Review: Cisco SA 520 firewall disappoints

By Paul Venezia, InfoWorld |  Security, Cisco, firewall

Also disturbing is that the SA 520 appears to have problems retaining its configuration across certain firmware updates. I updated the firmware, only to find the device return to factory settings. Should that happen with an SA 520 at a remote site with no other connectivity and no serial console that could ostensibly be connected to a modem, it would remain offline until someone can reconfigure it from the LAN through a Web browser. That's definitely not a good situation for a remote office firewall.

However, the SA 520 supports up to 50 IPSec 3DES-to-AES256 tunnels, though working with the VPN tunnel management interface and wizard can be frustrating for experienced admins who are used to the ease and simplicity of CLI-based configuration. The IPSec VPNs did function properly with all encryption algorithms, and once I wrapped my head around how the VPN tunnel construction interface was designed, I was able to bring up tunnels to Cisco PIX and ASA firewalls without issue.

In short, the SA 520 can run an AES256 IPSec VPN up to 65Mbps, but it'll make you work harder than you think you should to implement it and maintain proper operation.

A Cisco in name onlyThe Cisco SA 520 lives up to its Small Business billing, but doesn't meet the requirements for the Pro designation, lacking adequate tools for managing a remote office endpoint for larger infrastructures. Given the specs for the device, that's a shame, because it definitely performs like a higher-end unit, offering advanced features, including 802.1p, CDP (Cisco Discovery Protocol) RADIUS, and syslog support.

If all you're looking for is a small-business firewall, you can get one cheaper than the SA 520, albeit without some of the extended features. If you're looking to terminate a VPN at a remote office, you might find that paying more for another device that has the necessary management capabilities makes sense in the end.

If you're in the middle, needing a small-business firewall with content filtering and dual-WAN capabilities, the SA 520 might be just the ticket, but I'm not sure how many of those businesses exist these days.

Originally published on InfoWorld |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question