Solved: Re: Router with IPS, Anti Virus, Anti Spam and URL Filetering

jamaludeen_s · ‎04-23-2018

Hi There,

I wondering Cisco has any router model that supports routing functionality with Security features as

1. IPS, Antivirus, Anti Spam, Reputation based URL filtering, Spot light secure threat intelligence, Protection from botnets (Command and Control) Adaptive enforcement based GeoIP

2. Support for Tunnels (GRE, IP-IP, IPSEC), Site to Site tunnels, Remote access solution and group VPN, Multi-Proxy IP for Site to Site VPN

3. State full and Stateless Firewall, Zone bases firewall DDos Protection etc...

Thanks in advance

Regards

Jamal

Philip D'Ath · ‎04-23-2018

Because you have request GRE support, you are going to have to use a router. The closest match will be an ISR 4451, with a 4 or 8 port Gigabit interface module, and a Firepower blade.

It will do pretty much do everything except anti-spam.

Having said that, you could probably add a compute blade, run VMWare, and install the virtual Email Security Appliance. Then you would get anti-spam.

Personally, I think it would be a nightmare of a solution. To meet all those requirements I would probably go with an ASA running Firepower, an ISR router, and a Email Security Appliance running on an existing VMWare server (although you can buy it as an appliance or as a cloud service).

View solution in original post

Philip D'Ath · ‎04-23-2018

You want both a statefull and a stateless firewall at the same time huh? How would that work, having two opposite things at the same time?

It sounds like you have copied and pasted marketing terms from different products. Could you perhaps narrow down your requirements?

Otherwise have a look at Cisco Firewalls running Firepower or Cisco Meraki MX's. Neither solution ticks everyone of your boxes - but some of your boxes are impossible to tick at the same time.

jamaludeen_s · ‎04-23-2018

Hi Philip,

Thanks for your response. It's like the product should support statefull and stateless firewall etc...

i copied the content from customer RFP, his requirement to have a router with above mentioned security support. I have attached the screen shot of the requirement.

Regards

Jamal

Philip D'Ath · ‎04-23-2018

How much throughput do you need? How many interfaces do you need?

jamaludeen_s · ‎04-23-2018

Hi Philip,

6 integrated 10/100/1000 Ethernet ports with 2 SFP ports and 1 Gbps firewall performance.

Regards

Jamal

jamaludeen_s · ‎04-23-2018

Hi Philip,

The product should integrate with Aruba Clear Pass Policy Manager.

Regards

Jamal

Philip D'Ath · ‎04-23-2018

Because you have request GRE support, you are going to have to use a router. The closest match will be an ISR 4451, with a 4 or 8 port Gigabit interface module, and a Firepower blade.

It will do pretty much do everything except anti-spam.

Having said that, you could probably add a compute blade, run VMWare, and install the virtual Email Security Appliance. Then you would get anti-spam.

Personally, I think it would be a nightmare of a solution. To meet all those requirements I would probably go with an ASA running Firepower, an ISR router, and a Email Security Appliance running on an existing VMWare server (although you can buy it as an appliance or as a cloud service).

jamaludeen_s · ‎04-23-2018

Thanks Philip,

Really appreciate your time and helping in finding the right product.

Below is the hardware i am planning to propose I

1. SR4351/K9 with Appx license,

2. ASA5525-FPWR-BUN (ASA5525-FPWR-K9 , L-ASA5525-TAMC-3Y)

3. ESA-C190-K9 for email security

Regards

Jamal