Cisco ASA CX 5500-X Series
They combine proven stateful inspection firewall features with the ASA CX Context-Aware suite of next-generation firewall services for networks of all sizes: small and midsize businesses with one or more locations, large enterprises, service providers, and mission-critical data centers. The Cisco ASA CX firewalls deliver:
● Scalable performance
● Industry-leading service flexibility
● Modular scalability
● Feature extensible
● Low deployment and operational costs
 |
| Fig 1.1 -Cisco ASA CX 5500-X Series |
Features and Benefits
Available in a wide range of sizes, Cisco ASA CX models provide the same level of security that protects the networks of some of the largest and most security-conscious companies in the world. They also provide Cisco ASA CX series next-generation firewall services, which include Cisco Application Visibility and Control (AVC), web security, botnet filtering, and intrusion prevention, so you can add these security features to new applications and devices in your network.
Cisco ASA CX 5500-X Series Next-Generation Firewalls for small offices and branch locations protect critical assets in several ways:
● Exceptional next-generation firewall services provide the visibility and detailed control that your enterprise needs to safely take advantage of new applications and devices.
● Cisco AVC controls specific behaviors within allowed micro applications.
● Cisco Web Security Essentials (WSE) restricts web and web application use based on the reputation
of a site.
of a site.
● Broad and deep network security through an array of integrated cloud- and software-based next-generation firewall services is backed by Cisco Security Intelligence Operations (SIO).
● A highly effective intrusion prevention system (IPS) is provided with Cisco Global Correlation.
● A high-performance VPN and always-on remote access are included.
● Additional security services can be implemented quickly and easily in response to changing needs.
 |
| Fig 1.2 -Cisco ASA CX 5500-X Series |
Cisco ASA CX 5500-X Models
The Cisco ASA 5512-X, 5515-X, 5525-X, 5545-X, and 5555-X CX Series Adaptive Security Appliances combine the most widely deployed stateful inspection firewall in the industry with a comprehensive suite of next-generation network security services for comprehensive security without compromise. They provide multiple security services and redundant power supplies and support consistent security enforcement throughout your organization.
In addition to comprehensive stateful inspection firewall capabilities, optional features include integrated cloud- and software-based security services, Cisco AVC, Cisco WSE, Cisco Cloud Web Security (CWS), and IPS.
In addition to comprehensive stateful inspection firewall capabilities, optional features include integrated cloud- and software-based security services, Cisco AVC, Cisco WSE, Cisco Cloud Web Security (CWS), and IPS.
Cisco ASA 5555-X Unboxing
These models vary in their performance and throughput capabilities and in the services and number of users that can be supported by each model. Depending on the customer requirements and performance needs, these firewalls can be deployed at small office, Internet edge, and data center locations.
This ASA CX series of next-generation firewalls is built on the same proven security platform as the rest of the Cisco ASA family of firewalls and delivers exceptional application visibility and control along with superior performance and operational efficiency. These firewalls provide next-generation services that make it possible to take advantage of new applications and devices without compromising security. Unlike other firewalls, the Cisco ASA 5500-X Series keeps pace with rapidly evolving needs by offering end-to-end network intelligence gained by combining the visibility of local traffic with in-depth global network intelligence.
Using Cisco ASA Software Release 9.0 and later, customers can combine up to 16 Cisco ASA 5585-X firewall modules in a single cluster for up to 640 Gbps of throughput, 2 million connections per second, and more than 100 million concurrent connections . This “pay as you grow” model enables organizations to purchase what they need today and dynamically add more when their performance needs grow. To protect high-performance data centers from internal and external threats, the cluster can be augmented by adding IPS modules.
Clustering Technology with the 5585X
Using Cisco ASA Software Release 9.0 and later, customers can combine up to 16 Cisco ASA 5585-X firewall modules in a single cluster for up to 640 Gbps of throughput, 2 million connections per second, and more than 100 million concurrent connections . This “pay as you grow” model enables organizations to purchase what they need today and dynamically add more when their performance needs grow. To protect high-performance data centers from internal and external threats, the cluster can be augmented by adding IPS modules.
Demonstration of IPS Performance for the Data Center with Clustered ASA5585-X
Demonstration of IPS Performance for the Data Center with Clustered ASA5585-X
Clustering Technology with the 5585XCisco ASA software clustering delivers a consistent scaling factor, irrespective of the number of units in the cluster, for a linear and predictable increase in performance. Complexity is reduced, as no changes are required to existing Layer 2 and Layer 3 networks. Support for data center designs based on the Cisco Catalyst 6500 Series Virtual Switching System (VSS) and the Cisco virtual Port Channel (vPC) as well as the Link Aggregation Control Protocol (LACP) provides high availability (HA) with better network integration.
For operational efficiency, Cisco ASA clusters are easy to manage and troubleshoot. Policies pushed to the master node are replicated across all the units within the cluster. The health, performance, and capacity statistics of the entire cluster, as well as individual units within the cluster, can be assessed from a single management console. Hitless software upgrades are supported for ease of device updates.
Clustering supports HA in both active/active and active/passive modes. All units in the cluster actively pass traffic, and all connection information is replicated to at least one other unit in the cluster to support N+1 HA. In addition, single and multiple contexts are supported, along with routed and transparent modes. A single configuration is maintained across all units in the cluster using automatic configuration sync. Clusterwide statistics are provided to track resource usage.
Cisco ASA software clustering delivers a consistent scaling factor, irrespective of the number of units in the cluster, for a linear and predictable increase in performance. Complexity is reduced, as no changes are required to existing Layer 2 and Layer 3 networks. Support for data center designs based on the Cisco Catalyst 6500 Series Virtual Switching System (VSS) and the Cisco virtual Port Channel (vPC) as well as the Link Aggregation Control Protocol (LACP) provides high availability (HA) with better network integration.
For operational efficiency, Cisco ASA clusters are easy to manage and troubleshoot. Policies pushed to the master node are replicated across all the units within the cluster. The health, performance, and capacity statistics of the entire cluster, as well as individual units within the cluster, can be assessed from a single management console. Hitless software upgrades are supported for ease of device updates.
Clustering supports HA in both active/active and active/passive modes. All units in the cluster actively pass traffic, and all connection information is replicated to at least one other unit in the cluster to support N+1 HA. In addition, single and multiple contexts are supported, along with routed and transparent modes. A single configuration is maintained across all units in the cluster using automatic configuration sync. Clusterwide statistics are provided to track resource usage.
