Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
944
Views
0
Helpful
3
Replies

FTD sizing

whistleblower14
Level 1
Level 1

‎05-23-2021 10:58 AM

hi all,

I‘m looking for a firewall which should be used to act as layer3 gateway for ~15-20 vlans and segment traffic on layer3/4 between them! I‘m not 100% sure if it would make sense to use also IPS functionality for traffic which is most of the time internal one?! any suggestions about the best FTD series which I should use and maybe also an opinion for IPS enabled for inter-clan traffic would be very helpful!

thanks in advance!

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎05-23-2021 11:10 AM

is this connected to Internet ? or is this Internal FW, some other FW handle the external Internet side?

 

As per description, now sure what throughput looking, Firepower 1140 is good I guess here 

 

Some test report:

 

https://community.cisco.com/t5/network-security/ftd-sizing-help/td-p/3885515

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

whistleblower14
Level 1
Level 1
In response to balaji.bandi

‎05-23-2021 11:41 AM - edited ‎05-23-2021 11:42 AM

there‘s currently no final decision if that firewall will also act as the perimeter to the internet... I‘m trying also to figure out, if a so called first-line and second-line of defense with probably 2 different vendors is a design approach which is these days still contemporary!

 

Because the connection to the LAN should be minimal 10G (if possible a LAG 2x10G should be used) - I don‘t think that the 1140 can handle the throughput?!

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to whistleblower14

‎05-23-2021 11:54 AM

Are you looking Full wire-speed of 10GB ? then you need to Firepower 4XXX models.  (not sure what is the user base here?

 

we only have " ~15-20 vlans"   so based on that information i have suggested, again this required more inputs,

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card