Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 ASA Mid-Range SEVT Update.

Published byAnissa Ross Modified over 9 years ago

Similar presentations

Presentation on theme: "Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 ASA Mid-Range SEVT Update."— Presentation transcript:

1 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 ASA Mid-Range SEVT Update

2 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 2

3 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential # © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential #

4 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 5 new models to meet varied throughput demands What’s New ASA 5512-X 1 Gbps Firewall Throughput ASA 5515-X 1.2 Gbps Firewall Throughput ASA 5525-X 2 Gbps Firewall Throughput ASA 5545-X 3 Gbps Firewall Throughput ASA 5555-X 4 Gbps Firewall Throughput 1. Multi-Gig Performance To meet growing throughput requirements 2. Accelerated Integrated Services No extra hardware required To support changing business needs 3. Next-gen services enabled platform To provide investment protection

5 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Enterprise-class hardware architecture designed to support multiple services Multi-Core multi-threaded CPUs 4x Memory Dedicated IPS Hardware Accelerator Dedicated VPN Hardware Accelerator Services Supported IPS Botnet Traffic Filter Combined with real-time threat information from 500 feeds through Cisco SIO (Security Intelligence Operations), IPS and Botnet Protection provide protection against complex APTs. VPN & AnyConnect Enables BYOD with security besides providing always-on remote access

6 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 At-A-Glance 64Bit Multi-Core Processor Up to 16GB of Memory Built-In Multi-Core Crypto Accelerator Hardware Dedicated IPS Hardware Acceleration Card Up to 14 1GE Ports Copper & Fiber I/O options Firewall, VPN & IPS Services Dedicated OOB Management Port Performance Density Flexibility Integrated Services Management Consolidation ASA 5500-X H/W Features Customer Benefits

7 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential # © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential #

8 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Six port copper 10/100/1000 RJ45 module Available on all new appliances Six port 1GE SFP I/O Module Available on all new appliances Supports short and long reach optics GLC-SX-MM, GLC-SX-MMD GLC-LH-SM, GLC-LH-SMD

9 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 AC option available at FCS Optional on, ASA 5545-X & ASA 5555-X appliances Works in load-sharing mode Input Rating 100 ~ 120V / 5A 200 ~ 240V / 2.5A Available post FCS Fixed DC power supply option available on ASA 5512-X, 5515-X & 5525-X Redundant DC power supply available on ASA 5545-X & 5555-X DC Power Supply ASA-PWR-AC

10 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential # © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential #

11 © 2010 Cisco and/or its affiliates. All rights reserved. 11

12 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Based on 15years of proven Cisco IDS & IPS technology SMP enabled Software based on 64bit architecture Virtual Sensor Support Hardware acceleration for String-XL engines Reputation based mitigation technology Global Correlation Support http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/at_a_glance_c45-578661.pdf

13 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Uses reputation to significantly increase accuracy of attacks caught Provides dual-stage filtering Stage 1: Reputation list used to filter out bad traffic Stage 2: Reputation data used to influence policy decision (for instance, change risk rating (RR) to >90 to cause a drop action IPS Reputation Filter Cisco ® IPS Service Block known bad traffic Scan suspicious traffic further with dynamic policy decisions Stage 1 Stage 2 Dual-Stage Reputation Filtering Increases Accuracy by 2X IPS Efficacy Allow known good traffic

14 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Reputation Filtering in Action Step 1: The sensor base network within the Cisco SIO gathers telemetry data from other sensors across the world Step 2: Cisco 5500-X IPS Service gets updated reputation filter list; influences policy decisions (deny or drop attacker, etc.) Step 3: Alerts go out to the security teams for prevention, mitigation, and remediation Cisco ASA 5500-X IPS Service Filter Internet Cisco® Security Intelligence Operations 1 2 3 Local Connectivity Worldwide Visibility Cisco ASA 5500-X Cisco IPS 4300 Internet Global Correlation

15 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 15

16 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Botnet traffic filter Scans all traffic, all ports, and all protocols Monitors command and control traffic from internal bots to external hosts Detects infected clients by tracking rogue “phone-home” traffic Powerful anti-malware data promotes accuracy Provides guidance now for blocking Botnet communication Dynamic discovery provides real time identification of malware communication Client Infection Detection Industry’s Most Accurate Malware Traffic Monitor Anti-Malware Cisco ® ASA

17 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Botnet Traffic Filter Integration into ASDM Main Dashboard Botnet Traffic Filter Statistics

18 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Top Infected Hosts Infected Hosts Malware Sites Report Generation

19 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 19

20 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 Wide Range of Connectivity Options Mobile Access IPsec VPN Tunneling DTLS (Voice and Video) Tunneling Clientless VPN Access SSL VPN Tunneling Powered by the Cisco ASA

