Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
376
Views
5
Helpful
3
Replies

Chosing the right FW for this scenario

Go to solution
haidar_alm
Level 1
Level 1

‎12-17-2015 01:28 AM - edited ‎03-12-2019 12:02 AM

Hi guys,

I've got the below requirement/scenario and I would like to get your opinion on what I'm proposing.

Scenario
Client site

  • 900 users
  • 1 server at site acting as AD, DNS, Files-share, ..etc

Requirement

  • Replace FW
  • Provide remote monitoring from head office to server and vice versa

Topology

Solution

  • From Security Firewall point of view, ASA 5506-X/Security Plus for the upgrade
  • Build an IPSEC point to point VPN tunnel to Head office for the HA replication/backup/synchronization of the server
  • Normal www traffic to go via the non VPN traffic
  • Open up ports on both firewalls for remote monitoring and support (snmp, ..etc)

Question

Am I thinking along the right lines here, and will 5506-X / Security Plus be man enough to handle all the traffic, or should I consider a beefier one?

Many thanks in advance...

Mike

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Shivapramod M
Level 1
Level 1

‎12-17-2015 03:01 AM

Hi Mike,

When you are choosing a firewall you also need to check performance of the device. ASA5506 can work with the firepower capability. If you use firepower with the ASA then performance will reduce.

You can look into the below data sheet to verify your requirement such as throughput, connection rate, concurrent session count.

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful

Go to solution
Shivapramod M
Level 1
Level 1
In response to haidar_alm

‎12-17-2015 08:34 AM

Hi Mike,

5508 will give you better performance than 5506. The failover is supported in ASA5506 as well but you need to have the security plus license. In 5506 it does not support active/active failover or multi context mode. If you have any plans to configure the firewall with multiple context then you must go for 5508 where it is supported.

If you do not have large load in in your network then 5506 with security plus license should be fine.

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

View solution in original post

3 Replies 3

Go to solution
Shivapramod M
Level 1
Level 1

‎12-17-2015 03:01 AM

Hi Mike,

When you are choosing a firewall you also need to check performance of the device. ASA5506 can work with the firepower capability. If you use firepower with the ASA then performance will reduce.

You can look into the below data sheet to verify your requirement such as throughput, connection rate, concurrent session count.

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

0 Helpful

Go to solution
haidar_alm
Level 1
Level 1
In response to Shivapramod M

‎12-17-2015 08:01 AM

Hi Shiva,

Many thanks for your reply.

I'm toying between the 5506-X w/ FirePOWER and the ASA 5508-X w/ FirePOWER Services 

The 5508 maybe more than what I need?

Unless you think otherwise considering that I've got like 900 users, and an HA Backup/Sync system that will run overnight over the VPN?

Also, regarding the remote support, do you think the a site to site VPN is the best option? Are there any other VPN options that I need to look into?

Many thanks for your help and advise...

:)

0 Helpful

Go to solution
Shivapramod M
Level 1
Level 1
In response to haidar_alm

‎12-17-2015 08:34 AM

Hi Mike,

5508 will give you better performance than 5506. The failover is supported in ASA5506 as well but you need to have the security plus license. In 5506 it does not support active/active failover or multi context mode. If you have any plans to configure the firewall with multiple context then you must go for 5508 where it is supported.

If you do not have large load in in your network then 5506 with security plus license should be fine.

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card