09-22-2010 11:17 AM - edited 03-11-2019 11:43 AM
Hi -
I apologize in advance if this is not the correct place for this type of question - it's rather pre-sales.
I've inherited a 400 user Exchange (mostly) setup in a light datacenter. The datacenter has 3 Exchange servers and 4 other servers for basic SMTP/IMAP routing, maybe 2 light duty RDP servers. No voice, no video.
The services are reachable across 5 public ips and various standard ports and all I want is the inbound traffic for publicip X port Y to go to privateip A port B.
Based on the specs it looks like even the ASA 5505 would be OK, but maybe the ASA 5510. Then again I'm new to Cisco and the products cover such a broad spectrum - I'm not even sure I'm in the right product line. I think if I was looking at Juniper it would be the SRX210 but then the SSG5 looks like the competition for ASA 5505.
Firewall Requirements
- Replacing 6 public facing ‘consumer’ grade firewalls (e.g. Linksys befsr41v3, Netgear FVX538)
- Multiple public networks (5 to 10) xxx.xxx.xxx.164 to .170
- Multiple private networks (3 to 5)
- NAT
- Port translation
- VPN not needed except to pass through
- Relatively easy to config / manage. (I can handle command line but GUI might be nice)
- Max 1000 users making connections for Exchange (RPC over HTTPS) to a farm of 3 servers
- SMTP traffic inbound (no cleaning required) but route accept connections from certain IP ranges to server 1, all else to server2
- RDP traffic for 100 users
- No end users will sit behind firewall
- Spam / Virus filtering is handled by a service provider so not a concern here (in fact we would prob have to disable any mail flow filters)
09-22-2010 11:28 AM
ASA5505 or if you need to keep future growth in mind ASA5510 will get the job done.
You can check the data sheet here: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd802930c5.html
BUY MORE CISCO !!!
-KS
09-22-2010 12:22 PM
To add to kusankar's suggestion it seems even a 5505 would be able to support you.
But 1K users and potential 100RDP session are load. I would go with something bigger than a 5505 even if bandwidth-wise it would be able to support the current setup. Reason being that at peak times and/or with future growth.you might exceed 150Mbps.
I hope it helps.
Panos
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide