ASA 5516-X Intermittent Downtime
-
@Pete-S said in ASA 5516-X Intermittent Downtime:
5516-X is a midrange device. I've mostly used the older series but there is nothing wrong with the ASA. If it's fast enough for the WAN link, it will get the job done.
I think calling it midrange is pushing it. Maybe midrange for an ASA. But if I see an ASA, I classify that as a high end consumer device (sub-entry level for business.) The support problems and costs from Cisco make it unable to compete with entry level devices (or higher.) Assuming that the EdgeRouter is the more bare bones, entry level business device, and the ASA falls wildly below it, that's the industry bar at this point.
We support a lot of ASA and they are slow, flaky, and require a fortune to be able to get "nearly" to the level of a cheap EdgeRouter. That's pretty awful.
I wouldn't say that there is nothing wrong with it. Everything is wrong with it. It costs too much, and support isn't good enough to overcome the problems caused by the cost (like lacking a spare.) The ASA is down, so at this point, literally not getting the job done. It doesn't meet the basic need of functional connectivity at this point, nor the IT/business need of being a good tool for the job (which always takes cost and performance into consideration.) So I'd say it isn't doing the job.
-
@Pete-S said in ASA 5516-X Intermittent Downtime:
@travisdh1 said in ASA 5516-X Intermittent Downtime:
If you can't afford 5 minutes of downtime, you shouldn't be using an ASA in the first place.
You mean it takes 5 minutes from the time something stops working until the users have noticed and told their manager, who then managed to get hold of the right people, and then in turn had to call the guy who could get the job done, who would be immediately available to commute or drive or take a cab to work and do the troubleshooting and finally replace the firewall?
He means that by using an ASA, you are accepting that five (or more) minutes of downtime are part and parcel with the decision. LIkely way more downtime.
Similar to an EdgeRouter. By choosing Ubiquiti gear you are accepting that a few minutes of downtime are acceptable versus the cost of avoiding more downtime (by using more expensive true HA gear.)
-
@Pete-S said in ASA 5516-X Intermittent Downtime:
On the contrary, it tells us a lot about the business needs. Since the business decided to call him in the middle of the night, someone decided the firewall was important enough for them to do that, instead of waiting until the morning.
Maybe nobody brought up the HA option when the firewall was put in place or the need wasn't there at the time.That someone was willing to call to report an issue truly tells us nothing. I get called off hours about truly worthless things all the time. Just because one person thinks that they should call and knows how to call doesn't mean that someone has assessed value. But that someone didn't buy HA tells us that at least at some point, someone decided HA wasn't worth it. That might have changed, and maybe they were wrong even at the time, but that decision of HA or no HA was made and a design built around that.
The business isn't who necessarily called him, that denotes a key decision maker representing the company. All we really know is that someone working at a site decided to notify him. Fall all we know that was an intern who just happened to find his phone number. Or it was the CEO, we just don't know. That someone decided to call because they noticed something has to be taken with a grain of salt as we don't know who they were, or what they expected. Maybe they thought support was 24x7 and that it was their job to report things by phone whenever they happen. That's not uncommon and wouldn't give us any insight into the business' evaluation of the need.
