04-05-2022 03:12 AM - edited 04-05-2022 03:38 AM
Hello experts!
I would like to ask you kindly for advice for what is the best current platform that cisco offers that fulfills the below requirements:
- IPSEC throughput is at least 300 Mbps
- Expected End of Vulnerability/Security Support exceeds 2027
- Stateful HA
- Supports integration for u2f keys(I know it's more on the radius part but still it's important)
- Handles at least 50 concurrent users
- VRF Lite support
- Allows for autonomous mode for configuration
Solved! Go to Solution.
04-05-2022 09:52 AM
All Cisco Firepower hardware platforms exceed 300 Mbps IPsec VPN throughput.
Cisco doesn't say when support ends until end of sales is announced. When they do, end of support is typically 5 years out (i.e. April 2027 if something was announced end or sales today).
Stateful HA is supported on all the Firepower hardware.
u2f keys can be used with Firepower-based remote access VPN but, as you noted, it is the backend RADIUS server that handles the MFA bits.
All Cisco Firepower hardware platforms are able to exceed 50 concurrent users.
VRF lite is supported on all Cisco Firepower hardware.
If by autonomous mode you mean configured directly on box, you can do that with Firepower Device manager (FDM). However most customers choose to use the separate Firepower Management Center as it is more full-featured and allows for management of multiple firewalls using common objects and policy elements.
04-05-2022 09:52 AM
All Cisco Firepower hardware platforms exceed 300 Mbps IPsec VPN throughput.
Cisco doesn't say when support ends until end of sales is announced. When they do, end of support is typically 5 years out (i.e. April 2027 if something was announced end or sales today).
Stateful HA is supported on all the Firepower hardware.
u2f keys can be used with Firepower-based remote access VPN but, as you noted, it is the backend RADIUS server that handles the MFA bits.
All Cisco Firepower hardware platforms are able to exceed 50 concurrent users.
VRF lite is supported on all Cisco Firepower hardware.
If by autonomous mode you mean configured directly on box, you can do that with Firepower Device manager (FDM). However most customers choose to use the separate Firepower Management Center as it is more full-featured and allows for management of multiple firewalls using common objects and policy elements.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide