[c-nsp] Cisco ACE Web Application Firewall

[Justin C. Darby]

The general specifications on the device indicate it can handle DSR  
(we also use DSR at our site but not on ACE), but it does so by  
claiming it can do everything IP-SLB does. I'd check with a sales rep  
to insure it'll work (all of the documentation related to IP-SLB and  
ACE functionality is pretty hard to come by in our experience, they  
don't document DSR well at all, dating all the way back to old CSS and  
CSM documentation, even though their configuration documents  
referenced it).

The ACE has a lot of features you probably wont ever need and that you  
will most certainly pay for related to layer 4-7 load balancing,  
though. You may want to consider using the IP-SLB functionality  
(essentially, a software Content Services Module) in another cisco  
product that supports it, e.g. the 7200 for stand alone, or the IP-SLB  
features present on the 6500 series switch supervisors. It requires  
enterprise IOS licensing, but in our experience, it's a lot cheaper  
than the ACE -- and, if any of the things we've heard about the ACE  
are true, a lot easier to configure.

Also to keep in mind: The 7201 for example only has about 4Gb of  
backplane and only has four GbE links. It might not meet your  
performance requirements. Because of the documentation problem, I'd  
also keep the device covered under Smartnet, at least for your initial  
configuration, so you can work it out with an engineer on the phone if  
you've got problems.

Justin

On May 15, 2008, at 7:34 PM, carl wrote:

> Has anyone had a chance to get a hold of one of these devices, if so  
> what
> are your thoughts? We currently use Foundry ServerIrons in a DSR  
> setup for
> our load balancing method and was wondering if the ACE would work in  
> that
> scenario.
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/