Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
553
Views
0
Helpful
3
Replies

ASA firepower service

Tech Support
Level 1
Level 1

‎03-28-2017 07:58 AM - edited ‎03-12-2019 02:08 AM

Hello 

I'm looking to order firewall with IPS/IDS support to integrate main site( 70 users ) with 10 branches (15 users/ site), any recommend model, i think  the ASA 5500-x is EoS and cisco advice to migrate to firepower appliance.

thanks for help

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-28-2017 09:29 AM

The primary metric in choosing a model is the current and expected bandwidth/throughput per site.

You also need to choose the license types - IPS only, or add URL filtering and Malware protection as options. The applied licenses also affect the expected throughput of the appliances.

Tell us the answers those and we can recommend exact models for you. Also, do the branches have direct Internet access or does everything go out the main site connection?

The main site would probably be something like a 5516-X or 5525-X. The branches will probably be fine with a small 5506-X. It can handle up to around 50 Mbps even with all licenses applied.

0 Helpful

Tech Support
Level 1
Level 1
In response to Marvin Rhoads

‎03-28-2017 02:15 PM

Thanks Marvin for your advice.

the expected band for the main site is 200Mbps & branches 25 Mbps each with direct Internet access.

I'm thinking to use ISR 890 for the branches without fw and use ASR1002-5G-VPN/K9 for the main site do this work fine ?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Tech Support

‎03-28-2017 09:04 PM

I'm not following - you started a thread in the firewalling forum asking about firewall models and then you switched over to asking about pure routers.

For firewalls the 5506-X (branches) and 5525-X (main site) would suffice. You'd need to add a FirePOWER Management Center to manage all of the FirePOWER policies across the enterprise.

The routers you asked about can only do the very basic (and frankly not very good at protecting against the current threat landscape) zone-based firewall. Also, the ASR-1002 is way overkill for your main site. An ISR 4k series like the 4351 would be more than enough for a fraction of the price.

You can add an optional UCS module on the ISR 4k and run FirePOWER Threat Defense on it but very few customers go that route. That option is not available for the small 800 series you're considering for the branches.

http://www.cisco.com/c/en/us/products/collateral/security/router-security/datasheet-c78-735410.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card