Solved

Which Cisco Router Should I Use????

Posted on 2009-05-20
7
327 Views
Last Modified: 2012-05-07
We are hosting an application on a Windows server that streams Flash Content out - called Adobe Connect - it uses port 1935 RTMP to stream the content and we are looking for the best and easiest CISCO router to act as the firewall at our Co-location in Philadelphia - we have a 100mb connection to the internet and typically use about 10-12MB during a presentation.  We see dropped packets every once in a while and we want to take the router portion out of the picture -
0
Comment
Question by:kova4
  • 2
  • 2
  • 2
  • +1
7 Comments
 

Author Comment

by:kova4
Comment Utility
Additional Info - we have ports 80,443,1935,3389, and SQL open to the internet - with SQL only open to our servers at home via ip address authentication.
0
 
LVL 18

Expert Comment

by:Don S.
Comment Utility
Routers are not firewalls.  It's not a good idea to try to use them as such.  A cisco ASA 5520 may be enough depending on how man simultaneous connections you anticipate.  As for any routers needed in front of or behind the firewall, I think the 2821 with it's twin 1 Gbps ethernet ports should suffice.
0
 
LVL 16

Expert Comment

by:ccomley
Comment Utility
1 - you almost certainly do NOT need a router, just a firewall, which will do all the routingh you need (minimal) and provide the protection you seek.

2- why Cisco? Cisco make good routers and switches. They're not at the leading edge of Firewall tech at all...

3 - to permit the traffic you seek, block everything else, AND provide sensible levels of DOS, IDP, etc., I would recommend a Sonicwall Pro 1260.

BUT

check it can cope with your anticipated level of throughput - see the charts on

http://www.sonicwall.com/uk/PRO_Series.html

And if you go for anything else, this is STILL your biggest question once you're sure it's secure enough.

Hint - Cisco firewalls still don't do deep packet inspection last I looked so the Sonic IDP is going to be way better.

Hint2 - the cheapest way to get the Pro 1260 and all the toys you might need is to buy the "Total Secure" bundle.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 3

Expert Comment

by:fritz5150
Comment Utility
I would recommend going either with the Cisco 5520 with AIP Module, or using a Fortinet Unit. I have used both extensively and can say that they are both excellent units in terms of protection, throughput, VPN accessibility, etc... I would say that if you are looking more towards a complete protection scenario, that the Fortinet has the edge. With Network based anti-virus, continually updated IDS signatures, and advanced content filtering, it is a difficult unit to beat. You would be looking at probably something in the 100 to 200 series.
0
 

Author Comment

by:kova4
Comment Utility
Security is not that impotant - I am not too worried that people are trying to break into the firewall - I need the fastest thruput to the server due to webcasting - processing the packets in a timely manner seems to be the biggest issue - am I incorrect? or is the bottleneck going to be the internet itself and I am way below the bandwidth max of the router processing -
0
 
LVL 3

Accepted Solution

by:
fritz5150 earned 250 total points
Comment Utility
To do what you are asking, you would be looking towards a 7200 series at least. 2Mpps rate. It can support full 100Mbps line speed. Even the 3800 Series only supports up to T3 at wire speed.
0
 
LVL 16

Assisted Solution

by:ccomley
ccomley earned 250 total points
Comment Utility
Fast packet processing is indeed the clue for throughput.

Most modern firewalls will be fast enough if all yuo are doing is stateful inspection.

But if you need better protection, these days, you have to do deep packet inspection. And Sonicwall are way out in front here, with their reassembly-free DPI logic.

WhatEVER firewall you choose, check it's rated throughput is either (a) at least as fast as your internet connection or (b) fast enough for the intended throughput, when doing the type of inspection you need. (The Sonicwall URL I gave you has all those figures for the Sonicwall range. If the PRO series doesn't go fast enough, check the NSA series.)
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now