cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
644
Views
0
Helpful
3
Replies

Purchasing ASA for DC and Internet

Wailess84
Level 1
Level 1

Dears 

Hi

we have a customer request ASA firewall for Data Center , Internet, and VOIP. 

 

for DC firewall : i was suggesting that ASA 5585-X next generation firewall. and i have suggested to include IPS SSP10 module with it. but when i was searching in Cisco Commerce workflow (CCW), IPS SSP10 is end of sales. so i don't know what to use alternative in the design 

 

For Internet firewall : i was confused to go for ASA 5525- CX. i don't know much about CX and license i need. do i have to use Prime to configure CX in ASA 5585 ?

 

for VOIP firewall, i really have no idea if firewall can protect VOIP traffic? it is recommended to bypass the firewall.

 

please advise

1 Accepted Solution

Accepted Solutions

> but i notice that this firewall doesn't support cluster license in CCW. does ASA CX doesn't support cluster ?

No, CX is not supported with cluster:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/ha-cluster.html#78299 

View solution in original post

3 Replies 3

The ASA with FirePOWER is the "new" way to do firewalling with IPS. For the Datacenter you choose the IPS-License.

http://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.html

Instead of the ASA CX (or NGFW) you again can use ASA with FirePOWER. Here you choose the NGFW which also includes Websecrity.

Both will be managed by the FireSIGHT Management Center:

http://www.cisco.com/c/en/us/products/security/defense-center/index.html 

For VoIP there are different strategies. The ASA has inspections for voice-protocols like SIP or SCCP, but very often the voice-traffic is just allowed completely without inspection.

Dear Karsten

Hi

thanks for your reply

but for DC firewall i already choose ASA CX SP10 . but i notice that this firewall doesn't support cluster license in CCW. does ASA CX doesn't support cluster ?

 

 

> but i notice that this firewall doesn't support cluster license in CCW. does ASA CX doesn't support cluster ?

No, CX is not supported with cluster:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/ha-cluster.html#78299 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: