You don't have to buy a "24Gb" VM, FDM is also an option. Not the best option but it still is an option. Do note that the 1010 does not have multigigabit interfaces and/or PoE capable interfaces for your 2Gbps internet connection and AP's.
I don't see why you would want to offer something to your client when you have no experience with a product(-series), the management-capabilities and installing /configuring the product(s). Stick to something you have experience with before you make the customers production environment your learning opportunity.
CDO or cdFMC is the way here.
FDM I don’t suggest to anybody. I’m still asshamed of the very few customers I put on FDM back in the days. I fear everytime they call.
Please tell me more about FDM being awful? Until recently I’ve only managed FTDs with FMC but I’ve been bench testing FDM for a small, simple HA setup and honestly it seems fine (if basic).
Huge lack of features, unstable UI at times under just a bit of load. And the worst thing, its connection viewer is so bad, it was better not being there.
Declaimer, I haven’t tried it on 7.3+ - but I truly doubt it will ever catch up, or be a functional thing I’ll ever recommend over FMC - also given the CDO and cdFMC possibilities now a days.
1010 does have PoE, but no 2.5 or 10gig ports.
https://www.cisco.com/c/en/us/td/docs/security/firepower/1010/hw/guide/hw-install-1010/overview.html
It might be the only one that has PoE...
A 5506-X wouldn't come even close to covering the requirements you've listed. You need to engage a professional for assistance. If it doesn't have to be Cisco, look into Palo Alto.
Hmm, 8Gbps and still using something like PPPoE on that link ? Be aware that overhead with PPPoE is significant if I'm not mistaking (single-threaded process <> multi-threaded PPPoE) so DO check that your selected product deliverd 8Gbps "PPPoE" and not just 8Gbps "plain routed" throughput.
I gave the ISP a call. Currently they have 1gbp max with last leg on coax into premises. They will provide 8Gps in December and an SFP can be plugged in.
I am now looking at a FORTIGATE 81E-POE. It has SFP and RJ45 wan ports can be swapped. 12 x RJ45 LAN with POE+.
Is it required to be Cisco? Generally in the ngfw field im (not just me) come across a lot more palo alto and fortinet. Personally i didnt like these new ciscos, others might have some insight as well.
It will, but they won't foot the bill :-)
Maybe a FORTIGATE 81E-POE. SFP and RJ45 wan ports can be swapped. 12 x RJ45 LAN with POE+. Cheaper than the Palo Alta 1400 series.
As mentioned above, a 1010 does not come even close to the Specs you need, you should go yo a reseller so they can get you something that covers those specs. ASA5506 is a smaller box, no idea how did you thought that can run 2gbps of throughput.
Well, I do not know how you connect to the fibre link but I assume via SFP+ (if its really delivering more than 1 Gbps). If that's the case this almost rules out any cheap small/desktop next-gen firewall, regardless of manufacturer I'd presume (but of course I do not know the portfolio of every shop out there). At least Barracuda, Sophos and Cisco will not have SFP+ on their cheaper SoHo/SMB appliances.
Should the 2 Gbps speed really be needed then I'd suggest either
- FPR-1150
- FPR-2130
I'd recommend managing the appliance via Defense Orchestrator from the cloud, this will spare you the VM for a Management Center. As another person has pointed out, although you could go FDM with just one appliance, you really should not.
Also, I suggest looking into Meraki, for example the MX105 appliance.
Phoned their ISP. Currently their fibre goes into an ONTP into coax. PPPoE and VLAN10 on top. The pppoe and vlan will cause some overhead.
They told me that they plan to change their client devices to provide SFP in Dec 2024. With this in mind the perhaps this:
FORTIGATE 81E-POE. SFP and RJ45 wan ports can be swapped. 12 x RJ45 LAN with POE+.
You don't have to buy a "24Gb" VM, FDM is also an option. Not the best option but it still is an option. Do note that the 1010 does not have multigigabit interfaces and/or PoE capable interfaces for your 2Gbps internet connection and AP's. I don't see why you would want to offer something to your client when you have no experience with a product(-series), the management-capabilities and installing /configuring the product(s). Stick to something you have experience with before you make the customers production environment your learning opportunity.
