintaining a connection to a branch with an SA520, our SA520W seems to not need to be rebooted as frequently.
I still kick myself for not doing a little more research and then buying something in the Cisco ASA5500 series. The SA520 really is just a glorified Linksys device which might be good for some but just doesn't cut the mustard as far as I'm concerned; at least not in a business setting. I'm sure it'd be fine for home use or in a small office.
I do look forward to all future updates and any improvements in stability and functionality are warmly welcomed!