منوی افقی

فایروال های سیسکو  ( cisco )سریASA5500-X   :

شرکت سیسکو( cisco systems ) در زمینه امنیت شبکه محصولات متنوعی اعم از سخت افزاری و نرم افزاری تهیه کرده که یکی از مهمترین و پرکاربرد ترین آنها فایروال های این شرکت می باشد.بطور کلی فایروال های این شرکت تا کنون چهار نسل را تجربه کرده اند.

نسل فایروال های PIX ،ASA500  ، ASA5500-X ، FirePower که در این نوشتار به معرفی اجمالی از سری 5500X پرداخته می شود.

شرکت سیسکو   ( cisco )با تملک شرکت SourceFire و استفاده از نرم افزار قدرتمند این شرکت در فایروال های سری 5500X ، این سری از تجهیزات خود رابه یکی از  محبوب ترین های فایروال های نسل جدید مبدل ساخته است . هم چنین لازم است بدانید سری  ASA5500X  نسبت به سری گذشته خود یعنی ASA 5500 از پیشرفت های چشمگیری چه در سخت افزار و چه نرم افزار بهره می برند.

ویژگی های کلی سری ASA 5500-X :

Feature

Benefits

Next-generation firewall

Industry’s first threat-focused NGFW; provides ASA firewall functionality, advanced threat protection, and advanced breach detection and remediation combined in a single device

Proven ASA firewall

Rich routing, stateful firewall, Network Address Translation, and dynamic clustering for high-performance, highly secure, and reliable access with Cisco AnyConnect® VPN

Market-leading NGIPS

Superior threat prevention and mitigation for both known and unknown threats

Advanced malware protection

Detection, blocking, tracking, analysis, and remediation to protect the enterprise against targeted and persistent malware attacks

Full contextual awareness

Policy enforcement based on complete visibility of users, mobile devices, client-side applications, communication between virtual machines, vulnerabilities, threats, and URLs

Application control and URL filtering

Application-layer control (over applications, geolocations, users, websites) and ability to enforce usage and tailor detection policies based on custom applications and URLs

Enterprise-class management

Dashboards and drill-down reports of discovered hosts, applications, threats, and indications of compromise for comprehensive visibility

Streamlined operations automation

Lower operating cost and administrative complexity with threat correlation, impact assessment, automated security policy tuning, and user identification

Purpose-built, scalable

Highly scalable security appliance architecture that performs at up to multigigabit speeds; consistent and robust security across small office, branch offices, Internet edge, and data centers in either physical and virtual environments

On-device management

Simplifies advanced threat defense management for small and medium sized business with small scale deployments

Remote Access VPN

Extends secure corporate network access beyond corporate laptops to personal mobile devices, regardless of physical location; support for Cisco AnyConnect Secure Mobility Solution, with granular, application-level VPN capability, as well as native Apple iOS and Android VPN clients

Site-to-site VPN

Protect traffic, including VoIP and client-server application data, across the distributed enterprise and branch offices

Integrated wireless access

Integrated Wi-Fi is available in the desktop form factor (ASA 5506W-X) for compact and simplified small office deployments

Ruggedized form factor

A ruggedized model (ASA 5506H-X), designed specifically for extreme environmental conditions, is available for critical infrastructure and control network applications

Third-party technology ecosystem

Open API that enables the third-party technology ecosystem to integrate with existing customer work streams

Integration with Snort and OpenAppID

Open source security integration with Snort and OpenAppID for access to community resources and ability to easily customize security to address new and specific threats and applications quickly

Collective Security intelligence (CSI)

Unmatched security and web reputation intelligence provides real-time threat intelligence and security protection

 

در سری 5500X که شامل 8 مدل کلی می باشد مفهومی تحت عنوان FirePower اضافه شده که این سرویس باعث رشد چشمگیر عملکرد این دستگاه شده است.سرویس فایرپاور در واقع نرم افزاریست که بر روی هارد موجود در فایروال نصب شده و به دستگاه قابلیت های جدیدی نظیر AntiVirus,AntiSpam.WebFilter و... اضافه میکند و در واقع بنوعی فایروال را تبدیل به یک UTM مبدل می سازد.

