The rapid change in the business landscape--especially in 2020 and 2021--transformed applications and provisioning environments. Your employees and users can now use recent technologies like microservices, containers, and APIs to align themselves with the pace of business changes.
Modern data centers becoming more complex is both an indicator of growth and a challenge for a data center’s security. The increase in data volume, number of applications, and interaction with the data center can translate to an increase in data-theft opportunities. The firewall is the critical component to secure the data center.
In this blog, we will discuss the features and benefits of the Cisco ASA 5500 series firewall. Looking to configure your Cisco ASA firewall? Check out our configuration guide here.
Not sure the ASA 5500 is best for your network? Check out our other comparison blogs:
As the network perimeter continues to evolve, organizations must re-think their approach to firewalling to stay ahead of an increasingly complex set of threats. The Cisco Secure Firewall portfolio is optimized for today’s threat landscape, delivering evolved network security backed by industry-leading threat intelligence, with consistent security policies, visibility, and management experience.
The Secure Firewall portfolio allows you to protect your network, data, users, and devices from even the most sophisticated threats while delivering consistent security policies, visibility, and improved threat response.
You can leverage the power of Cisco to turn your existing network infrastructure into an extension of your firewall solution, leading to robust security for your data center, branch offices, cloud environments, and everywhere in between.
The depth, breadth, and integration of the Cisco Secure Firewall portfolio help you to rein in the chaos created by the huge number of disparate point solutions typical of today’s security architecture.
Secure Firewall appliances set the foundation for consistent visibility, policy harmonization, and unified management. The result is a comprehensive system that prevents breaches and stops the stealthiest attacks, all while maintaining optimal network performance and uptime.
Secure Firewall sets the bar as the industry’s leading fully integrated, threat-focused, next-generation firewall (NGFW). It prevents more breaches and can quickly detect and mitigate stealthy attacks using enhanced visibility and the most advanced security capabilities of any firewall available today. What’s more, Cisco was named a 2020 Forrester Wave Leader for Enterprise Firewalls.
Cisco ASA is an adaptive, threat-focused, next-generation firewall – in a single, 1RU form-factor device. These appliances deliver multiple security services, multigigabit performance, flexible interface options, and redundant power supplies.
Need to quote a firewall?
Cisco ASA 5500 Series provides effective security. It surpasses legacy NGFW offerings with multi-layered protection to provide an integrated threat defense. The Cisco ASA 5500-X range of models for enterprises, branch offices, and industrial applications meet a variety of price-performance needs.
The Cisco ASA 5500 Series has the following main features worth noting:
The Cisco Firepower Service has the following features and benefits:
Cisco ASA software can install in Cisco ASA-55XX hardware and new Firepower hardware. The below table shows the Cisco ASA-55XX series hardware comparison.
|
Model |
Firewall Throughput |
NGIPS Throughput |
NGFW Throughput |
Interfaces |
|
ASA-5506 |
750 Mbps |
125 Mbps |
125 Mbps |
8 x RJ45 |
|
ASA-5508 |
1 Gbps |
250 Mbps |
250 Mbps |
8 x RJ45 |
|
ASA-5516 |
1.8 Gbps |
450 Mbps |
450 Mbps |
8 x RJ45 |
|
ASA-5525 |
2 Gbps |
650 Mbps |
650 Mbps |
8 x RJ45, optional 6 x GE |
|
ASA-5545 |
3 Gbps |
1 Gbps |
1 Gbps |
8 x RJ45, optional 6 x GE |
|
ASA-5555 |
4 Gbps |
1.2 Gbps |
1.2 Gbps |
8 x RJ45, optional 6 x GE |
Are lead times slowing you down and preventing you from getting the hardware or services you require for your data center? Send us a request or connect with our Team in real-time using our chat feature. Know what you want? Explore our hardware options.
The Cisco Adaptive Security Virtual Appliance is the virtualized option of the Cisco ASA solution and offers security in traditional physical data centers and private and public clouds.
It supports site-to-site VPN, remote-access VPN, and clientless VPN functionalities. This scalable VPN capability provides access for employees, partners, and suppliers—and protects your workloads against increasingly complex threats with world-class security controls.
Cisco ASA can be managed via multiple options. The Command Line Interface (CLI) is the most used method to configure the ASA firewall. But for configuring some new features and monitoring, you need to use other GUI-based management options. The below table describes ASA management options based on the features.
|
Features |
Cisco Security Manager |
Adaptive Security Device Manager |
Cisco Defence Orchestrator |
|
Location and Type of Manager |
On-premise and multi-device |
On-box local device |
Cloud, multi-device, and multi-platform |
|
Firewall Deployment Modes |
Active/Standby, Active/Active, Cluster, and VPN Load Balancing |
Active/Standby, Active/Active, Cluster, and VPN Load Balancing |
Active/Standby |
| Remote Access VPN Management | GUI-based configuration for IPSEC, SSL, and Clientless VPN | GUI-based configuration for IPSEC, SSL, and Clientless VPN | CLI- and GUI-based configuration for Anyconnect Remote Access VPN (HostScan or DAP configurable through CLI only) |
| Firewall Management Automation | Rule optimization, shared configuration, and usage reports | Hit counts and configuration wizards | Object conflicts, rule optimization, configuration templates, and CLI macros |
| Logging and Event Storage | Event Viewer and report manager, Syslog, and Netflow to external logging servers, SAL cloud integration using SEC | Event Viewer manager, Syslog, and Netflow to external logging servers SAL cloud integration using SEC | Event Viewer and Enhanced VPN monitoring and reporting, and SAL Cloud integration with Cross Launch |
Whether you are trying to protect a small or large data center of varying complexity, a breach in your network can cause a catastrophe. At PivIT, our certified engineers are ready to perform a site survey and provide you with the best firewall for your network, using a mixture of new and legacy units. Let our professionals take care of your network security needs with our EXTEND service.
For details on configuring a Cisco ASA Firewall using the active/standby feature, view Part 1 and Part 2 of our series where we provide a full overview of the firewall and how to deploy it.