I have setup an ASA without a lot of Cisco background (training) and got it pretty much correct. The only issue I had was a loop back for access to the DMZ for a server we had out there from inside. If you have a syslog server you can capture the logs but they can get messy and long. Once we got it up and running maintaining it was dead easy. Blocking at the firewall was done by either name or IP and using IP ranges was possible. Cost was higher on Cisco units and you will want to get their annual subscription which will get you support and patches. I only had a firewall and haven't done any web filtering and I know a lot of others will help you with that. On that I would NOT suggest using the web filtering on the ASA it was more of a pain than I thought it was worth at the time. Jon From: [email protected] To: [email protected] Date: Wed, 3 Dec 2014 13:45:05 -0500 Subject: RE: [NTSysADM] Firewalls / Web filtering
Well Sophos is tossing in a second SG 330 for “free” until the end of the year to sweeten the deal. __________________________________Stefan Jafs From: [email protected] [mailto:[email protected]] On Behalf Of Andrew S. Baker Sent: December 3, 2014 13:36 To: ntsysadm Subject: Re: [NTSysADM] Firewalls / Web filtering Sophos is okay, but for the money, I prefer the Fortinet devices in terms of performance and management. I've done lots of migrations FROM Cisco to various other products, so... Those are the ones I can speak to from the perspective or recent experience. Regards, ASB http://XeeMe.com/AndrewBaker Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market… On Wed, Dec 3, 2014 at 11:52 AM, Stefan Jafs <[email protected]> wrote:I’m going around in circles trying to make a decision on a new Firewall and Web filtering appliance. We currently have the SonicWall NSA240 * 2 for HA and iPrism for Webfiltering. We have increased our speed on Rogers fibre to 200 / 200 Mbs, the SonicWall is only 100 Mbs. Also the iPrism can’t handle our 300 + users any more, delays when trying to open a web page. So I have been looking at Cisco ASA, upgraded SonicWall, Barracuda, Fortinet and Sophos SG 330. Cisco – looks very complicated to setup and $$$SonicWall – probably ok with a separate Web filtering appliance, easy to install can upgrade current configs.Barracuda – looks good, Googling and reviews not so good.Fortinet – looks okSophos – looks good on paper and I already have Sophos endpoint protection, leaning towards this solution. Anyone that can give me real hands on recommendations? Thanks __________________________________Stefan Jafs
