2. Cisco® ASA CX Context-Aware Security is a
modular security service that addresses these
needs by blending a proven stateful inspection
firewall with next-generation capabilities and a
host of additional network-based security
controls - for end-to-end network intelligence
and streamlined security operations.
In addition, ASA CX enables administrators to:
Control specific behaviors within allowed micro-
applications.
Restrict web and web application usage based on
reputation of the site.
Proactively protect against Internet threats.
Enforce differentiated policies based on the user,
device, role, and application type.
3. Cisco ASA Next-Generation Firewall Services
such as Application Visibility and Control
(AVC) to control specific behaviors within
allowed micro-applications and Web Security
Essentials (WSE) to restrict web and web
application usage based on reputation of the
site.
Cisco IPS is the only context aware IPS that
uses device awareness, network reputation of
the source, target value, and user identity to
drive mitigation decisions and provides a
proactive protection against threats.
4. 4x increase in firewall throughput protects users as
their current and future data consumption demands
increase.
Redundant power supplies (on the ASA 5545-X and
5555-X appliances) protect against power outages.
Multicore enterprise-class CPUs deliver better
performance.
Additional copper and small form-factor pluggable
(SFP) Gigabit Ethernet ports provide greater flexibility
for network configuration.
Cisco Cloud Web Security provides unmatched web
security, application visibility and control for
organizations of all sizes through a network of global
and redundant data centers.
5. ASA 5555-XASA 5545-XASA 5540Products
4 Gbps3 Gbps650 MbpsStateful inspection throughput
(max1)
2 Gbps1.5 GbpsNot AvailableStateful inspection throughput
(multiprotocol2)
1.3 Gbps900 MbpsUp to 500Mbps with AIPSSM-
20
● Up to 650 Mbps with AIPSSM-
40
IPS throughput3
1.4 Gbps1 GbpsNot AvailableContext-aware throughput4
(multiprotocol)
50,00030,00025,000Connections per second
1,000,000750,000400,000Concurrent connections
700 Mbps400 Mbps325 Mbps3DES/AES VPN throughput
(maximum)
500300200VLANs
Yes (1 GE)Yes (1 GE)NoneDedicated
Management Port
2/1002/502/50Security contexts
(included/maximum)
16GB8GB2GBMemory
8GB8GB256 MBMinimum System Flash
2 slots, RAID 1, 120 GB MLC SED2 slots, RAID 1, 120 GB MLC SEDNoneSolid State Drive
6. Application awareness Enforces access policy
based on more than 1000 commonly used
applications and 75,000 micro-applications;
provides granular access control based on
“behavior” (for example, a file upload or a post on
a social networking site) to further control user
activity related to applications; controls port- and
protocol-hopping applications that can evade
classic security controls.
Identity-based firewalling Provides differentiated
access control based on user and user role;
supports common identity mechanisms such as
Active Directory agent, LDAP, Kerberos, and NT
LAN Manager.
7.
8.
9.
10. Device-type-based enforcement Uses Cisco
AnyConnect to identify the types of devices (such
as iPads, iPhones, and Android devices) that are
accessing the network, and controls which devices
will be permitted or denied.
URL filtering Enterprise-class, full-featured URL
filtering solution enables granular control of
Internet traffic.
Global threat intelligence Uses the global footprint
of Cisco security deployments for more
comprehensive network protection. Cisco SIO
delivers regularly updated threat intelligence feeds
for near-real-time protection from zero-day
malware.
11. Stateful firewall capabilities
In addition to enabling Layer 7 context-aware
rules, provides extensive support for Layer 3 and
Layer 4 stateful firewall features, including access
control, network address translation, and stateful
inspection.
Intuitive management Preloaded with Cisco Prime™
Security Manager, a powerful, intuitive
management solution that simplifies the solution
management of context-aware firewalls.