I have a project with high firewallying specs, and I am not sure if the configuration I have found will be fit for the requirements.
Here are the specs:
- Antispam and Antivirus (is this a subscription?)
- Able to report CPU load over cripted SNMP
- Support for SIEM from 3rd party (this should be ok)
- Able to deliver 10gigs on all the following: packet filtering, antivirus, VPN, UTM including http and antispam, IPS and IDS checks
- Able to do QoS
- Roules should change based on user windows group (at least 100+ different groups)
- At least 100 VPN (IPSEC) lan-to-lan with optional NAT on IPv4 addresses
- Albe to handle 5000+ VPN (SSL) concurrent users
- Email alerting system
- Support for at least 120 VLans
- 4 or more 10 Gigs ports
Now, what I came up with: ASA-5585-S40-K9 which covers most of the requirements, I am not sure if it can do the L7 stuff (antispam and HTTP), what does it need in order to be able to do it, and in general if it's actually fit for ALL the specs.
Can anyone help me out with this, or suggest where I can find further documentation? I have been reading quite a lot about ASAs to come out with this config over the past days, googling over cisco.com. Thank you in advance.
The ASA5585 (and other ASAs for that matter) supports URL filtering and you can filter based on ports. Anything more than that you would need to add an Web Secuirty Appliance aka. Ironport Web device. Also for the antispam and and Email you would need an Email Security Appliance aka. Ironport Email device (this is if you are going Cisco all the way ofcourse). And for the Antivirus/IPS/IDS you would need an IPS module.