Firewall for lab

kctxaukctxau Member Posts: 130
in CCNP Security
What is considered a usable lab/traing firewall at a reasonable cost these days? I am assuming something that has at least version 7.0 Again, cheaper/not fancy is better if it will accomplish the task. Something like a 501 would be fine, but I don't thing it goes beyond version 6x. ASA equipment is far too expensive.
· Share on FacebookShare on Twitter

Comments

  • tierstentiersten Member Posts: 4,505
    You can wedge early versions of 7.0 onto a 506E but you lose ASDM. Your best bet is to find a cheap 515E or a ASA5505 if you want something that can run a recent version of the software.
    · Share on FacebookShare on Twitter
  • cisco_troopercisco_trooper Member Posts: 1,441 ■■■■□□□□□□
    My buddy grabbed an ASA5505 for $300 and change........

    CCNP guys sometimes spend more than this just for a multilayer switch...

    I would consider a good firewall to be pretty important for the CCSP, but I'm not on that track yet so take my opinion with a grain of salt.
    · Share on FacebookShare on Twitter
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    GNS3 also emulates a PIX 515. You'll need your own image, serial number and license but after that you're good to go a on emulating the majority of what you'll need for the current security tracks.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
    · Share on FacebookShare on Twitter
  • kctxaukctxau Member Posts: 130
    So for a $100 or less, it looks like the 501 is one of the few options, even though it won't run 7x or above. Will a 501 be sufficient for lab training, or would it be a waste of money? I am more intersted in actual hardware, rather than emulators/simulators.
    · Share on FacebookShare on Twitter
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    If you spend money on a ASA 5505 make sure it has the features you want else you're buying a brick.

    I had the option for a $250 5505 that didn't support SSL VPNs. I did not buy it because I wanted to learn how to configure that technology. Just read the fine print on whatever you buy.

    I have even seen people selling license codes on ebay as "new in box" with a picture of the ASA's box, even though its just a code you're buying. Ridiculous.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
    · Share on FacebookShare on Twitter
  • tierstentiersten Member Posts: 4,505
    Paul Boz wrote: »
    I had the option for a $250 5505 that didn't support SSL VPNs. I did not buy it because I wanted to learn how to configure that technology. Just read the fine print on whatever you buy.
    The 5500s come with 2 SSL VPN licenses already built in for eval or admin use. You just have to buy extra licenses if you want to use more than those 2.
    · Share on FacebookShare on Twitter
  • cisco_troopercisco_trooper Member Posts: 1,441 ■■■■□□□□□□
    Have them do a show version if you are buying online. Then you get the following output, and you can research the license directly on Cisco's website.


    Licensed features for this platform:
    Maximum Physical Interfaces : Unlimited
    Maximum VLANs : 150
    Inside Hosts : Unlimited
    Failover : Active/Active
    VPN-DES : Enabled
    VPN-3DES-AES : Enabled
    Security Contexts : 2
    GTP/GPRS : Disabled
    VPN Peers : 750
    WebVPN Peers : 2
    AnyConnect for Mobile : Disabled
    AnyConnect for Linksys phone : Disabled
    Advanced Endpoint Assessment : Disabled
    UC Proxy Sessions : 2
    This platform has an ASA 5520 VPN Plus license.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.