Which Firewall is better?

Hello all,

I am setting up a network and need to put a firewall in place. Need to be able to allow/deny ports, ips, etc. Which one is a better unit for my needs? The Cisco ASA 5500 or the Cisco SA 520? Have been running a software based firewall and its time for a change for the better. If there is a better unit in the $500 price range, let me know you thoughts.

Thanks in advance,

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I personally like the ASA5500 series. I use the ASA 5505 at home and I love it. At work I have 5510s. Is this for a home office or business?
jsteidlAuthor Commented:
This is going to be for a business. A web server will be behind the firewall hosting web sites, etc. Not crazy traffic. I have a 2/2 SDSL hooked up to the network.
Just for a different view, have you checked out Sonicwall's offerings. I'm a big fan and it may be cheaper for you at that end of the market.
High-tech healthcare

From AI to wearables, telehealth to genomics to 3D printing — healthcare technology is seeing rapid advancement. Experts believe that this technological advancement will save money and save lives. Healthcare is changing dramatically, and emerging technology drives that change.

I have used Checkpoint, Cisco and Sonicwall. I like the Sonicwall as well but I can't deal with seeing subscription options in my menu screens. I'm referring to the TZ Sonicwall line. The 5505 is just right for a SOHO or small branch office location. The 5510 would be overkill. You'll have to shop around to form your own opinion, especially with the offerings available. On a side note. I have never used the SA 520. I'm not a big fan of having my wireless and firewall on one box, but againt that's me. Best of luck hunting!
Fred MarshallPrincipalCommented:
I'm using Juniper Networks SSG-5s.  Support is outstanding!
Garry GlendownConsulting and Network/Security SpecialistCommented:
SA520 is low end ... barely useful for SOHO, with emphasis on the "H" part ... very limited (e.g. 100 Domain whitelist entries) ... wouldn't install it in commercial setup ... go with ASA5505 (make sure you have the right size for the number of hosts) ... Solid device & OS ...
depends on multiple things...,

size of your company (SA 500 is typically for 100 or else employees), features requirement.
SA 500 is a UTM box supporting pretty much all the feature firewall, ips, vpn, content filtering (antispam, web-filtering ) as well as is fully GUI based and very easy to configure
ASA 5505 supports just Firewall + IPS (module).

Being price sensitive ($500) i think it would be better to buy a SA 500
jsteidlAuthor Commented:
There will be no users connected to the network. Just a web server behind the firewall to host web sites, etc.
ok, in that case I would recommend ASA 5505+ IPS(module) on that. IPS is pretty important to monitor/block network attacks on your web servers.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Garry GlendownConsulting and Network/Security SpecialistCommented:
Please do make sure that you understand that an IPS isn't something that you enable (like a firewall) and can that forget about ... it takes at least regular checking and updating ...
jsteidlAuthor Commented:
fmarshal, you say you use the Juniper Networks SSG-5s and like it. Does it have a GUI for setup or is it command based. Looking for something that is not crazy complex. Have worked with the older cisco 1600's, but not in some time.
Garry GlendownConsulting and Network/Security SpecialistCommented:
As for ASA, its ASDM GUI is just about the best thing Cisco has managed to roll out to any device to date ... you can download ASDM for demo without the actual device to get a feeling for the configuration process ...
Fred MarshallPrincipalCommented:
The Juniper Networks SSG-5 uses their Screen OS I do believe.  It took me a bit of time to learn how to use it as the terminology, for me, was "different" than I was used to.  That's where the support comes in.  They are very willing to remote in and help with settings, etc.  Then, if you are willing to learn, the need for support diminishes.

If I have a complaint it's that they are almost too willing to help and you can spend a lot of time on the phone as they deal with your firewall remotely.  And, sometimes it's hard to keep up with what they're doing.  That said, the support is impressive.  And then there's email support as well - all nicely integrated into a case system.  I can't compare this with any other similar company as I have no experience...

There is a graphical user interface that does almost everything you need.
The settings are in a text file so you can read them
I've only had to use the command line a couple of times to set up rather special settings.

If you can grasp the idea of virtual routers then the idea of setting up what would be called vlans, etc. is pretty reasonable.  Once a system is set up the way you want it, maintenance is easy in the sense that things (users, rules, policies) are very compartmentalized.  
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.