Beginners Guide to Firewalls
11 May 2010 by The Brigadier
Most of us understand that the firewall in your solution is there to protect your hardware and valuable data from outside interference.
What is not necessarily understood by the less technical amongst us, myself included, is what the published features mean and what they allow you to achieve. At UKFast, we provide Cisco ASA Firewalls only, and so these are what I will focus on. The table below shows an excerpt from the comparison table Cisco publish and the feature set of each firewall:
| 5505 | 5505 UL | 5505 SP | 5510 | 5510 SP | |
| Bandwidth (Mb/s) | 150 | 150 | 150 | 300 | 300 |
| Max Firewall Connections | 10,000 | 10,000 | 25,000 | 50,000 | 130,000 |
| Firewall connections per second | 4,000 | 4,000 | 4,000 | 9,000 | 9,000 |
| Maximum VPN Sessions | 10 | 10 | 25 | 250 | 250 |
| Maximum VLANS | 3 | 3 | 20 | 50 | 100 |
| IPS Upgrade Available | Yes | Yes | Yes | Yes | Yes |
| Failover Upgrade Available | No | No | Yes | Yes | Yes |
| Maximum IPs | 10 | Varies* | Varies* | Varies* | Varies* |
*Maximun IPs provided by UKFast dependent on solution.
Maximum Firewall Connections – the maximum number of connections the firewall can handle at any time. Buy websites and application will push the limit on the connections.
Maximum Firewall Connections per Second – the maximum number of new connections the firewall can accept per second.
Maximum VPN Sessions – number of VPN connections that can be in operation at 1 time.
Maximum VLANs – VLANs allow a single firewall to appear like a number of firewalls – like virtualising a dedicated server into a number of virtual servers. Having the ability to configure a number of VLANs allows for increased solution security and provides the ability to provide different access lists and port security on database servers than you have on web servers, for example.
Failover Upgrade Available – A “Yes” identifies that by buying 2 units, failover is possible.
IPS Upgrade Available – All Cisco ASA firewalls now support being upgraded to include IDS/IPS.
Maximum IPs – The number of IPs that can be protected by the firewall. A solution with more than 10 servers or using more than 10 IP addresses (for SSL certificates, for example) would need to be upgraded from using the base ASA 5505 model.
Definitions
- 5505 UL = 5505 Firewall with Unlimited User Licence upgrade installed
- 5505 SP and 5510 SP = Version of firewall model with Security Plus Licence upgrade installed
- VPN = Virtual Private Network
- VLAN = Virtual Local Area Network
- IDS = Intrusion Detection System
- IPS = Intrusion Prevention System
Related posts:
