Cisco this week launched new versions of its multi-purpose Adaptive Security Appliance (ASA), with small offices and large data centers in mind. The company also introduced a new version of its Network Admission Control (NAC) appliance, and an upgrade to IOS software with beefed-up security features.
Cisco's Adaptive Security Appliance (ASA) 5500 series appliance includes Cisco's VPN, firewall and other security technologies on a single hardware platform. New additions to the ASA family include the ASA 5505, which is targeted at small offices while the ASA 5550 is aimed at large sites that require more than a gigabit-per-second of security traffic throughput.
The ASA 5550 is targeted at large enterprises and can process traffic through its firewall processors at a maximum speed of 1.2Gbps -- almost double the firewall performance on the previous high-end ASA 5540, released last year. The ASA 5550 can scan traffic on up to 200 virtual LAN segments, and support up to 5,000 IPSec and SSL VPN clients simultaneously.
The ASA 5505 is designed to sit on a desktop or small wiring closet, and supports up to 150Mbps of firewall traffic throughput, and 100Mpbs of VPN traffic. The box includes eight 10/100Mbps ports and two power over Ethernet (PoE) ports for powering WLAN access points or IP phones in a small office.
Both appliances support ASA Software 7.2, which was released with the new hardware. The software includes application firewall features, which allows an ASA device to detect anomalies in, or misuses of certain application protocols, such as VOIP, instant messaging, and specific Microsoft networking and application protocols.
Cisco is also adding its Network Admission Control support to the 7.2 software release. This allows an ASA device to communicate with laptops, PCs or other endpoints running the Cisco Security Agent, and determine if the machines accessing the network have up-to-date security and operating system software. Cisco also built a Packet Tracer feature into the new software, which provides troubleshooting tools for analyzing how the device processes packets in order to fix configuration errors.
Also on the NAC front, Cisco introduced its NAC Appliance 4.0 this week, with improved network integration and management features. The Cisco NAC Appliance can check devices such as Windows and Linux clients, printers, handheld devices and other endpoints as these devices attempt to access a LAN. Based on pre-set configurations, the device can allow or deny access based on parameters such as device type, protocol used, IP address or other factors.
New features on NAC Appliance 4.0 include the ability to attach to a LAN at Layer 3, allowing a the appliance to cover more LAN segments, as opposed to deploying multiple in-line NAC Appliances at various Layer 2 network segments. The 4.0 version of the appliance also provides a single sign-on for Cisco network access and Windows Active Directory domains.
Cisco also released a new version of its IOS router/switch software that adds additional security features. IOS version 12.4(9)T includes a feature that detect and stop unwanted network traffic, such as BitTorrent, KaZaA and Gnutella file sharing. The new IOS version also provides improved monitoring capabilities for the site-to-site VPN function in IOS, and added authentication and accounting tools for managing SSL VPN remote access on an IOS router.