cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
496
Views
0
Helpful
4
Replies

Which device for PCI

Michael986
Beginner
Beginner

We are currently going through PCI compliance and need to install a firewall to segregate our main network from the network containing credit card data. We will also need to set up a DMZ for internet access from this 'PCI Zone', so would make sense to get a device that has a dedicated DMZ port. I was looking at the RV016, although obviously I won't be needing the VPN capabilities etc.

Would this be the best option, or is there another device that would better fit the bill (preferably Cisco, but if there's something else that would be perfect for the job then I'd be happy to take a look)

4 Replies 4

jasbryan
Frequent Contributor
Frequent Contributor

Michael,

I would get one of the SA520,SA520W, or SA540 devices. This is a security appliance and will give better control over what comes in and out of your network.  This also has a port that can be configurable to a DMZ or WAN. The only the RV016 has that the SA don't is you have the ability you use more than two ports on this device for WAN connections. So as long you will only have one WAN the SA will work for you.

Thanks,

Jasbryan

Cisco Support Engineer.

Thanks for the advice jasbryan.

One other query though - what's the difference between "a port that can be configurable to a DMZ" on the SA series and a dedicated DMZ port on the RV016. Are there any extra features rhat the dedicated DMZ port has, or can everything it does be replicated using a 'normal' port on the SA?

jasbryan
Frequent Contributor
Frequent Contributor

Michael,

No real difference on how each port functions. The biggest difference is in how the each router functions. By default since the SA is a security appliance it blocks all ports inbound and you have to set up rules in the firewall to allow from outside to DMZ and so on. The RV016 all ports are opened from outside to DMZ and you have to set up custom rules to block what traffic you want and allow the rest. If you are looking to lock down what comes in and out of your network then the SA will easier to configure and maintain. If you would like to give us a call @ 1-866-606-1866 pretty sure we could do a WebEx and let you see each interface of each router and explain for presale before you buy.

You’ll just need your Cisco User ID – if you don’t have one just go to Cisco.com ••àtop right hand corner click on login and then register. Complete this forum and clicks submit. Then give us a call!

Thanks,

Jasbryan