ASA and cisco vs NSA sonic firewall
- by Lbaker101
Currently I’m trying to structure our network to fully support and be redundant with BGP/Multi homing.
Our current company size is 40 employees but the major part of that is our Development department. We are a software company and continued connection to the internet is a requirement as 90% of work stops when the net goes down.
The only thing hosted on site (that needs to remain up) is our exchange server.
Right now i'm faced with 2 different directions and was wondering if I could get your opinions on this.
We will have 2 ISPs that are both 20meg up/down and dedicated fiber (so 40megs combined). This is handed off as an Ethernet cable into our server room.
ISP#1 first digital
ISP#2 CenturyLink
we currently have 2x ASA5505s but the 2nd one is not in use. It was there to be a failover and it just needs the security+ license to be matched with the primary device. But this depends on the network structure.
I have been looking into the hardware that would be required to be fully redundant and I found that we will either of the following.
2x Cisco 2921+ series routers with failover licenses. They will go in front of the ASAs and either connects in a failover state or 1 ISP into each of the 2921 series routers and then 1 line into each of the ASAs (thus all 4 hardware components will be used actively).
So 2x Cisco 2921+ series routers
2x Cisco ASA5505 firewalls
The other route
2x SonicWalls NSA2400MX series.
1 primary and the secondary will be in a failover state.
This will remove the ASAs from the network and be about 2k cheaper than the cisco route.
This also brings down the points of failure because it’s just the 2x sonicwalls
It will also allow us to scale all the way up to 200-400 users (depending on their configuration).
This also makes so the Sonic walls.
So the real question is with the added functionality ect of the sonicwall is there a point in paying so much more to stay the cisco route?
Thanks!