 

مقیاس پذیری مدل های ASA 5500-X :

 

5506-X##5508-X##5512-X##5516-X##5515-X##5525-X##5545-X#X5555-X

 

جدول مقایسه مشخصات پنج مدل رکمونت :

 

جدول مقایسه ای ظرفیت و راندمان :

Feature

Cisco ASA 5506-X w/ FirePOWER Services

Cisco ASA 5506W-X w/ FirePOWER Services

Cisco ASA 5506H-X w/ FirePOWER Services

Cisco ASA 5508-X w/ FirePOWER Services

Cisco ASA 5516-X w/ FirePOWER Services

Cisco ASA 5512-X w/ FirePOWER Services

Cisco ASA 5515-X w/ FirePOWER Services

Cisco ASA 5525-X w/ FirePOWER Services

Cisco ASA 5545-X w/ FirePOWER Services

Cisco ASA 5555-X w/ FirePOWER Services

Throughput:

Application Control (AVC)

250 Mbps

250 Mbps

250 Mbps

450 Mbps

850 Mbps

300 Mbps

500 Mbps

1,100 Mbps

1,500 Mbps

1,750 Mbps

Throughput:

Application Control (AVC) and IPS

125 Mbps

125 Mbps

125 Mbps

250 Mbps

450 Mbps

150 Mbps

250 Mbps

650 Mbps

1,000 Mbps

1,250 Mbps

Maximum concurrent sessions

20,000; 500001

20,000; 500001

50000

100,000

250,000

100,000

250,000

500,000

750,000

1,000,000

Maximum New Connections per second

5,000

5,000

5,000

10,000

20,000

10,000

15,000

20,000

30,000

50,000

Supported applications

More than 3,000

URL categories

80+

Number of URLs categorized

More than 280 million

 

جدول مقایسه ای مشخصات مدل های مختلف :

Feature

Cisco ASA 5506-X w/ FirePOWER Services

Cisco ASA 5506W-X w/ FirePOWER Services

Cisco ASA 5506H-X w/ FirePOWER Services

Cisco ASA 5508-X w/ FirePOWER Services

Cisco ASA 5516-X w/ FirePOWER Services

Cisco ASA 5512-X w/ FirePOWER Services

Cisco ASA 5515-X w/ FirePOWER Services

Cisco ASA 5525-X w/ FirePOWER Services

Cisco ASA 5545-X w/ FirePOWER Services

Cisco ASA 5555-X w/ FirePOWER Services

Stateful inspection throughput (maximum1)

750 Mbps

750 Mbps

750 Mbps

1 Gbps

1.8 Gbps

1 Gbps

1.2 Gbps

2 Gbps

3 Gbps

4 Gbps

Stateful inspection throughput (multiprotocol2)

300 Mbps

300 Mbps

300 Mbps

500 Mbps

900 Mbps

500 Mbps

600 Mbps

1 Gbps

1.5 Gbps

2 Gbps

Triple Data Encryption Standard/Advanced Encryption Standard (3DES/AES) VPN throughput3

 

100 Mbps

 

100 Mbps

 

100 Mbps

 

175 Mbps

 

250 Mbps

 

200 Mbps

 

250 Mbps

 

300 Mbps

 

400 Mbps

 

700 Mbps

Users/nodes

Unlimited

Unlimited

Unlimited

Unlimited

Unlimited

Unlimited

Unlimited

Unlimited

Unlimited

Unlimited

IPsec site-to-site VPN peers

10; 504

10; 504

50

100

300

250

250

750

2500

5000

Cisco AnyConnect Plus/Apex VPN maximum simultaneous connections5

505

505

505

1005

3005

2505

2505

7505

25005

50005

Virtual interfaces (VLANs)

5; 304

5; 304

30

50

100

50; 100

100

200

300

500

Security contexts5 (included; maximum)

N/A

N/A

N/A

2; 5

2; 5

0,0; 2,5

2;5

2; 20

2; 50

2; 100

High availability4

Requires Security Plus License; Active/Standby

Requires Security Plus License; Active/Standby

Active/Standby

Active/Active and Active/Standby

Active/Active and Active/Standby

Requires Security Plus License; Active/Active and Active/Standby

Active/Active and Active/Standby

Active/Active and Active/Standby

Active/Active and Active/Standby

Active/Active and Active/Standby

Expansion slot

N/A

N/A

N/A

N/A

N/A

1 interface card

1 interface card

1 interface card

1 interface card

1 interface card

User-accessible Flash slot

No

No

No

No

No

No

No

0

-

0

USB 2.0 ports

USB port type ‘A’, High Speed 2.0

USB port type ‘A’, High Speed 2.0

USB port type ‘A’, High Speed 2.0

USB port type ‘A’, High Speed 2.0

USB port type ‘A’, High Speed 2.0

2

2

2

2

2

Integrated I/O

8 x 1GE

8 x 1GE

4 x 1GE

8 x 1GE

8 x 1GE

6 GE copper

6 GE copper

8 GE copper

8 GE copper

8 GE copper

 

جدول راهنمای سفارش خرید محصول :

 

