Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Security

Security Software

Cisco SA 520 review

Article comments

You can also use some higher end features, including URL filtering, traffic allowance based on approved client lists and malware and spam filtering through licensed Trend Micro technology. Another separately licensed option is the IPS (Intrusion Prevention System) that offers another layer of protection for the internal network by filtering traffic based on signatures downloaded from external resources.

With the built-in four port switch and support for a single DMZ, I can see the SA 520 fitting in well in a small business infrastructure.

 I don't feel the same way about the use of the Cisco SA 520 for remote office connectivity. While the stats on the SA 520 clearly position it as a viable candidate to link a small remote office back to headquarters via a VPN tunnel, the lack of reasonable remote management capabilities makes it a hard sell.

For one thing there's no console port, so there's no way to use a serial terminal server to access the device during a failure. There's also no CLI, so all management must be conducted via the web GUI, which can be very annoying. While there is the ability to download a configuration file for backup, it's not really viable to modify the file offline, as you can for nearly all other Cisco network devices.

Remote administration is possible but can be granted to only a single source IP address, not a subnet or selection of addresses. Also, the SNMP MIB (management information base) situation with the SA 520 is somewhat perplexing. Certain aspects of the device respond to Cisco's MIBs, while others respond to standard UCD-SNMP MIBs. Even more confusing, the MIB support has changed between firmware releases. The upshot is that you may be able to enumerate interfaces with a UCD MIB, but you won't get any traffic data unless you're using the Cisco MIB, or vice versa. It's a bit of a jumble.

Also disturbing is that the SA 520 appears to have problems retaining its configuration across certain firmware updates. I updated the firmware, only to find the device return to factory settings. Should that happen with an SA 520 at a remote site with no other connectivity and no serial console that could ostensibly be connected to a modem, it would remain offline until someone can reconfigure it from the LAN through a web browser. That's definitely not a good situation for a remote office firewall.

However, the SA 520 supports up to 50 IPSec 3DES-to-AES256 tunnels, though working with the VPN tunnel management interface and wizard can be frustrating for experienced admins who are used to the ease and simplicity of CLI-based configuration.

The IPSec VPNs did function properly with all encryption algorithms and once I wrapped my head around how the VPN tunnel construction interface was designed, I was able to bring up tunnels to Cisco PIX and ASA firewalls without issue.

In short, the SA 520 can run an AES256 IPSec VPN up to 65Mbps, but it'll make you work harder than you think you should to implement it and maintain proper operation.



Share:

More from Techworld

More relevant IT news

Comments

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *