Dear Forum Users,
I would like to change my two Cisco ASA 5520 for two MikroTik CCR1072-1G-8S+. The Cisco ASA 5520 firewall throughput 450Mbps. This value is few. I'm looking for a device that knows the following:
- device redundancy ( High Availability / Failover )
- firewall throughput minimum 2-4Gbps
- management via VPN
- VLAN
- NAT
- SFP+ ports
- TCP / UDP connection limit management
- Serving about 1500 and 2000 users simultaneously to the internet
I was thinking of Mikrotik CCR1072 as a possible alternative. What do you think I can change my Cisco ASA5520 with Mikrotik CCR1072?
Thank you!
Re: Cisco ASA change to CCR1072
尽快思科防火墙和ccr is a router. Not the same type of product. ROS does have a firewall and can be used but is not built to be a firewall.
I use ROS at home as both firewall and router but would not do so at work.
I personally like Pfsense a lot. They also have some great appliances and can run in a hypervisor if needed.
I use ROS at home as both firewall and router but would not do so at work.
I personally like Pfsense a lot. They also have some great appliances and can run in a hypervisor if needed.
Re: Cisco ASA change to CCR1072
Unfortunately there isn't native RouterOS mechanism for sharing state or config between multiple devices. If you can live with no state and manual config replication, you'll be fine...Dear Forum Users,
I would like to change my two Cisco ASA 5520 for two MikroTik CCR1072-1G-8S+. The Cisco ASA 5520 firewall throughput 450Mbps. This value is few. I'm looking for a device that knows the following:
- device redundancy ( High Availability / Failover )
Re: Cisco ASA change to CCR1072
My ccr1009 has a firewall rules count over 100, over 50 nat rules and mangle over 90 for queue and easy connections understanding.尽快思科防火墙和ccr is a router. Not the same type of product. ROS does have a firewall and can be used but is not built to be a firewall.
I use ROS at home as both firewall and router but would not do so at work.
I personally like Pfsense a lot. They also have some great appliances and can run in a hypervisor if needed.
Connections count over 8000. Max net load 300mb/s. Many vpn ipsec channels, capsman for over 150 users and 11 wifi caps, OSPF. Max cpu load 35%. What do you mean about this?
Yours respectfully!
Re: Cisco ASA change to CCR1072
Cisco ASA is built to be a firewall with a lot of redundancy functions. You can cluster for HA and share states so a failover is more or less seamless for users.
You can use ROS as a firewall but it's not built for it and speed may suffer. It is my experience that adding a "firewall" rule to a router class device effects performance more then if it's a firewall class device.
As I said you can use ROS as a firewall, I do this myself, but if you want to replace a Cisco ASA with a CCR it should be pointed out that it's not the same type of device.
And also if he want HA Cisco ASA is better at this. So he cannot replace that out of the box.
You can use ROS as a firewall but it's not built for it and speed may suffer. It is my experience that adding a "firewall" rule to a router class device effects performance more then if it's a firewall class device.
As I said you can use ROS as a firewall, I do this myself, but if you want to replace a Cisco ASA with a CCR it should be pointed out that it's not the same type of device.
And also if he want HA Cisco ASA is better at this. So he cannot replace that out of the box.
Re: Cisco ASA change to CCR1072
Yep... HA its also bgp, few isp... etc. Any device spend cpu to firewall rule processing! But mikrotik is not a security appliance with antivirus, thread detectors, etc...
Yours respectfully!
Yours respectfully!
Who is online
Users browsing this forum:Semrush [Bot]and 18 guests