Solved

Which Cisco Router Should I Use????

Posted on 2009-05-20
7
332 Views
Last Modified: 2012-05-07
We are hosting an application on a Windows server that streams Flash Content out - called Adobe Connect - it uses port 1935 RTMP to stream the content and we are looking for the best and easiest CISCO router to act as the firewall at our Co-location in Philadelphia - we have a 100mb connection to the internet and typically use about 10-12MB during a presentation.  We see dropped packets every once in a while and we want to take the router portion out of the picture -
0
Comment
Question by:kova4
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 

Author Comment

by:kova4
ID: 24431043
Additional Info - we have ports 80,443,1935,3389, and SQL open to the internet - with SQL only open to our servers at home via ip address authentication.
0
 
LVL 18

Expert Comment

by:Don S.
ID: 24431414
Routers are not firewalls.  It's not a good idea to try to use them as such.  A cisco ASA 5520 may be enough depending on how man simultaneous connections you anticipate.  As for any routers needed in front of or behind the firewall, I think the 2821 with it's twin 1 Gbps ethernet ports should suffice.
0
 
LVL 17

Expert Comment

by:ccomley
ID: 24432566
1 - you almost certainly do NOT need a router, just a firewall, which will do all the routingh you need (minimal) and provide the protection you seek.

2- why Cisco? Cisco make good routers and switches. They're not at the leading edge of Firewall tech at all...

3 - to permit the traffic you seek, block everything else, AND provide sensible levels of DOS, IDP, etc., I would recommend a Sonicwall Pro 1260.

BUT

check it can cope with your anticipated level of throughput - see the charts on

http://www.sonicwall.com/uk/PRO_Series.html

And if you go for anything else, this is STILL your biggest question once you're sure it's secure enough.

Hint - Cisco firewalls still don't do deep packet inspection last I looked so the Sonic IDP is going to be way better.

Hint2 - the cheapest way to get the Pro 1260 and all the toys you might need is to buy the "Total Secure" bundle.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 3

Expert Comment

by:fritz5150
ID: 24441459
I would recommend going either with the Cisco 5520 with AIP Module, or using a Fortinet Unit. I have used both extensively and can say that they are both excellent units in terms of protection, throughput, VPN accessibility, etc... I would say that if you are looking more towards a complete protection scenario, that the Fortinet has the edge. With Network based anti-virus, continually updated IDS signatures, and advanced content filtering, it is a difficult unit to beat. You would be looking at probably something in the 100 to 200 series.
0
 

Author Comment

by:kova4
ID: 24443804
Security is not that impotant - I am not too worried that people are trying to break into the firewall - I need the fastest thruput to the server due to webcasting - processing the packets in a timely manner seems to be the biggest issue - am I incorrect? or is the bottleneck going to be the internet itself and I am way below the bandwidth max of the router processing -
0
 
LVL 3

Accepted Solution

by:
fritz5150 earned 250 total points
ID: 24444806
To do what you are asking, you would be looking towards a 7200 series at least. 2Mpps rate. It can support full 100Mbps line speed. Even the 3800 Series only supports up to T3 at wire speed.
0
 
LVL 17

Assisted Solution

by:ccomley
ccomley earned 250 total points
ID: 24448895
Fast packet processing is indeed the clue for throughput.

Most modern firewalls will be fast enough if all yuo are doing is stateful inspection.

But if you need better protection, these days, you have to do deep packet inspection. And Sonicwall are way out in front here, with their reassembly-free DPI logic.

WhatEVER firewall you choose, check it's rated throughput is either (a) at least as fast as your internet connection or (b) fast enough for the intended throughput, when doing the type of inspection you need. (The Sonicwall URL I gave you has all those figures for the Sonicwall range. If the PRO series doesn't go fast enough, check the NSA series.)
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question