Re: [fw-wiz] Firewall Sizing?



On Thu, Jun 26, 2008 at 12:58 PM, Paul Hutchings <PAUL@xxxxxxxxxxx> wrote:

How do you go about sizing a firewall?


Depends on what work the firewall will do - VPN and protocol inspection will
take CPU, packet filtering not so much.


Here is ASA 5505, some of the traffic comes in IPSec tunnels that it
terminates:

asa# sh conn count
2225 in use, 2376 most used

--
Marcin Antkiewicz
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Re: [fw-wiz] Cisco 2811 vs. ASA 55xx
    ... Cisco ASA units are the replacements/upgrades for the PIX. ... "Is the lack of flexibility of the ASA justified by the higher performance? ... I'm not real sure what you're trying to do security-wise with a Cisco router that a Cisco firewall appliance cannot do. ...
    (Firewall-Wizards)
  • Re: Hardware Firewall
    ... Cisco router IOS does the same as an ASA firewall? ... The course is looking at network security from a hardware point of view, using at the present time PIX firewalls and router IOS security features. ...
    (Security-Basics)
  • R: Hardware Firewall
    ... SSL VPN, expecially on 8.x trail ... If you really need hard firewalling, or VPNs, on headquarter and need a good device, go for ASA. ... Cisco router IOS does the same as an ASA firewall? ...
    (Security-Basics)
  • Re: Hardware Firewall
    ... Yes the ASA has a lot of use globally and installs in every market. ... Its a great firewall for what it will do. ... The course is looking at network security from a hardware point of view, using at the present time PIX firewalls and router IOS security features. ...
    (Security-Basics)
  • Re: quick basic net design info with Cisco equipment
    ... Symantec has suggested I deploy something at the firewall level but I ... Any idea if the ASA 5505 can do that? ... or is that a big security risk (2 nics or something like ... expensive but still manageable product. ...
    (comp.dcom.sys.cisco)