21 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential # © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential #

22 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Device Dashboard Firewall Dashboard IPS Dashboard Traffic Reports

23 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 Device View Events View Reports View

24 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Unified and comprehensive Firewall, VPN and IPS management Device View New H/W Platform Support Policy View Map View Event View

25 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 CX services available only on Saleen Ability to run multiple services “simultaneously” without requiring a separate hardware module for each More base and expansion I/O on Saleen e.g., Availability of dual-power supplies on 5545-X and 5555-X for mission critical deployments 5510 SEC PLUS5515-X Base I/O2GE + 3FE6GE + 1GE Mgmt Expansion I/O4GE copper or Fiber 6GE Copper or Fiber

26 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Hardware Multi-core CPUs Up to 4x RAM More Base and Expansion I/O Dual Power supplies (ASA 5545/5555) SSDs for on-box CX events and future services Instead of doing memory upgrade on Benetton, opt for device upgrade USB thumb drive for storing logs/configs Performance/Scaling/Features 4x firewall performance More IPS, VPN throughput SuiteB (ASA 9.0) Native TrustSec capable I/O ports (expansion only) – feature not yet available Services Multiple services and I/O are not mutually exclusive anymore CX (Web Services, AVC) availability

27 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 SMB and Branch Office ASA 5510ASA 5512-X 300-Mbps Firewall 250-Mbps FW + IPS 200-Mbps VPN 5 FE Data + Mgmt 1 GB RAM Security Plus License for High Availability ASA 5510ASA 5512-X NEW 1-Gbps Firewall 250-Mbps FW+IPS 200-Mbps VPN 6 GE Data + 1 GE Mgmt 4 GB RAM Security Plus License for High Availability SMB and Branch Office ASA 5510 Security Plus ASA 5515-X 300 Mbps Firewall 250-Mbps FW + IPS 200-Mbps VPN 5 FE Data + Mgmt 1 GB RAM ASA 5510 SEC PLUSASA 5515-X NEW 1.2-Gbps Firewall 400-Mbps FW + IPS 250-Mbps VPN 6 GE Data + 1 GE Mgmt 8 GB RAM Midsize Business Headquarters and High-Throughput Branch Office ASA 5520ASA 5525-X 450-Mbps Firewall 450-Mbps FW + IPS 225-Mbps VPN 5 FE Data + Mgmt 1 GB RAM ASA 5520ASA 5525-XNEW 2-Gbps Firewall 600-Mbps FW + IPS 300-Mbps VPN 8 GE Data + 1 GE Mgmt 8 GB RAM If a customer needs 5512-X + HA, they are better off buying a 5515-X instead If a customer needs 5512-X + HA, they are better off buying a 5515-X instead All GE interfaces 4x Performance All GE interfaces 4x Performance 8x RAM 1 Gbps EMIX FW IPS h/w regex 1 Gbps EMIX FW IPS h/w regex

28 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 CSCScanSafe AV scanning ✔✔ DLP ✔✔ URL Filtering ✔✔ Anti-Spyware ✔✔ Anti-Spam ✔ Anti-Phishing ✔✔ (Webmail only) Real time protection for web access, mail and file transfers ✔ AVC ✔ Web Reputation ✔ HTTPS decryption ✔ End user notification ✔ Note that Cisco Cloud Web Security does not carry separate SmartNet

29 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 29

30 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 You responded… Only SSD 120GB With Encryption; No Spinning Hard Drives Less Failure Rate Encryption in Hardware (feature will be turned on in later release) Customers expect SSDs; Most competitors provide SSDs 5512/5515/5525 can take one SSD 5545/5555 can take two SSDs (in RAID 1 only) Orderable as a bundle with ASA If SSD is physically removed while CX in function, syslog and SNMP sent; ASA stops sending traffic to CX Ample storage space – 480M events every day for 5 years Less Failure Rate Encryption in Hardware (feature will be turned on in later release) Customers expect SSDs; Most competitors provide SSDs 5512/5515/5525 can take one SSD 5545/5555 can take two SSDs (in RAID 1 only) Orderable as a bundle with ASA If SSD is physically removed while CX in function, syslog and SNMP sent; ASA stops sending traffic to CX Ample storage space – 480M events every day for 5 years We listened…

31 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 Hardware ASA5500X-SSD120 ASA5500X-SSD120= ASA5512-SSD120-K8/9 ASA5515-SSD120-K8/9 ASA5525-SSD120-K8/9 ASA5545-2SSD120-K8/9 ASA5555-2SSD120-K8/9 Software (for ASA 5512) ASA5512-AP(1/3/5)Y ASA5512-WS(1/3/5)Y ASA5512-AW(1/3/5)Y ASA CX 9.1 Software SKU (TBD)