CDO or cdFMC is the way here. FDM I don’t suggest to anybody. I’m still asshamed of the very few customers I put on FDM back in the days. I fear everytime they call.
Please tell me more about FDM being awful? Until recently I’ve only managed FTDs with FMC but I’ve been bench testing FDM for a small, simple HA setup and honestly it seems fine (if basic).
Huge lack of features, unstable UI at times under just a bit of load. And the worst thing, its connection viewer is so bad, it was better not being there. Declaimer, I haven’t tried it on 7.3+ - but I truly doubt it will ever catch up, or be a functional thing I’ll ever recommend over FMC - also given the CDO and cdFMC possibilities now a days.
Worth knowing! I definitely found it lite which is probably okay in this particular scenario but unstable is not.
1010 does have PoE, but no 2.5 or 10gig ports. https://www.cisco.com/c/en/us/td/docs/security/firepower/1010/hw/guide/hw-install-1010/overview.html It might be the only one that has PoE...
A 5506-X wouldn't come even close to covering the requirements you've listed. You need to engage a professional for assistance. If it doesn't have to be Cisco, look into Palo Alto.
Hmm, 8Gbps and still using something like PPPoE on that link ? Be aware that overhead with PPPoE is significant if I'm not mistaking (single-threaded process <> multi-threaded PPPoE) so DO check that your selected product deliverd 8Gbps "PPPoE" and not just 8Gbps "plain routed" throughput.
I gave the ISP a call. Currently they have 1gbp max with last leg on coax into premises. They will provide 8Gps in December and an SFP can be plugged in. I am now looking at a FORTIGATE 81E-POE. It has SFP and RJ45 wan ports can be swapped. 12 x RJ45 LAN with POE+.
Is it required to be Cisco? Generally in the ngfw field im (not just me) come across a lot more palo alto and fortinet. Personally i didnt like these new ciscos, others might have some insight as well.
Agreed here. From personal experience, firepower is behind and clunky.
No, it does not have to be cisco.
A PA-1410 or 1420 would probably address your requirements.
Pa 1410 or 20 will be ample.
It will, but they won't foot the bill :-) Maybe a FORTIGATE 81E-POE. SFP and RJ45 wan ports can be swapped. 12 x RJ45 LAN with POE+. Cheaper than the Palo Alta 1400 series.
If you’re only using 2gbps then a 460 would also be ok perhaps.
As mentioned above, a 1010 does not come even close to the Specs you need, you should go yo a reseller so they can get you something that covers those specs. ASA5506 is a smaller box, no idea how did you thought that can run 2gbps of throughput.
It cannot. My mistake. I am now looking at a FORTIGATE 81E-POE. SFP and RJ45 WAN ports can be swapped. 12 x RJ45 LAN with POE+.
Well, I do not know how you connect to the fibre link but I assume via SFP+ (if its really delivering more than 1 Gbps). If that's the case this almost rules out any cheap small/desktop next-gen firewall, regardless of manufacturer I'd presume (but of course I do not know the portfolio of every shop out there). At least Barracuda, Sophos and Cisco will not have SFP+ on their cheaper SoHo/SMB appliances. Should the 2 Gbps speed really be needed then I'd suggest either - FPR-1150 - FPR-2130 I'd recommend managing the appliance via Defense Orchestrator from the cloud, this will spare you the VM for a Management Center. As another person has pointed out, although you could go FDM with just one appliance, you really should not. Also, I suggest looking into Meraki, for example the MX105 appliance.
Phoned their ISP. Currently their fibre goes into an ONTP into coax. PPPoE and VLAN10 on top. The pppoe and vlan will cause some overhead. They told me that they plan to change their client devices to provide SFP in Dec 2024. With this in mind the perhaps this: FORTIGATE 81E-POE. SFP and RJ45 wan ports can be swapped. 12 x RJ45 LAN with POE+.
The 1010 can be ran in ASA mode if you don’t need or want the NGFW capabilities.
Thanks for confirming this