I am looking for a new firewall for a client. This is an SMB client, around 35 computers and 2 servers. Budget is $800.00 or less. Some of my other clients are using the 5505 and they have been pretty solid firewalls. However, they are lacking in some features like application layer control, IPS, deep packet inspect. I am hesitant on recommending this model since the 5500 series are being phased out and its not a next gen firewall. Would this still be a good way to go?
Sadly I have not personally had the possibility to work with other firewall brands other then Cisco so I can't really compare it with the features of any other vendors models. I also have very little knowledge of the additional modules for ASAs since we use other solutions to in their place.
I would like to state though that ASA5505 is the only original ASA5500 Series model that hasn't received EOL/EOS to my understanding. Last time I was told that it was very popular model of the ASA and that probably the reason it still kept available. I have not heard of any news about a replacing model for it.
Naturally this doesnt guarantee how long it will stay in Ciscos firewall selection (not sure if that is even the correct word so forgive me my english) but it does seem like a popular choice because of its price compared to other ASAs. On the other hand its Licensing can be a pain and annoying.
Jouni is correct that the 5505 is alone among the older ASA product line models in that it is NOT included in the End of Sales announcements to date. True it doesn't have many of the NGFW features but for the price it is a pretty capable little appliance. It's also very popular among engineers who want a lab / home firewall to use in certification studies.
IPS, even among Cisco high-powered IPS appliance doesn't fall in the magic quadrant as defiend by Gartner for NGIPS capabilities. One could guess that's why Cisco recently announced the agreement to acquire SourceFire, one of the market leaders in that space. Their FirePower and FireAmp products are very advanced and capable with respect to not only NGIPS but also NGFW features. However, they don't address the SOHO or SMB markets much in their product line as it is more focused on the larger enterprises.
So...5505 is still good for now. Small investment and it can run the latest ASA software. As long as you are fine with its limited throughput it is a perfectly capable appliance.
Thanks for your replies. I've been researching other firewall options and keep coming back to the ASA as the solution. I've been working with these for a while and know they are a solid product. Also, the support for these devices is the best I've dealt with. There is one other product that caught my interest. Can anyone provide some input on the Cisco ISA 570? It seems to fit exactly what I'm looking for in features and price. But, the reviews I'm reading on these are mixed.
Community Live Event Slides
This event talks about Cisco SecureX, its benefits, features, and usage. The session includes sample use cases and live demonstrations.
Cisco expert Luis Silva talks about how this solution can integrate Cisco technology and ...
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Aruba Wireless AP (IAP) to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnect 4....
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Juniper EX 2300 switch to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnec...
At the core of the new Firewall Threat Defense (FTD) software version 7.x, Snort 3 provides faster and superior threat protection and performance, includes better SecureX integration so SecOPS teams can quickly pivot and correlate events from multiple pr...
This article describes the set of logs that can be verified related to SI feeds, starting from configuring to periodic updates.
The information in this document is based on Cisco FMC and FTD that runs software Version 6.6.5 or later.