Firewall Network

Project Drivers

  • Old Juniper SSG firewall lacked Layer 7 visibility, and other Next-Gen Firewall (NGFW) capabilities, such as content/URL filtering and malware protection. 
  • The legacy firewall was not setup with High Availability (HA) unit for redundancy
  • The client had no visibility into the types of applications going in and out of the network
  • The network was not protected against malware or intrusion attacks
  • The network lacked the resiliency that redundant firewalls provide
  • The Juniper firewall reached End-of-Life (EOL) status
  • The client was experiencing an unbalanced routing issue, where the Email Security Appliance (ESA) sent and received traffic on two different interfaces

Solution Components

  • A pair of the Cisco ASA firewalls with FirePOWER services
    • The ASA has Next-Gen (NGFW) capabilities that addressed all the short comings from the old Juniper firewall
  • The Email Security Appliance was re-configured to route traffic in and out of the same interface


  • The redundant ASA with FirePOWER services now provides resiliency, and Next-Gen (NGFW) capabilities to protect the client’s network from malware and malicious activities
  • The client was able to decommission the IronPort Web Security Appliance, since the ASA with FirePOWER now provides URL-filter services
  • The client now has application level visibility into exactly what kind of traffic is going in and out of their network
  • The redundant units provide better business continuity, preventing an outage due to hardware failure