Product Description

Part Number

Cisco ASA 5506-X Series Low-End Appliances (Hardware)

ASA 5506-X with FirePOWER services, 8GE Data, 1GE Mgmt, AC, DES

ASA5506-K8

ASA 5506-X with FirePOWER services, 8GE Data, 1GE Mgmt, AC, 3DES/AES

ASA5506-K9

ASA 5506W-A-X with FirePOWER services, WiFi for North America (NOT US), 8GE Data, 1GE Mgmt, AC, 3DES/AES

ASA5506W-A-K9

ASA 5506W-B-X with FirePOWER services, WiFi for US ONLY, 8GE Data, 1GE Mgmt, AC, 3DES/AES

ASA5506W-B-K9

ASA 5506W-E-X with FirePOWER services, WiFi for Europe, 8GE Data, 1GE Mgmt, AC, 3DES/AES

ASA5506W-E-K9

ASA 5506W-Q-X with FirePOWER services, WiFi for Japan, 8GE Data, 1GE Mgmt, AC, 3DES/AES

ASA5506W-Q-K9

ASA 5506W-Z-X with FirePOWER services, WiFi for Australia/New Zealand, 8GE Data, 1GE Mgmt, AC, 3DES/AES

ASA5506W-Z-K9

ASA 5506H-X with FirePOWER services, ruggedized, security plus, 4GE Data, 1GE Mgmt, AC, 3DES/AES

ASA5506H-SP-BUN-K9

ASA 5506H-X with FirePOWER services, ruggedized, security plus, 4GE Data, 1GE Mgmt, AC, DES

ASA5506H-SP-BUN-K8

ASA 5508-X with FirePOWER services, 8GE Data, 1GE Mgmt, AC, DES

ASA5508-K8

ASA 5508-X with FirePOWER services, 8GE Data, 1GE Mgmt, AC, 3DES/AES

ASA5508-K9

ASA 5516-X with FirePOWER services, 8GE Data, 1GE Mgmt, AC, DES

ASA5516-FPWR-K8

ASA 5516-X with FirePOWER services, 8GE Data, 1GE Mgmt, AC, 3DES/AES

ASA5516-FPWR-K9

Cisco ASA 5500-X Series Midrange Appliances (Hardware)

ASA 5512-X with FirePOWER Services, 6GE data, AC, 3DES/AES, SSD

ASA5512-FPWR-K9

ASA 5515-X with FirePOWER Services, 6GE data, AC, 3DES/AES, SSD

ASA5515-FPWR-K9

ASA 5525-X with FirePOWER Services, 8GE data, AC, 3DES/AES, SSD

ASA5525-FPWR-K9

ASA 5545-X with FirePOWER Services, 8GE data, AC, 3DES/AES, 2 SSD

ASA5545-FPWR-K9

ASA 5555-X with FirePOWER Services, 8GE data, AC, 3DES/AES, 2 SSD

ASA5555-FPWR-K9

Cisco ASA 5500-X Series Interface Cards

Cisco ASA Interface Card with 6 copper GE data ports for ASA 5512-X and ASA 5515-X

ASA-IC-6GE-CU-A

Cisco ASA Interface Card with 6 copper GE data ports for ASA 5525-X

ASA-IC-6GE-CU-B

Cisco ASA Interface Card with 6 copper GE data ports for ASA 5545-X and ASA 5555-X

ASA-IC-6GE-CU-C

Cisco ASA Interface Card with 6 SFP GE data ports (SX, LH, and LX) for ASA 5512-X and ASA 5515-X

ASA-IC-6GE-SFP-A

Cisco ASA Interface Card with 6 SFP GE data ports (SX, LH, and LX) for ASA 5525-X

ASA-IC-6GE-SFP-B

Cisco ASA Interface Card with 6 SFP GE data ports (SX, LH, and LX) for ASA 5545-X and ASA 5555-X

ASA-IC-6GE-SFP-C

Cisco ASA Interface Card with 6 copper GE data ports for ASA 5512-X and ASA 5515-X (spare)

ASA-IC-6GE-CU-A=

Cisco ASA Interface Card with 6 copper GE data ports for ASA 5525-X (spare)

ASA-IC-6GE-CU-B=

Cisco ASA Interface Card with 6 copper GE data ports for ASA 5545-X and ASA 5555-X (spare)

ASA-IC-6GE-CU-C=

Cisco ASA Interface Card with 6 SFP GE data ports (SX, LH, and LX) for ASA 5512-X and ASA 5515-X (spare)

ASA-IC-6GE-SFP-A=

Cisco ASA 5500-X Series Accessories

Cisco GE optical SFP connector, 1000BASE-SX short-wavelength transceiver (spare)

