cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
109
Views
0
Helpful
2
Replies

Looking for suggestions: Data Center firewall.

Francisco Granados
Participant
Participant

All,

 

I'm looking for suggestions to replace an ASA 5520 that is currently acting as our main DC Firewall. My concern is that we currently do not have any sort of malware protection, no IPS features, and realistically our ASA is mainly a device we use to NAT public IPs into different servers. I am a CCIE Voice with little experience in Security so I will defer to you for solid advice.

Migration sheets indicate a 5525-X could be an obvious option, does anybody have any other suggestions? 

As far as requirements, here's some details that may help.

- We have a 50 mb internet circuit.

- We have about 100 public IPs that NAT into our DC.

- I'd like something that provides deep packet inspection, and advance malware protection. Basically layer 7.

- Hopefully the device has some sort of management platform (web interface at least) where we can have some visibility into what's going on.

 

Thanks in advance, you guys are awesome!

 

2 Replies 2

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

The 5525-X with FirePOWER services would fit the requirements you're talking about.

The services run in a software module which does the NGIPS, AMP etc. features. There is a performance hit when you turn on all of those, but a 5525-X with all available features active can easily handle 50 Mbps of throughput. One downside is we can't (currently) do SSL decryption on the ASA-based FirePOWER modules. That's coming later this year (of course with more performance hit depending on how much of your traffic requires decryption).

You also deploy a separate FireSIGHT Management Center on a VM (requires VMware ESXi). The FMC server is where you configure the policies and can drill down into the various operational views, extract reports etc.

Marvin,

 

Thank you for your response. This is excellent! 

We have VMware ESXi deployed all over our data center so FMC sounds something we desperately need. Any caveats I should watch out for?

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: