Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
854
Views
0
Helpful
3
Replies

Doubt - ASA and Firepower as Gateway

Go to solution
crusier2015
Level 1
Level 1

‎06-28-2018 06:40 PM - edited ‎02-21-2020 07:55 AM

Hi Friends,

 

I will implement the follow topology, I have the follow doubts, can you help me?

 

1-) What model of ASA do you recommend to running firepower , with URL filter and Antimalware to Internet access, and IPS and Antimalware beetween all subnets to protect communication beetween these subnets? I need security and perfomance(throughput).

 

2-) Do you recommend any change on this topology?

 

doubt-asa.jpg

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to crusier2015

‎06-30-2018 10:02 AM

Ok, then yes you can use ASA as default gateway and when activating NGFW features, for sure your throughput will be decreased.

Don't know the exact asa/ftd model, but you can check on this link to see the throughput and nb of sessions, nb of VPN users allowed simultaneously:
https://apps.cisco.com/ccw/cpc/guest/content/ucsSeriesDetails/series_asa5500

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎06-28-2018 08:51 PM

Hi

Can you detail what are your requirements in terms of throughput?
What's your wan bandwidth?
How many users will go through this asa/ftd?
Do you need vpn? If yes how many remote users?

For the design:
- will you have done layer 3 at the core level?
- is your goal to filter all communications between all ftd zones?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
crusier2015
Level 1
Level 1
In response to Francesco Molino

‎06-30-2018 06:37 AM - edited ‎06-30-2018 06:39 AM

Hi Francesco

 

Follow answers, tks !!

 

Can you detail what are your requirements in terms of throughput?

The custommer will access internet over this ASA, im afraid if i enable antimalware and IPS beetween interfaces , decrease internet access and server access, for example file server.

 

What's your wan bandwidth?

Two Internet Links of 100 Mb, one active another as backup.


How many users will go through this asa/ftd?

Around 300 users

 

Do you need vpn? If yes how many remote users?

We need around 50 connections anyconnect simulaneous


For the design:
- will you have done layer 3 at the core level?

I have a layer, but i want ASA as default gateway of these 13 subnets, to security.


- is your goal to filter all communications between all ftd zones?

I will block communication between these 13 subnets, these subnets will only access some ports of server subnet, for example file server.

 

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to crusier2015

‎06-30-2018 10:02 AM

Ok, then yes you can use ASA as default gateway and when activating NGFW features, for sure your throughput will be decreased.

Don't know the exact asa/ftd model, but you can check on this link to see the throughput and nb of sessions, nb of VPN users allowed simultaneously:
https://apps.cisco.com/ccw/cpc/guest/content/ucsSeriesDetails/series_asa5500

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card