While boasting large firewall and VPN throughput the ASA 5580 devices (Learn more about desktop firewalls from our Desktop Firewalls Buyer's Guide) lack the intrusion-prevention and antivirus, antispam, antispyware options other ASAs have. Cisco says that is because customers that need a firewall this fast want to run separate IPS and anti-X software.
Cisco says the ASA 5580 supports 10Gbps of firewall throughput using typical flow patterns encountered in customer networks. It also supports up to 10,000 simultaneous VPN users. Ten of the devices can be clustered to support 100,000 VPN users.
The previous top-of-the-line ASA device has a 1.2Gbps firewall and supports 5,000 simultaneous VPN users. The new boxes compete against fast firewall/VPN gear from the likes of Check Point and Juniper. (For comparison of enterprise firewalls, see our Enteprise Firewall Buyer’s Guide.)
To handle logging for the faster gear, Cisco is also introducing NetFlow Security Event Logging, which boils down into a more manageable format the syslog events that would be recorded for its slower ASAs.
The software upgrade correlates related incidents into a smaller number of security events that are recorded in a NetFlow collector. Cisco says it is pushing for IETF standardization of this logging so it can work with third-party event logging gear.
The company says it will eventually make this correlation of events available for earlier ASA models.
ASA 5580 comes in three models, ASA 5580-20, ASA 5580-20 VPN bundle and ASA 55800-40.
The ASA 5580-20 starts at $50,000 for a chassis and firewall software that supports 5Gbps. The ASA 5580-20 VPN bundle costs extra depending on the number VPN use licenses, which can cost as little as $20 per seat.
The ASA 5580-40 pricing starts at $100,000 for the hardware and 10Gbps firewall. All the ASA 5580 models are available next month.