Cisco ASA NGFW Review

ASA5505 Multipurpose Robust Firewall for small office or small organization requiring for network security


Cisco ASA 5505 overview
Selecting a new fire wall is matter of individual requirements and preferences. For small office it is economical to have a single device having small switch and firewall capability. Cisco ASA 5505 is perfectly suitable for small office as it has 8 port connecting end device switch and two of which have PoE capability for connecting cisco ip phones or external wireless access point. Has a expansion slot for connecting IPS (Intrusion prevention System). Additional IPS card (AIP SSC-5), IPS protects form virus, worms Trojans, DDoS attacks. This all features makes it a truly multipurpose firewall for small office.

Pros:

1) Is small in size and light in weight, requires less space suitable for small office.
2) Has integrated 8 port Switch so no need to purchase additional switch.
3) Has 2 PoE ports, so IP phones or external wireless access points can be connected.
4) If IPS card is installed it gives protection form vires, Trojan and worms and DDoS.
5) It supports 3 vlan, traffics can be separated per vlan.
6) Can be easily configured through SDM
7) Last but not the least it is very robust system once installed it dose not need much attention.

Cons:
1) ASA5505 does not support expansion.
2) ASA5505 dose not support fail over ( Aacive / active or active/ standby)
3) ASA5505 does not support multimode.
4) Heavy CPU load and packet latency due to addition of IPS.
5) The ASA 5505 does not support Spanning Tree Protocol for loop detection in the network.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
2 Comments
IT Administrator at a financial services firm with 501-1,000 employeesVendor

Good Review. I would also include its integrated Web Security Essentials feature in the list of Pros. This adds content filtering capability to the device.

24 September 13
Head of Data Center at a university with 1,001-5,000 employeesVendor

We have a 5520 with IPS installed. You are right about the CPU load with the IPS addition. It really maximizes the CPU utilization of the system, which can be a cause for concern. We've also have the IPS fail at some point due to a vulnerability. It was later patched with a firmware upgrade.

Fairly expensive, but will get the job done if you know how to configure it. Also recommend to have an HA set-up if protecting critical infrastructure. Might be expensive, but probably a good addition if you already have a Cisco-dominated environment. You should have it protecting you from the outside and use a separate in-line IPS if you want to protect the inside network.

11 February 14
Guest

Sign Up with Email