hopefully you can give me a helping hand. Right now I´m looking for a firewall which provides the following features:
- min. 5 network ports (5x IP address) - (copper)
- 1x IPSec VPN (Lan-to-LAN)
- DHCP server
- 2 optic network interface ports (usable as for NAT and ACL)
Right now I´m using Cisco ASA 5506-X for the needs I have. But in the future it is necessary to have min 2 optical ports on the devices which we use for our customers.
Somebody ideas? Is it realy necessary to buy a ASA 5525-X with additional SFP+ moduls? Are there cheaper solutions?
I´m realy looking forward to hear from you guys.
Thank you very much in advance.
Do You need remote access?
I2l VPN You can do on router.
If You want true Firewall I think You can use Cisco ASA5506 with FirePOWER and small switch with SFP ports or mediaconverters.
Example small switch is SG350 with 10 ports and two SFP (SG350-10 or SG350-10P ith PoE)
depends on the budget how much customer want to spent. 5506-x is EOL and so the 5525-X EOL too. the best option for you to go with FTD FPR1140-BUN with 4 SFP slots. As cisco is more focused on FTD now instead of ASA. having said that with bigger FTD appliances you can run ASA code in them.
If i were at your i would go for FTD instead of 55XX-X series.
FTD does support NAT/ACL/remote VPN/site-to-site VPN its as NGFW unified software ASA code and Snort(firepower).
Unless you go with external media converters as @Oleg Volkov mentioned then @Sheraz.Salim has the least cost all-in-one solution - a Firepower 1000 series with built-in SFPs. The 1120 or higher have those:
You can run ASA image or FTD image on them. I'd recommend FTD image (with CDO as the management if you have more than a couple of them).