03-28-2017 01:06 PM - edited 03-12-2019 02:08 AM
So I have been tasked with researching what models of ASA and ISR we should get for an upgrade we are doing. After looking into the 4451 ISR and the security features I am not sure if we even need an ASA. The 4451 has Firepower services, VRF-Aware Firewall and does NAT. Has all of the same VPN services as far as I can see, does Snort, supports Self Learning Networks and Cisco TrustSec as well as the umbrella support. We have about 600 users at this location (school). Any advice?
Solved! Go to Solution.
03-28-2017 09:19 PM
The 4451 ISR requires you add the UCS module to run FirePOWER Threat Defense. when you add all the costs, it may be a more expensive option. Your Cisco partner should be able to do a side-by-side analysis of the purchase and licensing/support costs.
Running the Zone based firewall and remote access VPN on the IOS is possible but not as full-featured as on an ASA.
You will also be in the <10% of customers who do so, making your exposure to potential problems greater and limiting your supportability.
03-28-2017 09:19 PM
The 4451 ISR requires you add the UCS module to run FirePOWER Threat Defense. when you add all the costs, it may be a more expensive option. Your Cisco partner should be able to do a side-by-side analysis of the purchase and licensing/support costs.
Running the Zone based firewall and remote access VPN on the IOS is possible but not as full-featured as on an ASA.
You will also be in the <10% of customers who do so, making your exposure to potential problems greater and limiting your supportability.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide