Looking for a right solution

captkloss · ‎08-18-2011

Hello,

Looking to replace an "all-in-one" type firewall (UTM/Firewall, SSL VPN) with a cisco product - the issue i'm running into is that we have multiple ISPs plus WAN and DMZ - overall more than 5 ports on mid-range ASA devices - and from what i read, adding 4-port module precludes me from adding CSC module.

Is there an solution to that other than going for 5585-x model? (kind of over our budget, granted we need 2 for failover)

Thanks!

raga.fusionet · ‎08-18-2011

I dont think Cisco has an all-in-one solution that would fulfill your requirements especially because of the number of ports you require. The 5585-x is a little bit expensive like you said plus it doesnt support the CSC module (this is only supported on the 5510, 5520 and 5540) .

The CSC is a great module since it lets you do a lot of things such as Antivirus, antispyware, file blocking and if you get the Plus licence which is ideal you also get antispam, antiphishing, URL blocking and filtering, and content control. The ASA also lets you do SSL VPN + IPSec VPN.

Perhaps you might want to sacrifice on the ports to get the CSC (which again is very cool ) and do the WAN + ISPs on a separate Router(s) and leave the ASA doing only the security features. Just a thought

Have fun.

Raga

captkloss · ‎08-19-2011

Yes that's the line of thinking we're following now - but there are 2 major issues - first our total theoretical (WAN/ISP) bandwidth is around 300Mb, which , in case of routers, correct me if i'm wrong, means we have to use 2 x 3U routers (3945) + some more for redundancy.... and more important to us, i'm fuzzy on how would we do, in case of consentrating all ISPss on one ASA port, simple tasks like pushing all HTTP traffic thru 1 isp, ftp over another and such (basically "farewall rule" based routing)

Appreciate your help!