Cisco Systems ASA 5510

Cisco already has a well established product line-up with its PIX firewall and VPN concentrator appliances having a strong following but its latest ASA (adaptive security appliance) family moves the focus firmly onto the UTM security solution. Here we take an exclusive look at the ASA 5510 which is aimed squarely at the SMB sector.

Having already run an exclusive review of Cisco's ISR 3845 we can see a few similarities with both families offering firewall, VPN and intrusion prevention capabilities. However, the ISR products are primarily communications solutions and as we previously observed only support anti-virus scanning via Cisco's NAC software which is essentially a separate product.

For anti-spam measures you'll also need to set up an ISR with special access controls that look for POP3 and SMTP traffic and pass it on to a separate filtering server or appliance.

The ASA family targets those companies that specifically want a UTM solution that covers firewalling plus IPsec and SSL VPNs but includes optional measures such as anti-virus, anti-spam and intrusion prevention. Along with the higher-end ASA appliances, the 5510 uses the same VPN code as Cisco's VPN 3000 concentrators. The ASAs are being offered as a replacement or an alternative solution but although there is an overlap across the ranges, Cisco advised us it has no plans to bring the VPN 3000 products to end of life. The ASA appliances also amalgamate technology from Cisco's PIX firewalls and IPS 4200 intrusion prevention devices.

The 5510 comes with five switched Fast Ethernet ports of which three are licensed for use in the base configuration. Upgrades are provided to activate the remaining ports and also allow one to be dedicated to management access. The 5510 has a single expansion slot which accepts an SSM (security services module) that adds additional functions. For anti-virus and anti-spam Cisco has made a deal with Trend Micro so the module implements its InterScan security suite.

Extensive options are available with Cisco offering the 5510 and larger models in Firewall, IPS, VPN and Anti-X Editions. Within each Edition there are even more choices with the Anti-X version, for example, including the expansion module which adds anti-virus and anti-spyware. The complete solution costs around £3,800 for fifty users and includes the first year's update subscription. For a further £800 you can add anti-spam, URL blocking and anti-phishing.

The 5510 does provide the standard RJ-45 port for command line access to the IOS but as we found with its ISR appliances you don't need to use this at all. Pointing a web browser at its default IP address provides options to download a Java applet to run Cisco's new ASDM (adaptive security device manager) interface remotely or to install it from the appliance and run it locally. We found the ADSM utility particularly easy to use with it providing a full status report where you can see details on system resources plus traffic throughput and a display of Syslog messages at the bottom.

Your first job is to configure the interfaces and assign a security value to each one which determines the risks they face. An external port that's open to the Internet would normally be given a value of zero to indicate that it is totally untrustworthy whilst an internal port on the LAN may be given a value of 100 to show it can be completely trusted. Next you need to set up the firewall and a quick start wizard kicks off with a set of default rules that block all unsolicited inbound traffic. Custom rules are simple enough to create as you select an interface, add source and destination networks, the service being handled and an action. Rule priority is determined strictly by their position in the list and multiple rules can be saved off as complete security polices. You also get a handy flow diagram beneath the list which shows clearly what the selected rule is doing.

Accessing the InterScan components from the ASDM fires up Trend's own separate administrative interface where you can set up scanning rules for mail, web browser and FTP traffic. Separate sections are provided for POP3 and SMTP traffic so can create different policies for inbound and outbound mail. Infected attachments can be cleaned, moved or deleted and you can set InterScan to keep an eye out for keywords in email subject lines and message content. There's little that needs to be done with the anti-spam component as you simply choose from three levels of scanning intensity and set up black and white sender lists. For web traffic you can use basic URL blocking lists but you also get hosted content filtering services which are accessed and configured from the InterScan interface.

All IPS features are also accessed from a separate interface. Using the Cisco IDM (intrusion detection manager) utility you need to set up sensors and define interfaces which can operate either in promiscuous or in-line mode when analysing traffic. The former effectively provides a passive monitor that cannot directly intervene when an attack is detected whilst the latter offers up to Layer 7 packet analysis and can actively block attacks.

Plenty of wizards make light work of creating site-to-site and mobile client IPsec VPNs and for SSL VPNs a separate section is provided for accessing the CSD (Cisco secure desktop) manager. Remote users access the appliance by running Cisco's WebVPN software and profiles determine what network resources they are allowed to access and how their PC or laptop is cleaned up after their SSL VPN sessions have ended.

The ASA 5510 certainly has the ability to deliver a comprehensive range of security measures and the extensive upgrade options on offer make it a highly versatile UTM appliance. The sheer number of features means it will take a while to customise to suit but the new management interface does provide good access to the various functions along with plenty of assistance.

Email to a friend

Print this page