Re: SBS 2008 - Firewall Appliance?

I looked at the link you sent me and didn't see *anything* that contradicted what I said.

Specifically here is the cut'n'paste from their *base* bundle:

Cisco ASA 5510 Appliance Content Security Edition Bundle

Includes Content Security and Control Security Services Module 10 (CSC-SSM-10),
50-user antivirus/anti-spyware license with 1-year subscription service*,
firewall services,
250 IPsec VPN peers,
2 SSL VPN peers,
and 3 Fast Ethernet interfaces

As you can see, the *AV* portion has a user license attached. As do the various VPN options. But "firewall services" are simply listed as included. So, again, if all you want is a firewall as an added barrier, then this would work. With that said, you are looking at (or at least linked to) the ASA 5500 Content Security Edition. If you don't need AV or VPN then this is overkill....and I recommend running client AV on a server that can handle monitoring anyways....not using an edge device as the client AV manager...but that's another conversation.

Anyways, you may want to look at the ASA 5500 firewall edition as it is less expensive since it doesn't come with the 50-user AV license. There *are* a few models that have user restrictions, but these are intended for data centers. The firewall protects a SQL server, for example, so only two or three users ever *need* access...so the cost is *greatly* reduced. The 5505 and up all have an "unlimited user" bundle and that is what you'd use to protect a client network instead of a data center.

-Cliff


"nordberg" <nordberg_73@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:vb5sr41m2nj9brbblq77il3iotdcs2cfuc@xxxxxxxxxx
On Fri, 13 Mar 2009 12:41:18 -0600, "Cliff Galiher"
<cgaliher@xxxxxxxxx> wrote:

Hmmm....you might want to recheck your vendor. Cisco's default licensing
for the ASA isn't client specific. If you opt for VPN or client-side virus
scanning agents then those cost...but that is true with *any* security
appliance.

Celestix, Cisco, Juniper, and Sonicwall are my top choices, in that order.

-Cliff


Can you explain this then:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e88.html

Looks like it's use specific to me? It was the same for the Pix
also......

.

Relevant Pages

  • [REVS] Bypassing Client Application Protection Techniques
    ... Get your security news from a reliable source. ... protection programs. ... * Kerio Personal Firewall 4.0 ... And we got actually nothing in the field of client application ...
    (Securiteam)
  • Re: Firewall advice required please
    ... 2./ How do you provide "SECURE" access without a VPN? ... suggesting you are achieving as-good-as security using a standard SSL, ... > and air-gap is the only product we carry. ... > no other firewall can touch. ...
    (comp.security.firewalls)
  • Re: [fw-wiz] Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
    ... complexity and architectural inelegance of having 3-5 gateway security ... VPN) convinced me to eventually champion a migration to Symantec's SGS ... Nice balance of "default deny" at the firewall, ...
    (Firewall-Wizards)
  • Re: Secured Linux box for Windows access
    ... On the client side, I can automatically remove temp files, harden up ... > struggling with the Linux side and its configuration. ... it is possible to use a VPN to secure your shares as tehy go ... distribution-specific guides to security. ...
    (Security-Basics)
  • Re: Software vendor clueless
    ... done regarding the firewall settings. ... the client could be held legally liable. ... >7) Explain to both that a security 'incident' has ...
    (Incidents)