Firewall Suggestions

gcook0001 · ‎08-18-2020

We are currently looking at replacing our Meraki MX84 firewalls and are looking at the Cisco 1000 series. I am fairly new to Cisco and would just like some feedback or recommendations. We are a small business with about 50 people.

- currently have a 1GB fiber WAN connection

- setup as a HA pair.

- must be compatible with our Meraki MG21 cellular WAN backup device

- the majority of the 50 people are working remotely and will probably continue to do so for sometime and use VPN to connect to the office

- we host a number of websites internally

- we also supply services to two local organizations that each have a 100MB connection to us that goes through the firewall.

- we would also like to have IPS and AMP.

- the firewalls will be connecting to two Cisco CS3850s which are not stacked.

- we run XenCenter which I understand is not on the supported list for the Firepower Management Center. I was told we could use the onboard management system. Not too sure of what the difference would be.

I contacted my Cisco rep and they recommend the Firepower 1150 which to me seems excessive. Any feedback would be appreciated.

Thanks

Rob Ingram · ‎08-18-2020

Hi,

Firepower 1000 series datasheet:-

https://www.cisco.com/c/en/us/products/collateral/security/firepower-1000-series/datasheet-c78-742469.html

A FPR1150 would do 3Gbps of NGFW/IPS, the 1140 will do 2.2Gbps and apparently the 1120 would do 1.5Gbps - I'd take that performance with a pinch of salt. The 1140 might be a better bet if you want 1Gbps NGFW/IPS performance

You can manage the HA pair locally (on-box) using Firepower Device Manager (FDM), alternatively you could manage the pair using the cloud system Cisco Defence Orchestrator (CDO).

HTH