Question Please suggest a Cisco edge firewall for our organization

Feb 16, 2019

Ours is a small business with around 40 users (may expand upto 100 in later future) and have 3Mbps leased line internet (might be upgraded to 6-10Mbps in later future)

Need advise on -
  1. Edge firewall with capability of NAT, all security standards/rules.
  2. 24-port Gigabit switches (initially we will buy 2 No.s).
can Edge firewall act as proxy (traffic control) or better I configure a windows/linux machine with proxy server?

Please advise, thanks!!
If you really want a cisco device call cisco and ask them to send a sales rep out to help you assess your needs. This is part of the reason these devices are so expensive they include the cost of the pre sales and support.

3mbit is nothing you are barely going to be able to run web pages with that.

In most cases you use a firewall to protect a web server from incoming attacks. It can be used to limit traffic from your internal users but a proxy is better is some ways. Just using the proxy will prevent any device that can not be configured to use a proxy. It also will prevent any application that does not use standard web ports. For a business this is good because it will prevent most online games from functioning.

That said cisco does not make the best proxy device. One of the proxy I liked a lot was made by bluecoat but they were purchased by symantec. Still bluecoat was a outrageously expensive box but it worked very well.

The problem with any proxy or any form of content filter is the cost of the subscriptions. I always said it is to pay the poor guys who have to surf porn all day long. :). Still someone needs to keep the lists of sites and categories so you do not have to manually put these in. That way you only need to block say categorizes PORN and VPN and you do not need to worry that some new VPN service came online and your users found it before you did.

The huge problem with any content filter is you can for example block all of facebook but you can not just block parts or it or see what pages the users are looking at. Everything now days is encrypted so it is much harder to filter things. Someone can google search images for pictures of cats or they can search for porn photos. The google image previews will still most times be available. If they attempt to click on the image and get it from the main site it will be blocked but they can still see the cached image google keeps. You really can't stop this with any content filter.

With that small of a internet connection I suspect you are going to have to heavily restrict access. Even videos from news sites like CNN will put a burden on the connection with that many users using it.