RE: Thoughts on the new Cisco ASA 5500 firewalls

["Paul Melson" <psmelson () comcast net>]

Cisco is marketing the ASA 5500 appliances as PIX, VPN Concentrator, Secure
IDS, and network anti-virus in a single box.  Which leads me to believe that
it's either brand-centric marketing hype gone overboard (caveat emptor), or
that there is some actual code convergence.  If the latter is true - which
is not so impossible, since only the VPN 3K code needed porting to x86, PIX
and Secure IDS have been there forever - then that should make Chris'
decision pretty easy.  If it's a PIX plus other possibly irrelevant, or at
least out of scope features, buy the PIX.

I've not had any experience with the ASA 5500 appliances, but I've been
elbow deep in several other 'converged' security devices.  It is my NSHO
that when you combine several products, none of which are best-of-breed,
into a single box, what you end up with is a box that does a lot of things,
but none of them well AND can't scale or handle big loads.

PaulM

-----Original Message-----
Subject: Re: [fw-wiz] Thoughts on the new Cisco ASA 5500 firewalls

> What are your thoughts on the new ASA from Cisco?  Would the 
> additional features (IPS, AV, integrated VPN, active-active failover) 
> be worth the risk of being on the cutting-edge?  Has anyone on the 
> list worked with one yet?

The only time I'd ever deploy a new-to-the-market product was if I had time
to evaluate it personally.


Do the new features outweigh the risk of having an upset or worse yet-
unprotected client?  Only you *and* the client can answer that.  Their risk
tolerance is probably the biggest piece of input you can have.


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards