Project Drivers
- Old Juniper SSG firewall lacked Layer 7 visibility, and other Next-Gen Firewall (NGFW) capabilities, such as content/URL filtering and malware protection.
- The legacy firewall was not setup with High Availability (HA) unit for redundancy
- The client had no visibility into the types of applications going in and out of the network
- The network was not protected against malware or intrusion attacks
- The network lacked the resiliency that redundant firewalls provide
- The Juniper firewall reached End-of-Life (EOL) status
- The client was experiencing an unbalanced routing issue, where the Email Security Appliance (ESA) sent and received traffic on two different interfaces
Solution Components
- A pair of the Cisco ASA firewalls with FirePOWER services
- The ASA has Next-Gen (NGFW) capabilities that addressed all the short comings from the old Juniper firewall
- The Email Security Appliance was re-configured to route traffic in and out of the same interface
Impact
- The redundant ASA with FirePOWER services now provides resiliency, and Next-Gen (NGFW) capabilities to protect the client’s network from malware and malicious activities
- The client was able to decommission the IronPort Web Security Appliance, since the ASA with FirePOWER now provides URL-filter services
- The client now has application level visibility into exactly what kind of traffic is going in and out of their network
- The redundant units provide better business continuity, preventing an outage due to hardware failure