Author Topic: Cisco ASA  (Read 12955 times)

junipoint

  • Full Member
  • ***
  • Posts: 148
  • Karma: +0/-0
    • View Profile
Cisco ASA
« on: July 12, 2006, 08:20:48 pm »
Cisco just announced the ASA 5505 has been added to their portfolio. It is a cross between a Netscreen 5GT with the performance of the Netscreen 50. List price for the base model: $595. There is a security plus license available for an additional cost which gives interface features similiar to that of the Netscreen 5GT Extended.¬ 

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

I would assume¬  :wink: Juniper will have a replacement for the 5GT due out probably in September or October that will be direct competition, probably an SSG 505 :-)

sebastan_bach

  • Sr. Member
  • ****
  • Posts: 349
  • Karma: +0/-0
    • View Profile
Re: Cisco ASA
« Reply #1 on: July 13, 2006, 04:44:56 am »
hi junipoint u are right. u the new asa 5505 for soho is really good has almost all the features netscreen provides. i am not sure whether it supports ips and anti-virus card. but this surely going to affect 5-GT and other small range products. i don't know why juniper is taking a back step in comparison to cisco.i guess juniper should get a ips card like cisco does in exterprise series models also unlike like the isg which hardly any enterprise buys it cause it's very expensive. juniper should also focus on getting a host based ips. and try to get a unifed architecture in place as compared to cisco and checkpoint. just my views. good to have a discussion a topic on like this. see ya

regards

sebastan

signal15

  • Administrator
  • Hero Member
  • *****
  • Posts: 531
  • Karma: +1/-0
    • View Profile
    • JuniperForum.com
Re: Cisco ASA
« Reply #2 on: July 27, 2006, 04:57:50 pm »
Quote
ike the isg which hardly any enterprise buys it cause it's very expensive.

Actually, a ton of my clients have ISG 1000's and 2000's with IDP blades.  If you need the throughput and the features, it's worth the moola.  They aren't that bad on pricing after standard vendor discounts anyway.

Have any of you actually played with the ASA?  I haven't touched one, but a couple of our engineers said that the configuration of it totally sucks.  Of course, that wouldn't surprise me in the least.  I just got done configuring a CSS, and the ACE blade for the 6509, and I'm about to kill whoever designed it.

sebastan_bach

  • Sr. Member
  • ****
  • Posts: 349
  • Karma: +0/-0
    • View Profile
Re: Cisco ASA
« Reply #3 on: July 28, 2006, 02:00:14 am »
hi signal isg series are very expensive as compared for a enterprise series firewall. i know the fwsm sucks big time cause it only do it natting for vlans and nothing else. the asa is pretty ok not as bad as it seems. now they have added support dual isp;s l2tp and pppoe and more. thei ips module for the asa is good and the anti-virus card from trend. i knwo their boxes don;t give the high levle throughput as compared to ntscreen or nokia. but for a enterprise a decent throughput is enough which a asa 5520 can deliver. and nowadays enterprise wants one box solutions s they don;t have headache to manage ad set policies and know multiple products. here asa perfectly fits in the picture.it has anti-virus card,ipsmodule and irewall with ssl vpns in it. what else would a normal enterprise want for. and their box supports free license for 3 virtusl systems for testin which juniper dosn;t. i know their virtual systems is not full fledge doesn;t support vpns and routing. how long cisco will take to write it in the code and will soon support all the features netscreen supports. abd price wise they are still very less as compared to netscreen.

i guess netscreen should start put support for virtual systems in enterprise series also now like ns-200 series. cause enterprises are going for network virtualisation.netscreen doesn;t have their host based ips. and afterall enterprise don;t have much brains they only think which is better product matching prices support. no one can beat cisco support.

netscreen should a get a integrated solution otherwise they will be left behind for sure in the long run. checkpoint and cisoc are already offering utm solutions. even fortinet whose architecture is very similar to netscreen is right now the best utm. but they are bad at support.as a utm they are damn good. and they are half the price of netscreen. they support everything netscreen does.

just my view signal. good to have a discussion on such topics. i hope some juniper employee reads this. hope

see ya

regards

sebastan

Frac

  • Hero Member
  • *****
  • Posts: 784
  • Karma: +0/-0
    • View Profile
    • My Blog
Re: Cisco ASA
« Reply #4 on: July 28, 2006, 04:26:00 am »
Hi,

i don't see any use for vsys in a enterprise market.

