We were having ASA 5510 Security Plus license ad configured the SSL & IPsec VPN,with this how many maximum user can able to connect to VPN using Anyconnect/VPN client.
IPsec : 250 Configured : 250
SSL VPN : 250 Configured : 250
What is the difference between IPsec & SSL VPN? Clientless & Client?
you will be having in total 250 users which can be mix of IPSEC or SSL. It is mention in their datasheet about the capacity e.g incase of cluster of 10 appliances , maximum of 2500 SSL VPN peers or 2500 IPsec VPN peers per cluster
We didn't have clustering,hence as per your above statement we can have mix of 250 SSL/IPSEC VPN peer.
I have created a pool of 150 IP to connect to VPN and would like to increase the no.of users connecting to VPN
Max how many IP address Pool that can be allowed? 250 or more than that
I could see that the ASA 5510 was EOL, if i'm planning to go for NGFW for about 2000 employee organization.
How do choose a NGFW?
What are the prerequisites that i need to concentrate on?
Physical vs Virtual NGFW?
Regardless of your IP pool size (bigger than 250 IP's or not), the ASA won't let you have more than 250 concurrent SSL/IPsec sessions; any new incoming session should be denied.
It depends where u will place the firewall.
If u place on internet edge to provide protection + VPN concentration + publishing some internal services then I believe u should at least consider following:
- bandwidth of the internet link and the capacity of firewall to handle to support with all the security features enabled
- VPN capacity, firewall should support 2000 users
If there are some local services that will be published outside then it is also a good idea to review number of connections per second and concurrent connections
For ur environment, FPR 2120 looks fine since it can handle up to 3500 VPN users
Have a look on the below datasheet for detailed specifications: