Cisco broadens security family

Cisco launches new security appliances; beefs up IOS security.

Cisco last week launched new versions of its multipurpose Adaptive Security Appliance, with small offices and large data centers in mind.

Cisco's ASA 5500 series appliance includes Cisco's VPN, firewall and other security technologies on a single hardware platform. New additions to the ASA family include the ASA 5505, which is targeted at small offices; the ASA 5550 is aimed at large sites that require more than 1Gbps of security traffic throughput.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Cisco last week launched new versions of its multipurpose Adaptive Security Appliance, with small offices and large data centers in mind.

Cisco's ASA 5500 series appliance includes Cisco's VPN, firewall and other security technologies on a single hardware platform. New additions to the ASA family include the ASA 5505, which is targeted at small offices; the ASA 5550 is aimed at large sites that require more than 1Gbps of security traffic throughput.

Click to see: Cisco ASA

The ASA 5550 can process traffic through its firewall processors at a maximum speed of 1.2Gbps - almost double the firewall performance on the previous high-end ASA 5540, released last year. The ASA 5550 can scan traffic on as many as 200 virtual LAN segments, and support as many as 5,000 IPsec and SSL VPN clients simultaneously.

"Initially, when Cisco launched the ASA, it was a midsize [product]," says Greg Young, research vice president with Gartner. "Now they're going in two directions. . . . They're answering the demand for the enterprise, and going after the smaller market."

The ASA 5505 is designed to sit on a desktop or in a small wiring closet, and supports as much as 150Mbps of firewall traffic throughput and 100Mbps of VPN traffic. The box has eight 10/100Mbps ports and two Power over Ethernet ports for powering wireless LAN access points or IP phones in a small office.

Both appliances support ASA Software 7.2, which was released with the new hardware. The software includes application firewall features, which lets an ASA device detect anomalies in, or misuses of certain application protocols, such as VoIP, instant messaging, and specific Microsoft network and application protocols.

Cisco also is adding its Network Admission Control (NAC) support to the Software 7.2 release. This lets an ASA device communicate with laptops, PCs or other endpoints running the Cisco Security Agent, and determine if the machines accessing the network have up-to-date security and operating system software. Cisco also built a Packet Tracer feature into the new software, which provides troubleshooting tools for analyzing how the device processes packets in order to fix configuration errors.

Gartner's Young says Cisco's attempt to broaden the ASA's scope could work well for some customers, but not all.

"Cisco is attempting to take on two very different markets with one product," Young says. While many enterprises prefer the all-in-one approach, the largest enterprises often prefer best-of-breed security gear that can be mixed and matched.

CheckPoint, TippingPoint/3Com, Nokia, NetScreen and Sonicwall also offer devices that combine multiple security functions such as VPN, firewall and intrusion-detection and -prevention systems.

Cisco also introduced its NAC Appliance 4.0 this week, with improved network integration and management features. The NAC Appliance checks devices such as Windows and Linux clients, handhelds and other endpoints as they attempt to access a LAN. Based on preset configurations, it allows or denies access based on parameters such as device type, protocol used or IP address.