Sales
0161 215 3814
0800 953 0642
Support
0800 230 0032
0161 215 3711

Beginners Guide to Firewalls

Most of us understand that the firewall in your solution is there to protect your hardware and valuable data from outside interference.

What is not necessarily understood by the less technical amongst us, myself included, is what the published features mean and what they allow you to achieve. At UKFast, we provide Cisco ASA Firewalls only, and so these are what I will focus on. The table below shows an excerpt from the comparison table Cisco publish and the feature set of each firewall:

5505 5505 UL 5505 SP 5510 5510 SP
Bandwidth (Mb/s) 150 150 150 300 300
Max Firewall Connections 10,000 10,000 25,000 50,000 130,000
Firewall connections per second 4,000 4,000 4,000 9,000 9,000
Maximum VPN Sessions 10 10 25 250 250
Maximum VLANS 3 3 20 50 100
IPS Upgrade Available Yes Yes Yes Yes Yes
Failover Upgrade Available No No Yes Yes Yes
Maximum IPs 10 Varies* Varies* Varies* Varies*

*Maximun IPs provided by UKFast dependent on solution.

Maximum Firewall Connections – the maximum number of connections the firewall can handle at any time. Buy websites and application will push the limit on the connections.

Maximum Firewall Connections per Second – the maximum number of new connections the firewall can accept per second.

Maximum VPN Sessions – number of VPN connections that can be in operation at 1 time.

Maximum VLANs – VLANs allow a single firewall to appear like a number of firewalls – like virtualising a dedicated server into a number of virtual servers. Having the ability to configure a number of VLANs allows for increased solution security and provides the ability to provide different access lists and port security on database servers than you have on web servers, for example.

Failover Upgrade Available – A “Yes” identifies that by buying 2 units, failover is possible.

IPS Upgrade Available – All Cisco ASA firewalls now support being upgraded to include IDS/IPS.
Maximum IPs – The number of IPs that can be protected by the firewall. A solution with more than 10 servers or using more than 10 IP addresses (for SSL certificates, for example) would need to be upgraded from using the base ASA 5505 model.

Definitions

  • 5505 UL = 5505 Firewall with Unlimited User Licence upgrade installed
  • 5505 SP and 5510 SP = Version of firewall model with Security Plus Licence upgrade installed
  • VPN = Virtual Private Network
  • VLAN = Virtual Local Area Network
  • IDS = Intrusion Detection System
  • IPS = Intrusion Prevention System

Share with:

Enjoy this article?