Cisco ASA5500 - Best model for out business
Experts –
I like to purchase a Cisco ASA5500 device and would like some advice which model and modules will fit best to my needs.
This is the environment it will be implemented in:
LAN Connection: GB Switch
Internet Connection: 100 MB UP / DOWN
Max User connecting to internet: 50
Max VPN Users: 10
Max Site to Site VPN connection: 2
Web Hosting Server: 1 (Hosting a small website, very low traffic)
High Availability: Not Needed
I am looking for maximum security und throughput, so I am not sure what model & module would fit best? I assume either the 5510 or 5520 are sufficient? For the modules I was looking at the IPS and the content security expansions but I am not sure which will provide better security.
Will GB ports on the firewall make a difference in overall speed? Or is 100MB port good enough? Also how much memory should it have?
Please let me know if you need more information’s,
I like to purchase a Cisco ASA5500 device and would like some advice which model and modules will fit best to my needs.
This is the environment it will be implemented in:
LAN Connection: GB Switch
Internet Connection: 100 MB UP / DOWN
Max User connecting to internet: 50
Max VPN Users: 10
Max Site to Site VPN connection: 2
Web Hosting Server: 1 (Hosting a small website, very low traffic)
High Availability: Not Needed
I am looking for maximum security und throughput, so I am not sure what model & module would fit best? I assume either the 5510 or 5520 are sufficient? For the modules I was looking at the IPS and the content security expansions but I am not sure which will provide better security.
Will GB ports on the firewall make a difference in overall speed? Or is 100MB port good enough? Also how much memory should it have?
Please let me know if you need more information’s,
ASKER
Can I add the AIP-SSM-10 module to the ASA5510-SEC-BUN-K9? I can't find the SEC bundle incluing the AIP card?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Cool. What Ironport model would you recommand to look into for our inviorment?
Low end S160
http://www.cisco.com/en/US/products/ps10609/index.html
Or iPrism, which I personally feel is a superior product, but the appliances go by throughput. If you really have 100M Internet, then it might get pricy..
http://www.edgewave.com/products/iprism/default.asp
http://www.cisco.com/en/US/products/ps10609/index.html
Or iPrism, which I personally feel is a superior product, but the appliances go by throughput. If you really have 100M Internet, then it might get pricy..
http://www.edgewave.com/products/iprism/default.asp
ASKER
Thanks for your help.
ASA5510-SEC-BUN-K9
The Sec bundle gives you GB interfaces for throughput between LAN and say, DMZ interfaces, or at least a gig connection to the LAN switch and you can VLAN subinterface if needed without sacraficing anything.
The default 1G memory that comes with the bundle should be more than adequate.
To be honest with you, I don't put a lot of effort into the IPS or Content security modules. I've not seen the IPS module actually do anything except aggravate troubleshooting. The Content security module requires annual license subscription and does some basic web content filtering and in-line Anti-virus, but reports are almost non existent. IMHO, neither adds to your "security". Security is a process and 90% of it is policy driven and end-user education. There are other, better, products for web content like the Ironport, WebSense, iPrism, etc.