https://community.cisco.com/t5/network-security/asa-selection/m-p/2200879#M361801 <P><SPAN style="font-size: 10pt;"><SPAN>My customer is designing an architecture with two networks - internal and external. In between these two networks will be a DMZ where a layer 7 gateway device will reside. This layer 7 device (which could from Layer 7 - SecureSpan SOA Gateway - see </SPAN><A class="jive-link-external-small" href="http://www.layer7tech.com/products/soa-gateway" target="_blank">http://www.layer7tech.com/products/soa-gateway</A><SPAN>) will act as a mediation and policy enforcement point between the internal and external networks using XML. This device as required as there is a requirement for different applications to send and receive different data. The XML is used to accomplish this.</SPAN></SPAN></P><P></P><P>My customer would want to use ASA firewalls to bookend the DMZ. Their question, "Do the ASA 55XX firewalls communication via XML and are they a layer 7 device?". </P><P></P><P>Also, are two firewalls required? Which ASA would work?</P><P></P><P>Thanks,</P><P></P><P></P><P>David Stehle</P> Tue, 12 Mar 2019 01:02:24 GMT dstehle 2019-03-12T01:02:24Z https://community.cisco.com/t5/network-security/asa-selection/m-p/2200879#M361801 <P><SPAN style="font-size: 10pt;"><SPAN>My customer is designing an architecture with two networks - internal and external. In between these two networks will be a DMZ where a layer 7 gateway device will reside. This layer 7 device (which could from Layer 7 - SecureSpan SOA Gateway - see </SPAN><A class="jive-link-external-small" href="http://www.layer7tech.com/products/soa-gateway" target="_blank">http://www.layer7tech.com/products/soa-gateway</A><SPAN>) will act as a mediation and policy enforcement point between the internal and external networks using XML. This device as required as there is a requirement for different applications to send and receive different data. The XML is used to accomplish this.</SPAN></SPAN></P><P></P><P>My customer would want to use ASA firewalls to bookend the DMZ. Their question, "Do the ASA 55XX firewalls communication via XML and are they a layer 7 device?". </P><P></P><P>Also, are two firewalls required? Which ASA would work?</P><P></P><P>Thanks,</P><P></P><P></P><P>David Stehle</P> Tue, 12 Mar 2019 01:02:24 GMT https://community.cisco.com/t5/network-security/asa-selection/m-p/2200879#M361801 dstehle 2019-03-12T01:02:24Z https://community.cisco.com/t5/network-security/asa-selection/m-p/2200880#M361802 <HTML><HEAD></HEAD><BODY><P>While ASA can provide inspection of certain protocols, it does not provide XML inspection. If you configure your traffic policies correctly, you can allow XML communication from outside to DMZ and from DMZ to inside, depending on your requirements. </P><P></P><P>For your deployemnt, one firewall would be sufficient, but you could use two identical appliances to provide high availability.</P><P></P><P>Choosing the right firewall depends on other parameters:</P><P>- what is the bandwidth required across this firewall</P><P>- do you wish to terminate VPNs on this firewall ? if so, how many ?</P><P>- how many and which physical interfaces do you require</P><P>...</P><P></P><P>You can find the current datasheets at the links below:</P><P></P><P>Small and SoHo appliances: </P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78-701253.html">http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78-701253.html</A></P><P></P><P>Internet Edge appliances:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78-701808.html">http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78-701808.html</A></P></BODY></HTML> Tue, 12 Mar 2013 18:30:06 GMT https://community.cisco.com/t5/network-security/asa-selection/m-p/2200880#M361802 stojanr 2013-03-12T18:30:06Z