So for you, you prefer to have a seperate box for the firewall and the router right?

What do you  mean by how is the internet delivred to the datacenter?

i guess we have a rj45 that delivers the internet connection.

If you have an rj45 connection for the internet you could just use a firewall instead of a router running a firewall. A lot depends on what functionality you need from the device ie. if it is really just firewalling i would consider using a dedicated firewall.

Be aware that a firewall, at least a cisco firewall, will not do all that a router can do eg. PBR is a much requested feature that a cisco firewall does not support. But if all you want is firewalling functionality i would go for a dedicated firewall.

Jon

So it sounds like some sort of ethernet based service.

I'll just echo what Jon says below.

My preference is to manage routes, connectivity et al with a router, and security issues with a security device.

How big is the bandwidth?

it would be something like 20mbps. I have talked to my manager and he told me he prefer to have our own router

We won't use i think PBR because we won't have a big infrastructure, just a bunch of server open ot public.

Any other thoughts?

I completely agree with everyone.  If you plan on routing you'll want a separate router and firewall to handle the job.  PBR is indeed a very much requested feature and dependent on your setup you may need it.  Its always better to over plan than to under plan.

Now as far as Sonicwall.  Sonicwall produces some great devices.  The amount of features they pack into their boxes is amazing, BUT for some of the really cool features to be enabled you'll be forced to buy their security services to get all these features.  This is a yearly subscription and normally I try to keep costs down with annually recurring fees.

I know through CDWG  you can ask to purchase a Sonicwall as a demo and return it within 30 days if you are not satisfied.  Sonicwall does offer some great features and some of these features are present right out of the box, but I always tend to stay with Cisco.  My experience with Cisco is that they produce a high quality product that will last for years.

My two cents; I would encourage you trying a demo of a Sonicwall for a 30 day period and consult with a Cisco rep and see if its possible to do the same.  I never needed to try a Cisco device for 30 days to know that I wanted it.   Ultimately, there are so many variables its best to try it in your scenario before taking the plunge either way.

ok, thanks for your answer.

Last thing, what are the main difference between the firewall included in a router such as a 1941 or higher and a Cisco ASA(except one being a router + fw and the other one just a fw)? Just performance? which one is the best?

Hi

Ok i know this is a cisco forum, but if you go for a  deadicated edge firewall i would go for checkpoint. I have used both  & am certifed in both but to be honest i would always go for a  checkpoint over a 5500 ASA any day.

As for the differences between a deadicated firewall & a zone based firewall/classic firewall (CBAC) is An ASA is a purpose built security appliance while a zone base firewall  is just a software addition to a router.  Zone based firewall services  running on routers are really not designed to provide enterprise edge  security services.