A firewall is a network security system which takes actions on the ingoing or outgoing packets based on the defined rules on the basis of IP address, port numbers. Cisco calls its firewall as Adaptive Security Appliance (ASA).
The Cisco ASA 5500 series has models:
Cisco ASA 5505, Cisco ASA 5510, Cisco ASA 5515-X, Cisco ASA 5520, Cisco ASA 5525-X, Cisco ASA 5540, Cisco ASA 5550, Cisco ASA 5555-X, Cisco ASA 5585-X.
Adaptive Security Appliance (ASA) –
ASA is Cisco security device that can perform basic firewall capabilities with VPN capabilities, antivirus and many other features. Some of the features of ASA are:
- Packet filtering –
Packet filtering is a simple process of filtering the incoming or outgoing packet on the basis of rules defined on the ACL which has been applied to the device. It consists of various permit or deny conditions. If the traffic matches one of the rule, no other rule is matched and the matched rule is executed.
- Stateful filtering –
By default, ASA performs stateful tracking of the packet if the packet is generated from higher security level to lower security level.
By default, if the traffic is initiated by the devices in higher security levels for lower security levels device (as destination), TCP and UDP reply traffic will be allowed and will able to, say, telnet the other device in Lower security level. This is because a stateful database is maintained (in which an entry about the source and destination device information such as IP address, port numbers are maintained) as stateful inspection is enabled by default.
- Routing support –
ASA can perform static routing, Default routing also dynamic routing protocols like EIGRP, OSPF and RIP.
- Transparent firewall –
ASA can operate in two modes:
- Routed mode: In this mode, ASA acts like a layer 3 device (router hop) and needs to have two different IP address (means two different subnets) on its both interface.
- Transparent mode: In this mode, ASA operates at layer 2 and only a single IP address is needed to manage ASA management purpose as both the interfaces (inside and outside) acts like a bridge.
- AAA support –
ASA supports AAA services either using its local database or using a external server like ACS (Access Control Server).
- VPN support –
ASA supports policy-bases VPNs like point-to-point IPsec VPN(site-to-site VPN and remote-access VPN) and SSL based VPNs.
- Supports IPv6 –
ASA (new versions) supports IPv6 routing such as static, dynamic.
- VPN load Balancing –
It is a Cisco proprietary feature of Cisco ASA. Multiple clients can be shared across multiple ASA units at the same time.
- Stateful failover –
ASA supports high availability of pair of Cisco ASA devices.If one of the ASA goes down, the other ASA device will perform the operations without any interruption. When stateful failover is enabled, the active unit continously passes connection state information to the backup device. After the failover occurs, same connection information is available on the new active unit.
- Clustering –
Cisco ASA let’s us configure multiple ASA devices as a single logical device. cluster can consists of maximum 8 cohesive units. This results in high throughput and at the same time, provides redundancy.
- Advance Malware Protection (AMP) –
Cisco ASA provides support for Next-Generation firewall features which can provide protection advanced malware protection in a single device as the classic firewall features are combined with NGFWs features.
- Modular Policy Framework (MPF) –
MPF is used to define policies for different traffic flows. Its used in ASA to utilize advanced firewall features like QOS, Policing, prioritising etc.
For using MPF, we define Class-map for identifying the type of traffic, policy-map for identifying what action should be taken like priortize and service-policy for where it should be applied.
- What is Information Security?
- Hash Functions in System Security
- Active and Passive attacks in Information Security
- Port Security in Computer Network
- Features of Enhanced Interior Gateway Routing Protocol (EIGRP)
- Threats to Information Security
- Risk Management for Information Security | Set-1
- Risk Management for Information Security | Set-2
- Basic configuration of Adaptive Security Appliance (ASA)
- TELNET and SSH on Adaptive Security Appliance (ASA)
- System Security
- IP security (IPSec)
- Types of DNS Attacks and Tactics for Security
- Privacy and Security in online social media
- Port Address Translation (PAT) on Adaptive Security Appliance (ASA)
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.