Network Security appliances
What are the key things to consider when choosing a network security appliance for 130 user network? I am confused with the plethora of appliances Cisco has on offer.
Software/Hardware used:
Network Security
Network is laid across three floors, with all the switches connecting back to a wiring closet.
Software/Hardware used:
Network Security
ASKED:
January 27, 2011 10:32 AM
UPDATED:
February 25, 2011 9:36 PM
Answer Wiki:
many appliances provide multiple interfaces that you can configure for monitoring. Are you interested in protection at the edge? Across multiple VLANs? Consider whether you are interested in control from outside in or both directions. Also remember a single appliance is also a single point of failure. Most have the ability to fail open so as to not close down your network. I employ both a separate appliance that monitors traffic on all my edge entry points as well as an integral module in my ASA.
To see all answers submitted to the Answer Wiki: View Answer History.
easy to use, simple interface, integration, support number of user/connections – future upgrades/adaptability, price vs quality…
thanks for coming back to me.
in distribution layer, I have got two layer 3 switches and they connect directly to WAN routers.. ideally I want security on the edge to monitor all incoming traffic. I agree single appliance would be a single point failure. What other ways are around it, can router manage the security of network while the appliance is down or is not recommended?
I am confused because i have security modules on routers and firewall appliance on the edge, Why would you have integral module?
thanks for coming back to me.
in distribution layer, I have got two layer 3 switches and they connect directly to WAN routers.. ideally I want security on the edge to monitor all incoming traffic. I agree single appliance would be a single point failure. What other ways are around it, can router manage the security of network while the appliance is down or is not recommended?
I am confused because i have security modules on routers and firewall appliance on the edge, Why would you have integral module?
The network security appliance should provide security from comprehensive array of attacks, reliability, functionality and productivity. It must be faster and protect the system from various web threats like spyware, viruses, malware, hackers and many more.
We use a dual-FW system, then still have IP/IPv6 ACL’s / Route-maps on the routers to be both redundant and secure. A little bit of both edge and Core-level filtering never hurts..