GLC-SX-MM=

Cisco GE optical SFP connector, 1000BASE-LX/LH long-wavelength/long-haul transceiver (spare)

GLC-LH-SM=

Cisco GE optical SFP connector, 1000BASE-SX short-wavelength transceiver, digital optical monitoring (DOM) (spare)

GLC-SX-MMD=

Cisco GE optical SFP connector, 1000BASE-LX/LH long-wavelength/long-haul transceiver, DOM (spare)

GLC-LH-SMD=

Cisco ASA 5512-X and 5515-X interface card (blank) (spare)

ASA-IC-A-BLANK=

Cisco ASA 5525-X interface card slot (blank) (spare)

ASA-IC-B-BLANK=

Cisco ASA 5545-Xand 5555-X interface card slot (blank) (spare)

ASA-IC-C-BLANK=

ASA with FirePOWER Services Software Subscriptions: 3-Year Term (1-Year Service Software Bundle Subscriptions Can be Purchased as well as Individual Cisco IPS, AMP, and URL Filtering Service Software Subscriptions with 1-Year and 3-Year Terms)

Cisco ASA5506 FirePOWER IPS and Apps 3YR Subscription

L-ASA5506-TA=

L-ASA5506-TA-3Y

Cisco ASA5506 FirePOWER IPS, Apps and URL 3YR Subscription

L-ASA5506-TAC=

L-ASA5506-TAC-3Y

Cisco ASA5506 FirePOWER IPS, Apps and AMP 3YR Subscription

L-ASA5506-TAM=

L-ASA5506-TAM-3Y

Cisco ASA5506 FirePOWER IPS, Apps, AMP and URL 3YR Subscription

L-ASA5506-TAMC=

L-ASA5506-TAMC-3Y

Cisco ASA5506 FirePOWER URL Filtering 3YR Subscription

L-ASA5506-URL=

L-ASA5506-URL-3Y

Cisco ASA5506W FirePOWER IPS and Apps 3YR Subscription

L-ASA5506W-TA=

L-ASA5506-TA-3Y

Cisco ASA5506W FirePOWER IPS, Apps and URL 3YR Subscription

L-ASA5506W-TAC=

L-ASA5506-TAC-3Y

Cisco ASA5506W FirePOWER IPS, Apps and AMP 3YR Subscription

L-ASA5506W-TAM=

L-ASA5506-TAM-3Y

Cisco ASA5506W FirePOWER IPS, Apps, AMP and URL 3YR Subscription

L-ASA5506W-TAMC=

L-ASA5506-TAMC-3Y

Cisco ASA5506W FirePOWER URL Filtering 3YR Subscription

L-ASA5506W-URL=

L-ASA5506-URL-3Y

Cisco ASA5506H FirePOWER IPS and Apps 3YR Subscription

L-ASA5506H-TA=

L-ASA5506H-TA-3Y

Cisco ASA5506H FirePOWER IPS, Apps and URL 3YR Subscription

L-ASA5506H-TAC=

L-ASA5506H-TAC-3Y

Cisco ASA5506H FirePOWER IPS, Apps and AMP 3YR Subscription

L-ASA5506H-TAM=

L-ASA5506H-TAM-3Y

Cisco ASA5506H FirePOWER IPS, Apps, AMP and URL 3YR Subscription

L-ASA5506H-TAMC=

L-ASA5506H-TAMC-3Y

Cisco ASA5508 FirePOWER IPS and Apps 3YR Subscription

L-ASA5508-TA=

L-ASA5508-TA-3Y

Cisco ASA5508 FirePOWER IPS, Apps and URL 3YR Subscription

L-ASA5508-TAC=

L-ASA5508-TAC-3Y

Cisco ASA5508 FirePOWER IPS, Apps and AMP 3YR Subscription

L-ASA5508-TAM=

L-ASA5508-TAM-3Y

Cisco ASA5508 FirePOWER IPS, Apps, AMP and URL 3YR Subscription

L-ASA5508-TAMC=

L-ASA5508-TAMC-3Y

Cisco ASA5508 FirePOWER URL Filtering 3YR Subscription

L-ASA5508-URL=

L-ASA5508-URL-3Y

Cisco ASA5516 FirePOWER IPS and Apps 3YR Subscription

L-ASA5516-TA=

L-ASA5516-TA-3Y

Cisco ASA5516 FirePOWER IPS, Apps and URL 3YR Subscription

L-ASA5516-TAC=

