11-09-2011 02:58 AM - edited 03-11-2019 02:48 PM
Hi,
Has anyone used a pair of ASA 5520s in HA to firewall the internet edge and to firewall traffic between internal security zones such as web and application layers? If so, is this best done using different security levels or contexts?
I'm thinking of using a routed context for securing the internet edge and then using seperate contexts for the web and application networks. Conexts will route via a L3 switch.
Thanks,
11-09-2011 03:09 AM
Hi,
Yes you can use the firewall in either route context mode or routed single mode, in either ways you can manage your web and application networks properly. The best utilization of context mode is when you have multiple ISP's terminating for different customers or networks on the ASA, so that you keep them seperate from easchother. But that all depends on the requirement. Using different security-levels would also work for you. That shoudl not be an issue.
Hope that helps
Thanks,
Varun
11-09-2011 04:04 AM
Thanks Varun
I will probably configure the ASA in routed single mode and use security levels between the different zones. There is only 1 ISP in this enviroment and I also need to support VPN termination on the internet edge.
In terms of sizing, the internet connection will be 300Mbps and the firewall throughput between zones needs to be above 500Mbps. I'm just thinking that the 5520 in active/standby will handle the internet bandwidth requirements but not the inter-zone requirements. Which model of ASA will be a good fit here?
Thank you.
11-09-2011 04:17 AM
Hi Will,
Not really can suggest you a particular device, because you can be teh best judge for it, but yes, you can go through the datasheet below and try and match up your requirements with it:
Hope that helps
Thanks,
Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide