https://community.cisco.com/t5/network-security/security-solution/m-p/976053#M938305 <HTML><HEAD></HEAD><BODY><P>Ahmed</P><P></P><P>You are correct that in terms of physical interfaces the ASA5540 has only 4 interfaces. But the ASA5540 supports VLANs so if one (or more) of the interfaces are connected to a switch then the number of logical interfaces supported is much higher. According to this data sheet the ASA5540 supports 200 VLANs, which should allow you to segment your network as you want.</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html" target="_blank">http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html</A></P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Mon, 05 May 2008 00:38:26 GMT Richard Burts 2008-05-05T00:38:26Z https://community.cisco.com/t5/network-security/security-solution/m-p/976051#M938303 <P>Dear All</P><P>I have a network which segmented to 5 segments (Servers, Staff, Studnets, Guests, DMZ) + two fiber lines for internet connectivity from my ISP.</P><P>I would like to find a solution which allow me to terminate all segments and internet lines to it then apply a protection rules ( virus scanning, web filtering etc)</P><P>this device should cover the following functions.</P><P>Firewall, antivirus, anti spam, web filtering, VPN...</P><P>I checked ASA 5500 series but it has a problem in No. of ports available. (5540 has 4 ports only)</P><P>any advices ??</P> Mon, 11 Mar 2019 12:39:51 GMT https://community.cisco.com/t5/network-security/security-solution/m-p/976051#M938303 reagentom 2019-03-11T12:39:51Z https://community.cisco.com/t5/network-security/security-solution/m-p/976052#M938304 <HTML><HEAD></HEAD><BODY><P>You can create a subinterface on say DMZ interface and put it in a different VLAN to separate from the DMZ network. You need to enable trunking on the switch port which connects to the DMZ physical port on ASA 5500.</P><P>Suppose you use gig0/2 on the ASA as DMZ. Then you can do the following to create segment STUDENTS on this interface :</P><P></P><P>ASA(config)#interface GigabitEthernet0/2.300</P><P>ASA(config-if)#nameif DMZ </P><P>ASA(config-if)#vlan 300</P><P>ASA(config-if)#security-level 50</P><P>ASA(config-if)#ip address x.x.x.x 255.255.255.0</P><P>ASA(config-if)#exit</P><P>ASA(config)#interface GigabitEthernet0/2.301</P><P>ASA(config-if)#nameif STUDENTS</P><P>ASA(config-if)#vlan 301</P><P>ASA(config-if)#security-level 60</P><P>ASA(config-if)#ip address y.y.y.y 255.255.255.0</P><P></P><P>Pls rate if this solves your problem.</P><P></P><P></P></BODY></HTML> Sun, 04 May 2008 20:40:54 GMT https://community.cisco.com/t5/network-security/security-solution/m-p/976052#M938304 rkalia1 2008-05-04T20:40:54Z https://community.cisco.com/t5/network-security/security-solution/m-p/976053#M938305 <HTML><HEAD></HEAD><BODY><P>Ahmed</P><P></P><P>You are correct that in terms of physical interfaces the ASA5540 has only 4 interfaces. But the ASA5540 supports VLANs so if one (or more) of the interfaces are connected to a switch then the number of logical interfaces supported is much higher. According to this data sheet the ASA5540 supports 200 VLANs, which should allow you to segment your network as you want.</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html" target="_blank">http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html</A></P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Mon, 05 May 2008 00:38:26 GMT https://community.cisco.com/t5/network-security/security-solution/m-p/976053#M938305 Richard Burts 2008-05-05T00:38:26Z https://community.cisco.com/t5/network-security/security-solution/m-p/976054#M938306 <HTML><HEAD></HEAD><BODY><P>Thanks all,</P><P>do you mean it is possible to create content filter/ firewalling rules per vlan not per interface .. rt ??</P></BODY></HTML> Mon, 05 May 2008 02:38:08 GMT https://community.cisco.com/t5/network-security/security-solution/m-p/976054#M938306 reagentom 2008-05-05T02:38:08Z https://community.cisco.com/t5/network-security/security-solution/m-p/976055#M938307 <HTML><HEAD></HEAD><BODY><P>Ahmed </P><P></P><P>Yes it should be possible to create content filter/ firewalling rules per vlan.</P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Mon, 05 May 2008 11:35:46 GMT https://community.cisco.com/t5/network-security/security-solution/m-p/976055#M938307 Richard Burts 2008-05-05T11:35:46Z