Options

Cisco firewall device

singh8281singh8281 Member Posts: 126
in CCNP
I am trying to get a break in the IT industry as a an entry level network engineer. The skill set most employers seek includes routing, switching as well as VPN and firewall experience. I’ve been working on routers and switches for a while now but have not quite broken into the dedicated firewall boxes. Can anybody recommend a decent Cisco firewall that I can practice on to gain real world skills. I’d appreciate it.
· Share on FacebookShare on Twitter

Comments

  • Options
    stealthttstealthtt Member Posts: 14 ■□□□□□□□□□
    How much money are you looking to spend? You might be able to find an ASA5505 on ebay for a few hundred bucks.

    Or you could go with an older PIX as well, like the 501, if you don't want to spend much.
    · Share on FacebookShare on Twitter
  • Options
    singh8281singh8281 Member Posts: 126
    What kind of things should you pay attention to when buying a firewall in terms of IOS, ports and what not, I am totally rookie in a firewall realm.
    · Share on FacebookShare on Twitter
  • Options
    marlon23marlon23 Member Posts: 164 ■■□□□□□□□□
    For entry learning purposes ASA 5505 will be cake big enough to master. I wouldn't recommend buying a PIX as it lacks a lot of now-a-days features. Only if you expect to deal with them daily it can be worth of money & electricity to have one.
    Also dont forget that IOS in ISRs (800,1800,2800,3800 series,..) have quite a lot of security features as well (including IPS). Switches also posses quite a chunk of security features.

    When you'll search cisco's website for ASA product line and click on product comparison you'll get an idea what is money worth difference between models.
    Basically it is IPS functionality, Anti-X functionality, throughput, number of interfaces, number of supported VLANs (it is expensive to creative DMZs with physical interfaces,...), supported number of IPsec & SSL VPN termination, clustering capabilities (active/active,..) and so,... ... ..
    LAB: 7609-S, 7606-S, 10008, 2x 7301, 7204, 7201 + bunch of ISRs & CAT switches
    · Share on FacebookShare on Twitter
  • Options
    singh8281singh8281 Member Posts: 126
    Good deal, ASA 5505 came as a recommendation from few other folks here as well, I cant afford ISR's at the moment but will definitely look into adding 5505 to the arsenal.
    · Share on FacebookShare on Twitter
  • Options
    redwarriorredwarrior Member Posts: 285
    You can also upgrade the licenses on ASA 5505's to enable more functionality. For a larger environment, you'll need more than the 50 user license, so they offer an unlimited user license. We use the Security Plus license rather often since it allows for more than 2 named vlans, meaning we don't need a layer 3 switch at remote sites to do inter-vlan routing. They're handy little things, but I still often wish we had a router out there at our remote sites for more advanced QoS features (ASA's only offer PQ) as well as better failover capability. (The Security Plus license DOES allow for active failover configurations, but if you're running VPN tunnels over those interfaces it gets real hairy in a hurry...better to put a router in front of it to handle the routing and just leave one tunnel to deal with!) Just my opinions! icon_rolleyes.gif
    CCNP Progress

    ONT, ISCW, BCMSN - DONE

    BSCI - In Progress

    http://www.redwarriornet.com/ <--My Cisco Blog
    · Share on FacebookShare on Twitter
Sign In or Register to comment.