Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Which Cisco Router Should I Use????

Posted on 2009-05-20
7
Medium Priority
?
334 Views
Last Modified: 2012-05-07
We are hosting an application on a Windows server that streams Flash Content out - called Adobe Connect - it uses port 1935 RTMP to stream the content and we are looking for the best and easiest CISCO router to act as the firewall at our Co-location in Philadelphia - we have a 100mb connection to the internet and typically use about 10-12MB during a presentation.  We see dropped packets every once in a while and we want to take the router portion out of the picture -
0
Comment
Question by:kova4
  • 2
  • 2
  • 2
  • +1
7 Comments
 

Author Comment

by:kova4
ID: 24431043
Additional Info - we have ports 80,443,1935,3389, and SQL open to the internet - with SQL only open to our servers at home via ip address authentication.
0
 
LVL 18

Expert Comment

by:Don S.
ID: 24431414
Routers are not firewalls.  It's not a good idea to try to use them as such.  A cisco ASA 5520 may be enough depending on how man simultaneous connections you anticipate.  As for any routers needed in front of or behind the firewall, I think the 2821 with it's twin 1 Gbps ethernet ports should suffice.
0
 
LVL 17

Expert Comment

by:ccomley
ID: 24432566
1 - you almost certainly do NOT need a router, just a firewall, which will do all the routingh you need (minimal) and provide the protection you seek.

2- why Cisco? Cisco make good routers and switches. They're not at the leading edge of Firewall tech at all...

3 - to permit the traffic you seek, block everything else, AND provide sensible levels of DOS, IDP, etc., I would recommend a Sonicwall Pro 1260.

BUT

check it can cope with your anticipated level of throughput - see the charts on

http://www.sonicwall.com/uk/PRO_Series.html

And if you go for anything else, this is STILL your biggest question once you're sure it's secure enough.

Hint - Cisco firewalls still don't do deep packet inspection last I looked so the Sonic IDP is going to be way better.

Hint2 - the cheapest way to get the Pro 1260 and all the toys you might need is to buy the "Total Secure" bundle.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 3

Expert Comment

by:fritz5150
ID: 24441459
I would recommend going either with the Cisco 5520 with AIP Module, or using a Fortinet Unit. I have used both extensively and can say that they are both excellent units in terms of protection, throughput, VPN accessibility, etc... I would say that if you are looking more towards a complete protection scenario, that the Fortinet has the edge. With Network based anti-virus, continually updated IDS signatures, and advanced content filtering, it is a difficult unit to beat. You would be looking at probably something in the 100 to 200 series.
0
 

Author Comment

by:kova4
ID: 24443804
Security is not that impotant - I am not too worried that people are trying to break into the firewall - I need the fastest thruput to the server due to webcasting - processing the packets in a timely manner seems to be the biggest issue - am I incorrect? or is the bottleneck going to be the internet itself and I am way below the bandwidth max of the router processing -
0
 
LVL 3

Accepted Solution

by:
fritz5150 earned 750 total points
ID: 24444806
To do what you are asking, you would be looking towards a 7200 series at least. 2Mpps rate. It can support full 100Mbps line speed. Even the 3800 Series only supports up to T3 at wire speed.
0
 
LVL 17

Assisted Solution

by:ccomley
ccomley earned 750 total points
ID: 24448895
Fast packet processing is indeed the clue for throughput.

Most modern firewalls will be fast enough if all yuo are doing is stateful inspection.

But if you need better protection, these days, you have to do deep packet inspection. And Sonicwall are way out in front here, with their reassembly-free DPI logic.

WhatEVER firewall you choose, check it's rated throughput is either (a) at least as fast as your internet connection or (b) fast enough for the intended throughput, when doing the type of inspection you need. (The Sonicwall URL I gave you has all those figures for the Sonicwall range. If the PRO series doesn't go fast enough, check the NSA series.)
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question