I have a question about Cisco ASA 5505 firewall.
We need 3 interfaces on the firewall , "inbound", "outbound" and "DMZ" , to control traffic between these zones.
Can we do this with Cisco ASA 5505 50-user bundle , or do we need to purchase Cisco ASA 5505 Security Plus bundle to get the DMZ zone working
Yes you can do that with ASA 5505 (base license), you don't need the security plus license for 3 interfaces.
However, one of the interface (eg: dmz) can't initiate a connection to the inside zone (only to the internet).
Here is a diagram representation for your reference:
In the diagram, business would be your inside interface, and home would be your dmz interface. Business/inside can initiate connection to both internet/outside and home/dmz. However, home/dmz can only initiate connection to internet/outside, not business/inside.
Hope that answers your question.
Thanks Jennifer, your answer is great,
It brings up also an important thing concerning the traffic we need to implement between DMZ (home) amd Inside networks:
we have a e.g server in DMZ (home) zone that needs to make queries from a database on a server located in Inside zone, and deliver the queries ouside to the Internet (through outbound).
For this reason we would need the Security Plus licence anyway, If understood right ?
You are right. If you want the communication from DMZ back to inside, yes you do need a sec plus license