Cisco 5515X vs Palo Alto networks or accepting recommedation
Currently looking for a firewall that incorporates application layer (7) filtering that does not degrade its routing functions. future firewall will need to be able to handle 1500 users across multiple interfaces, some interfaces will be used for WiFi some DMZ interfaces for servers etc.
Rumor tells me that Palo Alto has more of a focus on application layers that seem to bottleneck other throughput functions such as NAT/PAT and VPN needs.
Cisco is still new(er) to the layer 7 (application) approach so I don't have much to go on from there!
AngeloThe Network GuyPremium
what are you trying to do...?
and is custom solutions something your considering i'd avoid cisco asa's personally. however i do use one myself.
We are replacing a very old Cisco Pix515 and are being lead in the direction of a palo alto due to the layer 7 approach it handles, some people are saying use both since palo alto does really well at layer 7 and cisco does very well at the routing functions.
We do ASA's for small locations but the 5515X seems to have the minimum throughput we are looking at which is gig plus.
|reply to cogfirewall |
I don't really think routing/firewalling/application filtering should be combined into one device. That's just asking for trouble, especially if you get one from a vendor more traditionally used for the lower levels...
Oh, Opera, what have you done?
|reply to cogfirewall |
Cisco is still very much stuck in the layer 3 / 4 filtering paragdim, even to the latest 8.3 and 8.4 code. I haven't
gotten a chance to try out the 9.x code yet, but let's just say that given the glacial pace that the code and hardware
been developed in the last couple years, there's not much new in terms of "application control" that everyone's on about.
Palo Alto, based on a couple sessions I sat in on, definately has a better implementation of filtering based on
one's identity and application they want to use.
Best option for you is get each vendor in and have them show you their gear in person and put it through its paces...
proof's always in the pudding I say.
One other caveat about Cisco -- which "routing" are you referring to? Be aware that ASA != ISR router. If you
need something like full IPv6 functionality and BGP, then ASA is NOT where it's at.