Cisco ASA FW Vs Proxmox FW

[Pourya Mehdinejad]

We are a data center with 6 nodes of Proxmox VE and growing. We have customers that come to our website and order their VPS through our WHMCS which is using Proxmox VPS/Cloud module.
We already have Cisco ASA Firewall which is handling our NATing and Vlans and everything is going smooth, but we have to set up each VM manually, meaning setting up the NAT rule and VLAN and assign the IPs by our excel sheets since each VLAN is a /27.
We are evaluating the possibility to remove the Cisco firewall and handle all the NATings and Vlans by PVE Firewall for the sake of simplicity and more automation.
Would you guys share your thoughts on that?

 

[Rhinox]

Cisco ASA is not top firewall of these days, but stil much better than simple iptables (actually, they can not be compared at all). But I think hypervisor should do the only thing hypervisor must do: to provide virtualized hw for VM. Nothing more. Everything else should be offloaded elsewhere (either dedicated HW, or VM).

But anyway, using Cisco ASA just to handle nat/vlan seems to me to be overkill. You could use any other firewall (i.e. pfsense/opnsense, ipfire, sophos, etc) running on VM...

 

[Pourya Mehdinejad]

But anyway, using Cisco ASA just to handle nat/vlan seems to me to be overkill. You could use any other firewall (i.e. pfsense/opnsense, ipfire, sophos, etc) running on VM...

what do you mean by that? what else can be done by a firewall?
The whole point for integrating the firewall with the Proxmox is for sake of automation in service provisioning.

 

[Rhinox]

Cisco ASA ist much more than "just" a firewall. It is fully-fledged adaptive security appliance. Not the best on the market imho, but still very good. Resources-hungry, expensive, but also very effective (with valid subscription, of course). Using it just for nat/vlan is like using rocket-launcher to shoot pigeons...