Re: Migrate vlan server to cisco secure firewall

lnacional · ‎04-04-2025

We currently have a Cisco Nexus 93180yc-ex that houses all of the company's VLAN interfaces.
To provide better security, we plan to migrate only the server VLAN interface to a Cisco firewall, and we need to sizing it.
This firewall will handle: IPS, AMP, and URL filtering.
I was considering the new Cisco line, specifically the 1220cx model, but I don't think it's powerful enough.

The company currently has 500 employees and 140 servers.

Any ideas on sizing?

Rob Ingram · ‎04-04-2025

@lnacional what kind of performance/throughput do you expect out of the firewall? The Firepower 1220CX has the following performance, note the more features you enabled (IPS, AMP, etc) the less performance you get from the hardware.

https://www.cisco.com/c/en/us/products/collateral/security/firewalls/secure-firewall-1200-series-ds.html

If the 1200 series is not powerful enough consider the 3100 series hardware. https://www.cisco.com/c/en/us/products/collateral/security/firewalls/secure-firewall-3100-series-ds.html

If you contact your Cisco partner they can use the NGFW performance estimator tool to determine the right hardware based on enabled features.

lnacional · ‎04-04-2025

Hello Rob, thanks for answering.

We are trying to figure out how to measure the current throughput of our server vlan, we tried with netflow using our network monitoring tool but it seems to be unable to group netflow results. Do you have any advice on how we could measure it?

Rob Ingram · ‎04-04-2025

@lnacional SNMP monitoring of the relevant interfaces/vlans etc will provide you link utilisation.