Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bulkdevicesuk
New Contributor

Need a cisco ASA 5505 firewall appliance with certain abilities

Hello, I'm looking for an additional cisco ASA 5505 ASA5505-UL-BUN-K9 8 Port firewall appliance to go between my current router/firewall and my server. The specific purpose of this firewall appliance is to block the IP addresses of specific countries where hacking attempts and spambots frequently originate and legitimate connections to the server are rare. I know they originate from ALL countries, but some are much worse than others. I don't really need advice on why this is a good (or bad) idea, it's what I want to do regardless. I'm just looking for recommendations for a hardware appliance that will do what I need, the way I want it done. The ONLY appliances I am aware of at this time that meet my requirements are Watchguard Fireboxes such as the x500, x700, etc. They would work, but are large, somewhat noisy, and consume a good bit of power. The interface is good, however. Here are some of the desired properties I am looking for. 1). Interface that allows me to conveniently add large numbers of IP address blocks in CIDR format or as Host ranges. 2). Low power consumption (ie no hard drive needed) 3). User interface that allows me to see live connections as they are allowed or denied similar to what Watchguard Fireboxes such as the x700 can do. 4). Quiet Here is the visual interface for the Watchguard Firebox. I like this interface. I may end up using another Firebox if there are no other good / better alternatives.

1 REPLY 1
xsilver_FTNT
Staff
Staff

Hi bulkdevicesuk,

 

not sure this will answer your question as this is forum for Fortinet's products.

Not selling anything, including Cisco, Watchguard, or any devices of other vendors at all.

 

However, you might have a look to IPS (intrusion prevention) and generally UTM (Unified Threat Management) feature of FortiGate devices.

Generic overview is here : https://www.fortinet.com

Our threat monitoring center : https://www.fortiguard.com/

 

And for more details - Documentation

https://docs.fortinet.com/document/fortigate/7.2.1/administration-guide/680955/security-profiles

Peak into 

Web filter

Intrusion prevention

Web application firewall

- or, if you do not want to use FortiGuard sources, then possibly construct your own threat signatures, Fabric and Automated Stitches .. all up to external threat feeds ( https://docs.fortinet.com/document/fortigate/7.2.1/administration-guide/9463/threat-feeds ).

I thing FortiGate as device and FortiOS has plenty of possibilities how to handle the situation. On big chassis-type units, or even on small, diskless, or even rugged, SoHo type boxes.

 

 

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

Labels
Top Kudoed Authors