[master4g]

OK, just went and picked it up. Was a 1.5 hour drive each way... Anyways, it was advertised with the 10 user licence. VPN isn't something we are interested in.

Im not sure what the version code is but on the bottom of the router it says :ASA5505 v04. He said he only used it for 2 months until he got the 5520.I was talking to him about our network and the way I want to set it up. I pretty much want two groups of people (maybe 3 later on). One will get unrestricted, full speed internet, and I would want the other to have restricted and slowed down internet. He said I will probably need to set up 2 subnets and allow everyone on one subnet full access and control the second subnet. He also said something about telephone/voip connections on certain ports.... but it flew threw my head. Some people on our network use a device called OOMA, which is a voip device and I wanted to prioritize voip over other protocols. I would also like to slow down torrents and block off certain things like xbox live.

I also told him I would like some logging capabilities, and he told me I would need to set up a computer to take the log files and analyze them. The decision I have to make now is; do I want to use our existing squid server and make it into a Untangle box which everyone connects to, and then have that connected to the router (have untangle do the QoS, etc).... or have everyone connect directly to the router (which would do the blocking,QoS, etc), and use the server to recieve the log files from the router.

What I like about the untangle system is it would allow me to do many things from a easy to use interface..like block off port, antivirus, anti spyware, and ad blocker(would cut off quite a lot of sessions and save bandwidth), and of course the logging report. If I were to set it up so the router would send the log files to a computer... What is a popular setup/program to handle it and spit out the reports? I would like to see and compare the type of report it gives out as opposed to the Untangle reports.

The obvious benefit of having everyone connect directly to the router is the fact that if the server goes down, the internet will still continue. Also, It would eliminate the possibility of the server being a bottleneck (which I doubt because the computer is quite fast, P4 2.2ghz, 1.2 gb ram). Also, with this setup, I would be able to keep the server off and then turn if on if I think some problmes are going on so I can try to monitor and see. Lastly, Im pretty sure I can set untangle up so it will act as a transparent bridge, where I can put it in between the users and the router (later, if needed) without having to change any settings on peoples computers.

What do you think..?

[zx10guy]

There's a number of things here.

The 10 user VPN license is standard with the base 5505 along with the 2 user SSL VPN license. To see what code version you are running, you need to either be in the ASDM or on the command line. For the command line, do a show version.

QoS. The ASAs do not have QoS capability. I made that clear in my previous post about the 5505. What you can do is to throttle one of the 8 ports on the back of the 5505 to 10 Mbit. If you want QoS, you'll have to do it via a layer 3 managed switch or use CoS on a layer 2 managed switch. If you want to match on IP address/subnet, you're stuck with a layer 3 switch solution. As far as the VoIP thing goes, he was referring to the two of the 8 switch ports on the back of the ASA. The 7th and 8th ports have PoE capability. With the ASA you certainly have more options to block different types of traffic going in and out of your network. But traffic shaping is not one of them which is what you're looking to do with managing torrents.

The 5505 has logging capability both local and through a syslog server. The buffer memory of the 5505 is limited and depending on the amount of traffic going through the firewall, you may not be able to do a proper trace through on history. You'll need to set up an external syslog server. Linux has the capability natively. I use the free ware version of Kiwi Syslog server which runs on a Windows box. The 5505 has no capacity to generate log reports.

As far as what I think, you know what I think. You made the initial step by getting a proper firewall. But you've only made the initial step. If you're looking to do multiple subnets which the ASA5505 can handle, you'll need to upgrade the license on the firewall. Because I'm willing to bet money, the ASA you have has only the base license. You'll need to upgrade the license to the security plus license which allows the ASA to route more than one subnet over multiple VLAN interfaces. Like John and I have said repeatedly, you're allowing too much crap to go on with your network and you're trying to do all these advanced functions on a dollar store budget. This is what I mean by high expectations. Because everytime we get into the details about what you want to do, you keep adding on more requirements. First, it was QoS, then it was high traffic forwarding performance, then it's logging, and then traffic shaping and IPS, now it's high availability.