Firewall for lab

What is considered a usable lab/traing firewall at a reasonable cost these days? I am assuming something that has at least version 7.0 Again, cheaper/not fancy is better if it will accomplish the task. Something like a 501 would be fine, but I don't thing it goes beyond version 6x. ASA equipment is far too expensive.

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

tiersten

You can wedge early versions of 7.0 onto a 506E but you lose ASDM. Your best bet is to find a cheap 515E or a ASA5505 if you want something that can run a recent version of the software.

cisco_trooper

My buddy grabbed an ASA5505 for $300 and change........

CCNP guys sometimes spend more than this just for a multilayer switch...

I would consider a good firewall to be pretty important for the CCSP, but I'm not on that track yet so take my opinion with a grain of salt.

Ahriakin

GNS3 also emulates a PIX 515. You'll need your own image, serial number and license but after that you're good to go a on emulating the majority of what you'll need for the current security tracks.

kctxau

So for a $100 or less, it looks like the 501 is one of the few options, even though it won't run 7x or above. Will a 501 be sufficient for lab training, or would it be a waste of money? I am more intersted in actual hardware, rather than emulators/simulators.

Paul Boz

If you spend money on a ASA 5505 make sure it has the features you want else you're buying a brick.

I had the option for a $250 5505 that didn't support SSL VPNs. I did not buy it because I wanted to learn how to configure that technology. Just read the fine print on whatever you buy.

I have even seen people selling license codes on ebay as "new in box" with a picture of the ASA's box, even though its just a code you're buying. Ridiculous.

tiersten

Paul Boz wrote: »

I had the option for a $250 5505 that didn't support SSL VPNs. I did not buy it because I wanted to learn how to configure that technology. Just read the fine print on whatever you buy.

The 5500s come with 2 SSL VPN licenses already built in for eval or admin use. You just have to buy extra licenses if you want to use more than those 2.

cisco_trooper

Have them do a show version if you are buying online. Then you get the following output, and you can research the license directly on Cisco's website.

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 750
WebVPN Peers : 2
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions : 2
This platform has an ASA 5520 VPN Plus license.