like signal says the ISG1000 isn't that exspensive, noone can give the feature set + througgput for that price.

the only thing they maybe can do is, make vsys avaible on the SSG appl. (only to counter the cisco ASA, but i don't see any benifits in it)

A feature that i would like more on those devices is the SSL NC feature. (so only network connect nothing else)

greetZ,
Frac
JNCIS-FWV, JNCIS-ER, JNCIA-EX, JNCIA-IDP http://juniper-frac.blogspot.com

sebastan_bach

  • Sr. Member
  • ****
  • Posts: 349
  • Karma: +0/-0
    • View Profile
Re: Cisco ASA
« Reply #5 on: July 28, 2006, 05:25:19 am »
yes frac. atleast the ssl feature should be available in the firewall appliances.really hope juniper really update their hardware and come with a unified solution.

just my views

regards

sebastan

Frac

  • Hero Member
  • *****
  • Posts: 784
  • Karma: +0/-0
    • View Profile
    • My Blog
Re: Cisco ASA
« Reply #6 on: July 28, 2006, 05:45:41 am »
Hi Seb,

The SSG are the unified solution for juniper. (don't have SSL tho)

For the people who looked in the new 5.4 release notes see that there is more to come  :-D

SSG5/SSG20 :mrgreen:

greetZ,
Frac

JNCIS-FWV, JNCIS-ER, JNCIA-EX, JNCIA-IDP http://juniper-frac.blogspot.com

sebastan_bach

  • Sr. Member
  • ****
  • Posts: 349
  • Karma: +0/-0
    • View Profile
Re: Cisco ASA
« Reply #7 on: July 28, 2006, 06:09:18 am »
hi frac i have checked the datasheet of ssg it supports complete routing like junos,firewall with anti-virus and and anti-spam with wan interfaces and all. it;s a very good branch office solution . hey frac i really not sure like cisco easy vpn in which the branch routers or firewalls need not be configured with ike policies and ipsec transform-sets . they can dynamically retrive that information from main bracnh router or pix. i mean it's very good solution for small remote sites. does netscreen offer any such kind of solution. dynamic setup of vpns between firewalls. just curious to know. see ya

regards

sebastan

Frac

  • Hero Member
  • *****
  • Posts: 784
  • Karma: +0/-0
    • View Profile
    • My Blog
Re: Cisco ASA
« Reply #8 on: July 28, 2006, 06:39:36 am »
hi seb,

nope they don't have that. that what i hope they will include soon (SSL network connect)

greetZ,
Frac
JNCIS-FWV, JNCIS-ER, JNCIA-EX, JNCIA-IDP http://juniper-frac.blogspot.com

sebastan_bach

  • Sr. Member
  • ****
  • Posts: 349
  • Karma: +0/-0
    • View Profile
Re: Cisco ASA
« Reply #9 on: July 28, 2006, 07:18:10 am »
frac i am talking of dynamic setting of site to siye vpn and not ssl vpn or remote access vpn.


see ya

regards

sebastan

signal15

  • Administrator
  • Hero Member
  • *****
  • Posts: 531
  • Karma: +1/-0
    • View Profile
    • JuniperForum.com
Re: Cisco ASA
« Reply #10 on: August 01, 2006, 01:41:09 pm »
Like Frac said, there really is no good justification for VSYS in the enterprise.  The only way I can see it being used properly is by a service provider that is selling a manageable firewall to its clients, or *possibly* by a company that has a separate security team for each department (and even then it's a stretch).  There is absolutely zero reason a device as small as the ASA to have it, except for marketing reasons.

The good news is, I'm getting one of these this week to put through the paces, and I'll post all of my results on the forum so you can all see them.  For those of you that have worked with me before, you know I'm brutally honest about the capabilities and shortcomings of products, and it will be no different here. 

sebastan_bach

  • Sr. Member
  • ****
  • Posts: 349
  • Karma: +0/-0
    • View Profile
Re: Cisco ASA
« Reply #11 on: August 01, 2006, 02:47:21 pm »
hi signal surely will wait for ur review.

see ya

regards

sebastan