Cisco® ASA 5500-X Series Next-Generation Firewalls integrate the world’s most proven stateful inspection firewallwith a comprehensive suite of next-generation firewall services for networks of all sizes - small and midsize businesses with one or more locations, large enterprises, service providers, and mission-critical data centers. Cisco ASA 5500-X Series Next-Generation Firewalls deliver Cisco MultiScale™ performance with industry-leading service flexibility, modular scalability, feature extensibility, and low deployment and operation costs.
Cisco ASA 5500 and ASA 5500-X Series Next-Generation Firewalls for small offices and branch locations protect critical assets through:
- ● Exceptional next-generation firewall services that provide the visibility and granular control your enterprise needs to safely take advantage of new applications and devices
- ● Application Visibility and Control (AVC ) to control specific behaviors within allowed micro-applications
- ● Web Security Essentials (WSE) to restrict web and web application usage based on reputation of the site
- ● Broad and deep network security through an array of integrated cloud- and software-based next-generation firewall services backed by Cisco Security Intelligence Operations (SIO)
- ● Highly effective intrusion prevention system (IPS) with Cisco Global Correlation
- ● High-performance VPN and always-on remote access
- ● The ability to enable additional security services quickly and easily in response to changing needs
Cisco ASA 5512-X and 5515-X
The Cisco ASA 5512-X and 5515-X are next-generation firewalls that combine the most widely deployed stateful inspection firewall in the industry with a comprehensive suite of next-generation network security services—for comprehensive security without compromise. They provide multiple security services and redundant power supplies and enable consistent security enforcement throughout the organization. In addition to comprehensive stateful inspection firewall capabilities, the ASA 5512-X and 5515-X optionally provide broad and deep network security through an array of integrated cloud- and software-based security services, including Application Visibility and Control (AVC), Web Security Essentials (WSE), Cisco Cloud Web Security (CWS), and the only context-aware IPS—with no need for additional hardware modules.
The ASA 5512-X and ASA 5515-X Next-Generation Firewalls are part of the ASA 5500-X Series, which is built on the same proven security platform as the rest of the ASA family of firewalls and delivers exceptional application visibility and control along with superior performance and operational efficiency. The ASA 5512-X and 5515-X are designed to meet evolving security needs by providing, among other things, innovative next-generation firewall services that make it possible to take advantage of new applications and devices without compromising security. Unlike other next-generation firewalls, the Cisco ASA 5500-X Series keeps pace with rapidly evolving needs by offering end-to-end network intelligence gained from combining the visibility from local traffic with in-depth global network intelligence using:
- ● Cisco TrustSec® technology
- ● Cisco AnyConnect® Secure Mobility Solution for unique mobile client insight
- ● Cisco Security Intelligence Operations (SIO) for near-real-time threat information and proactive protection
- ● Cisco ASA Next-Generation Firewall Services
With up to 1.2 Gbps of firewall throughput, 250,000 concurrent firewall connections, 15,000 connections per second, and 6 integrated Gigabit Ethernet interfaces, the ASA 5512-X and 5515-X are excellent choices for businesses requiring a high-performance, cost-effective, and extensible security solution with exceptional application visibility and control that can grow with their changing needs.
Cisco ASA 5500 Series IPS Security Services Processors, Modules, and Cards
The Cisco ASA 5500 Series brings a new level of integrated security performance to networks with its highly effective IPS services and multiprocessor hardware architecture. This architecture allows businesses to adapt and extend the high-performance security services profile of the Cisco ASA 5500 Series. Customers can add additional high-performance services using security services modules with dedicated security co-processors, and can custom-tailor flow-specific policies using a highly flexible policy framework. This adaptable architecture enables businesses to deploy new security services when and where they are needed, such as adding the broad range of intrusion prevention and advanced antiworm services delivered by the IPS modules via the AIP SSM and AIP SSC, or the comprehensive malware protection and content security services enabled by the CSC SSM. Further, the Cisco ASA 5500 Series architecture allows Cisco to introduce new services to address new threats, giving businesses outstanding investment protection.
The Cisco ASA 5500 Series IPS SSP, AIP SSM, and AIP SSC are inline, network-based solutions that accurately identify, classify, and stop malicious traffic before it affects business continuity for IPv4, IPv6, and hybrid IPv6 and IPv4 networks. They combine inline prevention services with innovative technologies, resulting in total confidence in the provided protection of the deployed IPS solution, without the fear of legitimate traffic being dropped. The AIP SSM and AIP SSC also offer comprehensive network protection through their unique ability to collaborate with other network security resources, providing a proactive approach to protecting the network.
Accurate inline prevention technologies provide unparalleled confidence to take preventive action on a broader range of threats without the risk of dropping legitimate traffic. These unique technologies offer intelligent, automated, contextual analysis of data and help ensure that businesses are getting the most out of their intrusion prevention solutions. Furthermore, the IPS SSP, AIP SSM, and AIP SSC use multivector threat identification to protect the network from policy violations, vulnerability exploitations, and anomalous activity through detailed inspection of traffic in Layers 2 through 7.
Cisco ASA 5500 Series Content Security and Control Module
The Cisco ASA 5500 Series CSC SSM delivers industry-leading threat protection and content control at the Internet edge, providing comprehensive antivirus, antispyware, file blocking, antispam, antiphishing, URL blocking and filtering, and content filtering services in an easy-to-manage solution. The CSC SSM bolsters the Cisco ASA 5500 Series’ strong security capabilities, providing customers with additional protection of and control over the content of their business communications. The module provides additional flexibility and choice over the functioning and deployment of Cisco ASA 5500 Series firewalls. Licensing options enable organizations to customize the features and capabilities to each group’s needs, with features that include advanced content services and increased user capacity. The CSC SSM ships with a default feature set that provides antivirus, antispyware, and file blocking services.
A Plus license is available for each CSC SSM at an additional charge, delivering capabilities such as antispam, antiphishing, URL blocking and filtering, and content control services. Businesses can extend the user capacity of the CSC SSM by purchasing and installing additional user licenses.
Cisco ASA 5500 Series 4-Port Gigabit Ethernet Module
The Cisco ASA 5500 Series 4-Port Gigabit Ethernet SSM enables businesses to better segment network traffic into separate security zones, providing more granular security for their network environment. These zones can range from the Internet to internal corporate departments/sites to DMZs. This high-performance module supports both copper and optical connection options by including four 10/100/1000 copper RJ-45 ports and four SFP ports. Businesses can choose between copper or fiber ports, providing flexibility for data center, campus, or enterprise edge connectivity. The module extends the I/O profile of the Cisco ASA 5500 Series to a total of five Fast Ethernet and four Gigabit Ethernet ports on the Cisco ASA 5510. Table 4 lists the characteristics of the Cisco ASA 5500 Series 4-Port Gigabit Ethernet SSMs
Cisco ASA 5500-X Series 6-Port Gigabit Ethernet Interface Cards
Cisco ASA 5500-X Series 6-port Gigabit Ethernet Interface Cards extend the I/O profile of the ASA 5512-X and ASA 5515-X by providing additional GE ports. The cards provide the following benefits:
- ● Better segmentation of network traffic (into separate security zones)
- ● Fiber-optic cable connectivity for long distance communication
- ● Load sharing of traffic as well as protection against link failure by using EtherChannel
- ● Support for Jumbo Ethernet frames of up to 9000 bytes
- ● Protection against cable failure for the most demanding Active/Active and full mesh firewall deployments