- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
| Intro to UTM Testing | Testing categories | Product Summaries | Click tabs to expand |
|---|
Score: 3.68
Editor’s note: This is a summary of our testing of this product, for a full rundown of how it fared in our testing across 10 UTM categories, please see our full coverage.
The ASA 5540 is one of a range of firewalls that together replace Cisco’s PIX and 3000-series VPN concentrator lines. With one faster model (that cannot do either IPS or antivirus filtering) and several slower ones, Cisco has continued its serious run at both the SMB and enterprise markets with this series of appliances.
While the ASA has strong built-in firewall, protocol inspection, and NAT features, the antivirus and IPS UTM features each
require an add-in security services module. Because current models of the ASA have only a single slot, you can choose to implement either IPS or antivirus,
but not both at the same time.
The ASA series can all be configured entirely from the command line, can be driven through a local GUI (called ASDM), or controlled through Cisco’s optional global-management tool, Cisco Security Manager (CSM), at an extra cost. We worked with CSM in this test and found that while Cisco has done a great job at bringing CSM where it needed to be for enterprise management, it is still not a full management solution for controlling all of the features a UTM has to offer.
To manage your ASA firewall with an IPS installed you also need to use ASDM, the local GUI, because CSM doesn’t have tools for monitoring the status of the ASA. You also need a separate MARS appliance, Cisco’s security information-management system, because MARS is the only Cisco tool to receive and analyze IPS/IDS events. Without CSM, IPS and firewall management are not integrated, requiring not just another IP address but another Ethernet port.
With its heritage as a NAT device, the ASA carries a fair amount of configuration baggage. Cisco has not done a good job of bringing the NAT policy and firewall policy together. Indeed, the complexity of this issue is such that the Cisco engineers who helped install our system didn’t get the NAT policy right the first time around.
As a firewall, the ASA is hard to love unless you’ve had a longstanding affair with PIX. Cisco has been extraordinarily careful to maintain a consistent feel and model in a product that, fundamentally, is more than a decade old, which means the company has neglected to clean up rough edges. If you’ve learned the PIX, its idiosyncrasies and its convoluted security and NAT model, Cisco definitely won’t abandon you.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment