Can you please tell what are those options for:

on-failure Set options for failed login attempt
on-success Set options for successful login attempt 

Does this allow us to TIME OUT a certain IP after ... failed login attempts?

If this switch does not provide this solution, which firewall/hardware do you recommend for data center colocation?

Best Regards,

Edp

---

@edoardodepiet wrote:

Can you please tell what are those options for:

on-failure Set options for failed login attempt
on-success Set options for successful login attempt 

Does this allow us to TIME OUT a certain IP after ... failed login attempts?

The options allow you to have the switch generate SYSLOG messages on login failure or successful attempts. It doesn't allow you to delay or restrict a certain IP after repeated failed attempts.

If this switch does not provide this solution, which firewall/hardware do you recommend for data center colocation?

---

The firewall model depends on what volume of traffic you expect it to handle. 

Thank you again

The firewall model depends on what volume of traffic you expect it to handle. 

- Do you measure it in GBPS? Then please provide some tips for:

• 30 - 50 GBPS
• 50 - 100 GBPS
• 100 - 500 GBPS

or the intervals you feel are relevant with the correct unit of measurement

Thanks again

Hello @edoardodepiet ,

Firewall throughput is measured usually in Gigabits per second (Gbps). Keeping the intervals you mentioned, but in Gbps, you have:

• 30 - 50 Gbps: Cisco 3100 Series ranging from 10 to 45 Gbps or Cisco 4100 Series ranging from 19 to 53 Gbps
• 50 - 100 Gbps: 4215 (71 Gbps) or 4225 (90 Gbps) or 9300 SM-40 (55 Gbps) or 9300 SM-48 (65 Gbps) or 9300 SM-56 (70 Gbps) 
• 100 - 500 Gbps: Cisco 4245 (149 Gbps) or Cisco 9300 3xSM-56 (190 Gbps)

Thank you soo much for those models. Do you know how can i check/if you know how many IPs those can handle in ACL and ROOT?

Hello @edoardodepiet ,

take a look at the following document, page 26-27: https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKSEC-3455.pdf

Quite impressive.

Thank you soo much. Sorry but I am really noob on those topics. Which of those values should we consider for the 3 models you have sent? (Always reated your replies as Helpful)

@edoardodepiet there is a huge difference in cost between the models in the screenshots.

What is your budget? What are your requirements for the Firewall? How many connections? What is the bandwidth of the connected internet circuits? Do you require basic L3/L3 filtering or NGFW L7 (Threat, Anti-Malware etc) functionality?

Refer to the datasheets will give you an idea of the difference in performance of the hardware.

https://www.cisco.com/c/en/us/products/collateral/security/firepower-1000-series/datasheet-c78-742469.html

https://www.cisco.com/c/en/us/products/collateral/security/firepower-2100-series/datasheet-c78-742473.html

https://www.cisco.com/c/en/us/products/collateral/security/firewalls/secure-firewall-3100-series-ds.html

Well, to summarise, you will have for:

4100 series - between 2,250,000 and 3,000,000 ACE

9300 series - between 2,250,000 and 6,000,000 ACE