How do I choose which ASA to use?

I would like to ask for help, i should choose an ASA firewall for our company, considering we have a couple of services on a DMZ and a INSIDE network, are there any steps to follow in order to buy a correct firewall?
Thanks

Hello Valerio

There are various aspects that you need to consider when choosing a firewall. These are not exhaustive, but give you a general idea of the kinds of things you’re looking for.

  1. Size of the enterprise. The first thing has to do with how much traffic will the firewall be handling. Will it be a small branch office serving 15 employees or a large headquarters with two thousand users? Firewalls are often rated at how many Mbps in throughput they can handle.
  2. What kind of services do you want? If you simply want a firewall to filter specific addresses, ports, and sites, you can easily apply an older ASA firewall. More advanced features can be obtained using the ASA line that supports Firepower, a technology that delivers next-generation functions like application control, intrusion protection, and antimalware and URL filtering. If you want to go beyond that, to a more enterprise-centric set of features, you should take a look at the Firepower series of products (Firepower 1000, 2100, 4100, and 9300). These are newer than ASA as they were introduced in 2017 while ASA was introduced in 2010. These are next-generation firewalls that deliver business resiliency through threat defense.
  3. Cost - It would be great to have the best of the best for every scenario, but unfortunately, as you know very well, that’s not the way the world works. Arguably, the most restrictive characteristic for the choice you will make comes down to how much money will you spend. You must balance the services to be delivered by a firewall with the cost, so that you can really get the most for your money.

These are just some fundamental thoughts. You’ll have to go through your requirements in detail, and it may be worth discussing those further with your hardware provider. In the meantime, here is a link that may be helpful in giving you more information:

You may also consider other products such as a virtual firewall, Cisco Meraki MX series firewalls, or Secure IPS.

I hope this has been helpful!

Laz

Hello,
thanks for your precise answer.
We are small company, we are in 20 workers and 4 DMZ services, for each dmz we have different public IP, i was thinking to buy Firepower 1010.

Thanks

Hello Valerio

That sounds like a good choice! Let us know how you get along… Glad to be of help!

Laz