L-ASA5516-TAC-3Y

Cisco ASA5516 FirePOWER IPS, Apps and AMP 3YR Subscription

L-ASA5516-TAM=

L-ASA5516-TAM-3Y

Cisco ASA5516 FirePOWER IPS, Apps, AMP and URL 3YR Subscription

L-ASA5516-TAMC=

L-ASA5516-TAMC-3Y

Cisco ASA5516 FirePOWER URL Filtering 3YR Subscription

L-ASA5516-URL=

L-ASA5516-URL-3Y

Cisco ASA5512 FirePOWER IPS and Apps 3YR Subscription

L-ASA5512-TA=

L-ASA5512-TA-3Y

Cisco ASA5512 FirePOWER IPS, Apps and URL 3YR Subscription

L-ASA5512-TAC=

L-ASA5512-TAC-3Y

Cisco ASA5512 FirePOWER IPS, Apps and AMP 3YR Subscription

L-ASA5512-TAM=

L-ASA5512-TAM-3Y

Cisco ASA5512 FirePOWER IPS, Apps, AMP and URL 3YR Subscription

L-ASA5512-TAMC=

L-ASA5512-TAMC-3Y

Cisco ASA5512 FirePOWER URL Filtering 3YR Subscription

L-ASA5512-URL=

L-ASA5512-URL-3Y

Cisco ASA5515 FirePOWER IPS and Apps 3YR Subscription

L-ASA5515-TA=

L-ASA5515-TA-3Y

Cisco ASA5515 FirePOWER IPS, Apps and URL 3YR Subscription

L-ASA5515-TAC=

L-ASA5515-TAC-3Y

Cisco ASA5515 FirePOWER IPS, Apps and AMP 3YR Subscription

L-ASA5515-TAM=

L-ASA5515-TAM-3Y

Cisco ASA5515 FirePOWER IPS, Apps, AMP and URL 3YR Subscription

L-ASA5515-TAMC=

L-ASA5515-TAMC-3Y

Cisco ASA5515 FirePOWER URL Filtering 3YR Subscription

L-ASA5515-URL=

L-ASA5515-URL-3Y

Cisco ASA5525 FirePOWER IPS and Apps 3YR Subscription

L-ASA5525-TA=

L-ASA5525-TA-3Y

Cisco ASA5525 FirePOWER IPS, Apps and URL 3YR Subscription

L-ASA5525-TAC=

L-ASA5525-TAC-3Y

Cisco ASA5525 FirePOWER IPS, Apps and AMP 3YR Subscription

L-ASA5525-TAM=

L-ASA5525-TAM-3Y

Cisco ASA5525 FirePOWER IPS, Apps, AMP and URL 3YR Subscription

L-ASA5525-TAMC=

L-ASA5525-TAMC-3Y

Cisco ASA5525 FirePOWER URL Filtering 3YR Subscription

L-ASA5525-URL=

L-ASA5525-URL-3Y

Cisco ASA5545 FirePOWER IPS and Apps 3YR Subscription

L-ASA5545-TA=

L-ASA5545-TA-3Y

Cisco ASA5545 FirePOWER IPS, Apps and URL 3YR Subscription

L-ASA5545-TAC=

L-ASA5545-TAC-3Y

Cisco ASA5545 FirePOWER IPS, Apps and AMP 3YR Subscription

L-ASA5545-TAM=

L-ASA5545-TAM-3Y

Cisco ASA5545 FirePOWER IPS, Apps, AMP and URL 3YR Subscription

L-ASA5545-TAMC=

L-ASA5545-TAMC-3Y

Cisco ASA5545 FirePOWER URL Filtering 3YR Subscription

L-ASA5545-URL=

L-ASA5545-URL-3Y

Cisco ASA5555 FirePOWER IPS and Apps 3YR Subscription

L-ASA5555-TA=

L-ASA5555-TA-3Y

Cisco ASA5555 FirePOWER IPS, Apps and URL 3YR Subscription

L-ASA5555-TAC=

L-ASA5555-TAC-3Y

Cisco ASA5555 FirePOWER IPS, Apps and AMP 3YR Subscription

L-ASA5555-TAM=

L-ASA5555-TAM-3Y

Cisco ASA5555 FirePOWER IPS, Apps, AMP and URL 3YR Subscription

L-ASA5555-TAMC=

L-ASA5555-TAMC-3Y

Cisco ASA5555 FirePOWER URL Filtering 3YR Subscription

L-ASA5555-URL=

L-ASA5555-URL-3Y

 

چنانچه مایل به دریافت اطلاعات بیشتری از فایروال ها ی سیسکو و کارکرد های آنها هستید با واحد فنی و آموزش سیسکو رویان شبکه در ارتباط  باشید.

شرکت رویان شبکه