We didn't have clustering,hence as per your above statement we can have mix of 250 SSL/IPSEC VPN peer.

I have created a pool of 150 IP to connect to VPN and would like to increase the no.of users connecting to VPN

Max how many IP address Pool that can be allowed? 250  or more than that

Hi,

For IP pool, there is no such restriction. You can have a pool of 250+ IP's also.

I could see that the ASA 5510 was EOL, if i'm planning to go for NGFW for about 2000 employee organization. 

How do choose a NGFW? 

What are the prerequisites that i need to concentrate on?

Physical vs Virtual NGFW?

Hi,

   Regardless of your IP pool size (bigger than 250 IP's or not), the ASA won't let you have more than 250 concurrent SSL/IPsec sessions; any new incoming session should be denied.

Regards,

Cristian Matei.

Hi,

It depends where u will place the firewall.

If u place on internet edge to provide protection + VPN concentration + publishing some internal services then I believe u should at least consider following:

- bandwidth of the internet link and the capacity of firewall to handle to support with all the security features enabled

- VPN capacity, firewall should support 2000 users

If there are some local services that will be published outside then it is also a good idea to review number of connections per second and concurrent connections

For ur environment, FPR 2120 looks fine since it can handle up to 3500 VPN users

Have a look on the below datasheet for detailed specifications:

https://www.cisco.com/c/en/us/products/collateral/security/firepower-2100-series/datasheet-c78-742473.html

If we need only 750 user vpn peer what would be the best ASA product. We are ok with Cloud related Virtual ASA as well.