Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1747
Views
10
Helpful
3
Replies

Looking for Firewall with 2x optic port

Succeeded
Level 1
Level 1

‎02-19-2020 07:22 AM

Hello all,

 

hopefully you can give me a helping hand. Right now I´m looking for a firewall which provides the following features:

- min. 5 network ports (5x IP address) - (copper)

- 1x IPSec VPN (Lan-to-LAN)

- NAT

- ACL

- DHCP server

- 2 optic network interface ports (usable as for NAT and ACL)

 

 

Right now I´m using Cisco ASA 5506-X for the needs I have. But in the future it is necessary to have min 2 optical ports on the devices which we use for our customers.

Somebody ideas? Is it realy necessary to buy a ASA 5525-X with additional SFP+ moduls? Are there cheaper solutions?

 

I´m realy looking forward to hear from you guys.

Thank you very much in advance.

Friendliest greetings

Labels:
0 Helpful
3 Replies 3

Oleg Volkov
Spotlight
Spotlight

‎02-19-2020 07:37 AM

Do You need remote access?

I2l VPN You can do on router.

If You want true Firewall I think You can use Cisco ASA5506 with FirePOWER and small switch with SFP ports or mediaconverters.

Example small switch is SG350 with 10 ports and two SFP (SG350-10 or SG350-10P ith PoE)

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog
0 Helpful

Sheraz.Salim
VIP
VIP

‎02-19-2020 10:10 AM - edited ‎02-19-2020 10:12 AM

depends on the budget how much customer want to spent. 5506-x is EOL and so the 5525-X EOL too. the best option for you to go with FTD FPR1140-BUN with 4 SFP slots. As cisco is more focused on FTD now instead of ASA. having said that with bigger FTD appliances you can run ASA code in them.

 

If i were at your i would go for FTD instead of 55XX-X series.

 

FTD does support NAT/ACL/remote VPN/site-to-site VPN its as NGFW unified software ASA code and Snort(firepower).

 

please do not forget to rate.

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-19-2020 07:49 PM

Unless you go with external media converters as @Oleg Volkov mentioned then @Sheraz.Salim has the least cost all-in-one solution - a Firepower 1000 series with built-in SFPs. The 1120 or higher have those:

https://www.cisco.com/c/en/us/products/collateral/security/firepower-1000-series/datasheet-c78-742469.html#Hardwarespecifications

You can run ASA image or FTD image on them. I'd recommend FTD image (with CDO as the management if you have more than a couple of them).

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card