Business router/security device recommendation

T

the_b_man

Limp Gawd
Joined
Sep 5, 2007
Messages
185
I'm looking to retire a Cisco ASA-5510, which is discontinued and out of support contract. We are considering another Cisco, however, I work in a very small team whose expertise lies mostly in software development and server admin, and not networking. We likely use less than 1% of what our ASA-5510 is capable of so to us, another Cisco is probably overkill and over-complex. We are considering something easier for our team to configure and feel comfortable with.

The device will need to secure a small Hyper-V cluster on a simple network, with only a few segments for DMZ, internal and management. Reliability is important; our Cisco has had no hardware issues for close to a decade of 24x7, and we'd expect similar robustness. Required is a basic mapping of a block of 16 external IPs to inside addresses on a range of common ports, a VPN tunnel. Signature-based security service would be nice; we would pay for a subscription if effort level was low.

Budget is not likely to be an issue here. The sticking point is ease of use. We don't have Cisco certified staff in-house, and while we could outsource management of a new Cisco, I'm inclined to also investigate a simpler option that a few relatively intelligent devs/ops types could manage on their own.

tl;dr: What brand names should I be looking at? Thx all
 
For ease of use and reliability Fortinet or Check Point can't be beat. Both offer models from the ultra low end to as much as you want to spend.
 
Check out Cisco Meraki. Very easy to use, full feature set, good hardware. If you don't have a networking guy, it is a great way to go. They will even lend you a device to try it out.
 
If you already know enough Cisco to manage your 5510, consider buying a 2nd 5510 off the used market as a standby spare. After purchase, just make sure you practice backing up and restoring configuration files. If your production unit ever fails, it shouldn't take you long to power up the backup, load the latest configuration file and be back in business. If used 5510s are cheap enough, buy two or three.

No reason to fix what isn't broken at this point.
 
I'd suggest Fortigate or Watchguard, with a stronger emphasis on Watchguard. I prefer how Watchguard does their NAT and firewall policies than how Fortigate does them.
 
You must log in or register to reply here.
Back
Top