Originally Posted by lacrossewacker
what was wrong with watchguard? Performance? Dropping connections? Complexity?
it's gonna be hard persuading anybody from upgrading from a 2,000 dollar firewall, to a 25,000 dollar unit
Both are good firewalls / UTM's.
IPSec is typically utilized for site-site VPN's utilizing either IKEv1/isakmp or IKEv2 which utilize pre-shared keys. SSL VPN is usually the preferred for remote access into a network.
As for the ASA5505 with the security license will only cost about $1000 for the unit ~$100 for the SmartNet contract, and requires a separate contract for Content Filtering via IronPort filtering. Depending on the number of concurrent connections hitting your web servers may not be the best solution for you need and would recommend either the 5510. IPS for the 5500 series requires a module and separate SmartNet contract. The 5500x series if I understand it correctly has IPS built into the device so there is no additional cost for the IPS module. The 5512x will cost around $2500 then ~$250 for the SmartNet. I will say that Anyconnect allows for greater flexibility and will also allow for 2 factor authentication if that is a requirement.
Most of what people on OCN will recommend will be OpenSource based products which is fine for some situations, however when you are running a business that requires Near Real-time fault tolerance this is not the way to go as support, HA and recovery is not usually an option.
Regardless your company needs to get some Engineering/Architecture support that will gather all
of your requirements and design / implement an over-all solution that will satisfy all of your requirements.
Feel free to PM me if you wish and we can discuss further... have to run to a meeting now.