Great solution heading in right direction.
Overall Satisfaction with Cisco ASA
Cisco ASA is used as a border firewall at the network edge and also between critical network segments and other parts of the network. With Cisco ASA we achieved remote access connectivity and event logging. Next-gen features are used at network edge with regard to performance. By using Cisco ASA awe created reliable network edge gateways with minimal Open.
Pros
- Stateful inspection is perfectly implemented, reliable and has a very good performance.
- NAT is feature-reach, perfectly implemented, reliable and has a very good performance.
- VPN is feature-reach, perfectly implemented, reliable and has a very good performance (hardware limited).
Cons
- I am not quite happy with 5500 series NGFW performance, this was fixed starting from 2100 series on.
- HTTP inspection performance also is a bottleneck, it should not be used without clear need.
- Licensing costs may triple the appliance price.
- It does it's best when working for 5+ years with minimal OpEx. Patches needed twice a year and clustering makes it easy and smooth. Network redesign is possible without a hardware change.
- Fortinet FortiGate and CheckPoint
Cisco does transport-layer inspections, NAT and VPN just great. CheckPoint is more expensive, gives greater network visibility compared to Cisco ASA, next-gen features work faster on CheckPoint (model-dependent). Management Centre for Cisco NGFW is a heavy virtual appliance with a complex interface, you may need a special training for it. FortiGate is just cheaper by price per protected Megabyte per second.
Using Cisco ASA
3 - Network and security engineers, support engineers. I also provide training to customers.
1 - You will need authorized training or long-term experience to efficiently support Cisco ASA. Service contract also needed to obtain patches and vendor-side support.
- Network border firewall.
- Perimeter protection.
- NAT and VPN gateway.
- VXLAN tunnel endpoint.
- Routing between VPN tunnels in star topology.
- Datacenter virtual firewall.
Comments
Please log in to join the conversation