01-29-2010 11:31 AM - edited 03-11-2019 10:03 AM
Hello everyone. My current environment contains an ancient NS100 (Grey box not blue) doing firewall/NAT duties and a Cisco PIX 515e doing VPN duties. I've looked at the following UTM devices to replace my current setup:
Cisco ASA5510
Juniper SRX240
SonicWall NSA2400
The SonicWall NSA2400 seems compelling but i haven’t had good experiences with sonic walls in the past, my previous employer dumped all there sonic walls for net screen firewalls some 6 years ago and i havent seen or used one since.
I've used juniper products extensively at my previous job so I'm very comfortable with the netscreen products running ScreenOS, but i hear the latest models use the JUNOS which is drastically different than the previous ScreenOS. Also i've seen plenty of complaints on the SRX line in regards to stability.
I would love to have the Cisco but I'm afraid of setup having seeing that making changes on my PIX was a chore since i'm not well versed in the CLI. Also the price point is much higher then the other 2.
What I’m primarily looking to do is the following:
- Bandwidth shaping
- Firewall Services
- Intrusion Detection
- Client VPN access
anyone care to share their opinions or experience moving from an older Netscreen and VPN solution to an ASA5000 series? Thanks!
01-31-2010 09:07 AM
The service you want can be provided my the ASA. There is an extra SSM card that can provide the IPS/IDS part.
They can provided traffic, shapping, prioritization and policing for QoS also.
As for VPN, tehy more or less support VPN and WebVPN fine. Depending on the number of users you need to check the load on the firewall.
As far as stability the ASAs have been doing very well and I can say they are pretty stable in the latest releases for the vast majority of people. There are boxes that run fine for hundreds of days, and there are no major significantly affecting defects with no workarounds.
Depending on the bandwidth requirement you will need to decide which model is best for you.
I hope it helps.
PK
02-02-2010 10:26 AM
Thanks for the info! As for the Bandwidth requirment we currently two bonded T1's. Would the ASA5510 be overkill for that?
02-02-2010 10:50 AM
It could very easilty support well above 100Mbps real world traffic. Its name throughput is 300Mbps.
So 2 T1s will be a piece of cake.
PK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide