We are a small company that works with many co-workers via VPN. We have 30 users localized in 3 distant offices.
I currently have a solution with a ASA-5515-X with IPS, that serves site-to-site and VPN client. Unfortunately, we have been under IP Spoofing attack. :/
We might increase up to 60/70 users in the next few months. I know that we don’t have that much users, but the applications are quite demanding within the network, that's the reason of the ASA-5515-X. More over, we need an extensible solutions, as the users can grow rapidly.
We would
like to increase our security: what to do ? Have a more secure anti-spoofing Switch before
the ASA? Which solutions exists?
Alternatively, we can possibly replace the ASA-5515-X with other UTM, like CheckPoint or Cyberoam, with HA, and load-balancing (2) that have some security features, like IPS, but i need to know the approximative costs. Not feeling to have a toons of features on a products, but they discover that we need to spend thousands bocks to get the license...
At the same time, I would like to simplify the VPN endpoint by a portal, like the Clientless ASA solution, but it’s not deployed because it’s pretty expensive, and complex to deploy. The Barracuda SSL VPN with a Web-Portal seems pretty convenient to administrate, if we need to add upon our solution : https://www.barracuda.com/products/sslvpn/features, but of course, if it’s already implemented in the new UTM, i'll be fine.
There's many VPN solutions, the distant office works with wireless :/ Can't change that. So any good secure equipment is welcome as endpoint-security suggestion.
The ASA is costly, and even if Cisco have a good support, their website are amazingly confusing for a non-CCNA. Many products and solutions that are end-of-life appears in the products&services, put a bullet in the head with their licenses solutions, etc… They might have some solutions, but UTM looks like a simple way for us?
Do you guys have any tips or suggestion ? Kinda struggling :/ Thanks