cisco asa cx firwewall
DESCRIPTION
TRANSCRIPT
Cisco ASA CX Firwewall
Next generation firewall Enhanced features
Cisco® ASA CX Context-Aware Security is a modular security service that addresses these needs by blending a proven stateful inspection firewall with next-generation capabilities and a host of additional network-based security controls - for end-to-end network intelligence and streamlined security operations.
In addition, ASA CX enables administrators to: Control specific behaviors within allowed micro-
applications. Restrict web and web application usage based on
reputation of the site. Proactively protect against Internet threats. Enforce differentiated policies based on the user,
device, role, and application type.
Product Overview
Cisco ASA Next-Generation Firewall Services such as Application Visibility and Control (AVC) to control specific behaviors within allowed micro-applications and Web Security Essentials (WSE) to restrict web and web application usage based on reputation of the site.
Cisco IPS is the only context aware IPS that uses device awareness, network reputation of the source, target value, and user identity to drive mitigation decisions and provides a proactive protection against threats.
What’s New ?
4x increase in firewall throughput protects users as their current and future data consumption demands increase.
Redundant power supplies (on the ASA 5545-X and 5555-X appliances) protect against power outages.
Multicore enterprise-class CPUs deliver better performance.
Additional copper and small form-factor pluggable (SFP) Gigabit Ethernet ports provide greater flexibility for network configuration.
Cisco Cloud Web Security provides unmatched web security, application visibility and control for organizations of all sizes through a network of global and redundant data centers.
ASA 5555-X ASA 5545-X ASA 5540 Products
4 Gbps 3 Gbps 650 Mbps Stateful inspection throughput (max1)
2 Gbps 1.5 Gbps Not Available Stateful inspection throughput (multiprotocol2)
1.3 Gbps 900 Mbps Up to 500Mbps with AIPSSM-20 ● Up to 650 Mbps with AIPSSM-40
IPS throughput3
1.4 Gbps 1 Gbps Not Available Context-aware throughput4 (multiprotocol)
50,000 30,000 25,000 Connections per second
1,000,000 750,000 400,000 Concurrent connections
700 Mbps 400 Mbps 325 Mbps 3DES/AES VPN throughput (maximum)
500 300 200 VLANs
Yes (1 GE) Yes (1 GE) None DedicatedManagement Port
2/100 2/50 2/50 Security contexts
(included/maximum)
16GB 8GB 2GB Memory
8GB 8GB 256 MB Minimum System Flash
2 slots, RAID 1, 120 GB MLC SED 2 slots, RAID 1, 120 GB MLC SED None Solid State Drive
Application awareness Enforces access policy based on more than 1000 commonly used applications and 75,000 micro-applications; provides granular access control based on “behavior” (for example, a file upload or a post on a social networking site) to further control user activity related to applications; controls port- and protocol-hopping applications that can evade classic security controls.
Identity-based firewalling Provides differentiated access control based on user and user role; supports common identity mechanisms such as Active Directory agent, LDAP, Kerberos, and NT LAN Manager.
Features and Benefits
Device-type-based enforcement Uses Cisco AnyConnect to identify the types of devices (such as iPads, iPhones, and Android devices) that are accessing the network, and controls which devices will be permitted or denied.
URL filtering Enterprise-class, full-featured URL filtering solution enables granular control of Internet traffic.
Global threat intelligence Uses the global footprint of Cisco security deployments for more comprehensive network protection. Cisco SIO delivers regularly updated threat intelligence feeds for near-real-time protection from zero-day malware.
Stateful firewall capabilities In addition to enabling Layer 7 context-aware
rules, provides extensive support for Layer 3 and Layer 4 stateful firewall features, including access control, network address translation, and stateful inspection.
Intuitive management Preloaded with Cisco
Prime™ Security Manager, a powerful, intuitive management solution that simplifies the solution management of context-aware firewalls.
Thank You