32 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 Existing Saleen customers Order SSD Spare Order CX subscriptions (preferably AVC+WSE combo) New Saleen customers Order ASA+SSD bundle SKUs e.g., ASA5525-SSD120-K9 Order CX subscriptions (preferably AVC+WSE combo)

33 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 FeatureASA5500xASA5585-SSP StorageSSD 120GB capacity “show inventory” on ASA will show SSD details ASA provides syslogs & SNMP Traps for SSD insertion & removal ASA will shutdown CX service when all storage devices have been removed Spinning hard drives 600GB capacity RAIDSupported only on 5545 & 5555 RAID CLI is on ASA Supported on both SSP10 and SSP20 RAID CLI is on CX Console & Management CX console is thru ASA CLI Shares management port with ASA Dedicated Console Dedicated Management port CX - PRSM features All features are supported

34 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 New customers buying ASA and CX Manufacturing installs CX completely before shipping CX is booted automatically when ASA is started Login to CX console from ASA CLI and setup management IP Configure CXSC redirection on ASA for traffic redirection Customers who own an ASA Install one or two SSDs on ASA depending on the model Copy 9.1.1 ASA image which supports CX onto flash filesystem CX uses 3GB space on ASA flash filesystem, so ensure we have more than 3GB free space on ASA flash Reload ASA with 9.1.1 version Follow the bootstrapping process

35 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 35

36 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36

37 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37 Chassis Serial Number Used for SmartNet and Service Request Creation Pasted on exterior back panel PCB Serial Number Used for ASA License Enforcement “show version” command for ASA or IPS “show idprom” command in ROMMON https://techzone.cisco.com/t5/ASA-Firewall/Solution-Customers-are-Unable-to-Open-Service- Requests-Using/ta-p/29391

38 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38 http://www.miercom.com/pdf/reports/20120514.pdf Vendors selected Checkpoint (4200 and 4800) running Gaia or R75.40 (latest software release) Fortinet FG310B running 4.0MR3; FG 300C started shipping in Mar 2012 and Miercom report effort was started earlier Key metrics to focus on IMIX Performance – used by competitors -- compare IPv4 and IPv6 EMIX Performance – TCP throughput traffic test

39 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39 ASAs have overall better IMIX performance for IPv4 and IPv6 traffic

40 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40 IPv4 IPv6 ASA is optimized for IPv4 and IPv6 unlike other vendors

41 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41 ASA Performance with real-life world traffic is much better than Checkpoint or Fortinet 113% better 99% better

42 Thank you.

Download ppt "Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 ASA Mid-Range SEVT Update."

Similar presentations

PowerEdge T20 Customer Presentation. Product overview Customer benefits Use cases Summary PowerEdge T20 Overview 2 PowerEdge T20 mini tower server.

PowerEdge T20 Customer Presentation. Product overview Customer benefits Use cases Summary PowerEdge T20 Overview 2 PowerEdge T20 mini tower server.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 Cisco 7500 to Cisco 7200 Technical Migration Program PROMOTION December 2006.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 Cisco 7500 to Cisco 7200 Technical Migration Program PROMOTION December 2006.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco SB Summit Praha, 26.4.2012 Jan Křístek Tomáš Chott.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco SB Summit Praha, Jan Křístek Tomáš Chott.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
What’s New: Windows Server 2012 R2 Tim Vander Kooi Systems Architect www.NetComLearning.com.

What’s New: Windows Server 2012 R2 Tim Vander Kooi Systems Architect
MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.

MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
Bucharest, July 31, 2012 | Bitdefender 2012 Cloud Security for Endpoints Customer Presentation.

Bucharest, July 31, 2012 | Bitdefender 2012 Cloud Security for Endpoints Customer Presentation.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Catalyst Smart Operations Automates the trivial and repetitive tasks.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Catalyst Smart Operations Automates the trivial and repetitive tasks.
[Unrestricted]—For everyone ©2009 Check Point Software Technologies Ltd. All rights reserved. Power-1 Appliances Scalable Security Performance.

[Unrestricted]—For everyone ©2009 Check Point Software Technologies Ltd. All rights reserved. Power-1 Appliances Scalable Security Performance.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
AMP for Networks/FirePOWER v5

AMP for Networks/FirePOWER v5
Preview of Cisco New Low-End ASA 5500-X Appliances - Cisco ASA 5506-X & 5508-X Your name Your team Date.

Preview of Cisco New Low-End ASA 5500-X Appliances - Cisco ASA 5506-X & 5508-X Your name Your team Date.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.

Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
SecPath Firewall Architecture. Objectives Upon completion of this course, you will be able to: Understand the architecture of SecPath series firewalls.

SecPath Firewall Architecture. Objectives Upon completion of this course, you will be able to: Understand the architecture of SecPath series firewalls.

Similar presentations

Ads by Google