Help with deciding on ASA Firewall with FirePower

feizycits · ‎01-11-2017

Hello,

Can someone guide me in sizing the firewall model that we need if we were to choose ASA5000-x series firewall.

Our ISP connection is 1GB and we are wanting to do an HA firewall setup with FirewPower. We are also comparing and looking into Fortinet 500D or 600D model to see if they are comparable or not.

We currently have an ASA5510 and are moving to a new office location and wanted to refresh to a new h/w and with higher bandwidth support.

If you have any opinion on FortiGATE please share as well.

Thanks

Ron

Mohammed al Baqari · ‎01-11-2017

Hi,

You can look at ASA datasheet with FirePower. There are many aspects but since you defined the throughput, you need to start from 5525-X

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.htmlhttp://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html

feizycits · ‎01-12-2017

Thank you or the datasheet.

Oliver Kaiser · ‎01-12-2017

ASA 5555-X should fit your needs depending on the features you are going to use. If you do not need AnyConnect (at the moment) you could also take a look at the Firepower 4100 appliances which run the new unified image (combining asa + firepower in one operating system). 4100 might be a little bit oversized but Cisco should release FP2100 appliances soon that should match you required throughput but there has been no official announcement yet so you might wanna check up with your local cisco rep or trusted reseller.

Take a look at the following tables for sizing help. Keep in mind that throughput could decrease further depending on what firepower features you use (e.g. amp or ssl decryption have a high performance hit)

If you want a honest opinion considering firepower vs fortinet you might wanna hit reddits /r/networking, a vendor forum might be somewhat biased. ;)

Let me know if you have any specific questions

feizycits · ‎01-12-2017

Thank you. I will check out reddits and see what is on those forums as well. Thank you for providing the chart.

syeda3 · ‎01-12-2017

Please refer to the below comparison link for all 14 models of ASA with Firepower. You will be requiring to login with CCO ID.

https://apps.cisco.com/ccw/cpc/compare/ucsComparePage?selectedValues=model_asa5506,model_asa5506wa,model_asa5506hx,model_asa5508x,model_asa5512x,model_asa5515x,model_asa5516x,model_asa5525x,model_asa5545x,model_asa5555x,model_asa5585-s10f10-k9,model_asa5585-s20f20-k9,model_asa5585-s20f60-k9,model_asa5585-s40f40-k9,&productFlags=N&callbackComponents=series_asa5500

ASA 5555-X or later would be good with respect to your requirements.

Hope to help.

feizycits · ‎01-12-2017

Thank you Syed for the comment and suggestion on this. My concerns were that if ASA5555x would have a decent web filtering and if we will loose a lot of performance once all the features are turned ON.

I really wanted someone to give me a pros & cons b/w ASA5555x and FortiGATE 500D

Thanks

Mohammed al Baqari · ‎01-12-2017

In this case, you best look at gartner report. See this link for Next-Gen firewalls 2016.

https://www.amerinet.com/sites/default/files/2016%20FW%20gartner%20report.pdf