Weekly News, Reviews and Thoughts around Tech

Written by a bunch of Network and Systems Engineers- NOT ENGLISH MAJORS

Monday, January 4, 2010

Cisco Security Appliance SA520W - REVIEW

Since we were unable to find anything even on cisco's site on how to properly configure this piece of equipment we decided to write about it. LINK

The SA 520W Security Applicance is a Small Office device with great capabilities for remote work environments.
1) Wireless and VLAN's when used togeter can be setup to create a guest networks or provisioned for QOS or VPN segregation.
2) Enterprise VPN Support for remote site access via IPSEC
3) Remote access VPN Support -
4) Stateful inspection Firewall with schedules adn IPV6
5) Content Filtering basic and Protectlink from Trend for advanced Filtering via categories and email protection if you are still hosting email in a small site (why?)
6) SSL VPN Server

And Much More.

This device seems to have a decent amount of power to run all the feature available but lacks in documentation on how to actually do anything with it and is very fragile to change. In two cases we had to reboot the box after making a change to the VPN profile which took down wireless ( WTH?) seems this is not modular. After a few days of hit and miss troubleshooting on the Site-to-Site VPN we discovered that the rules do not follow the normal flow you would see in an ASA. One VPN Policy per subnet destination was what finally worked the odd thing is if I tried to put in 10.0.0.0 255.255.248.0 to catch the first few of subnets in I was alble to ping from only one ip at a time from the destination. So one VPN policy per routable subnet .
The Wireless and VLAN's have very little documentation but are quite easy to figure out as you just assign a SSID to a VLAN in the Wireless VLAN Settings. Guest network are setup by VLANs and DHCP which give you the ability to provide wired or wireless to guests and to keep them separtated from the production network.
Licensing of protectlink is $$$ and somewhat a pain in the butt but compared to a solution like Contentprotect (review coming) or other $$$ web filtering / content devices. So overall $300 bucks a year for a 5 seat license is bad, especially if implementing a split tunnel VPN back to a big corporation.

Grade: C , This should be a high B with good documentation.

BJ MOORE
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)