Cisco Systems ASA 5510

It may be the biggest networking company in the world but Cisco is also very keen to make a much bigger mark in the security arena.

Price
£1,845

Cisco already has a well established product line-up with its PIX firewall and VPN concentrator appliances having a strong following but its latest ASA (adaptive security appliance) family moves the focus firmly onto the UTM security solution. Here we take an exclusive look at the ASA 5510 which is aimed squarely at the SMB sector.

Having already run an exclusive review of Cisco's ISR 3845 we can see a few similarities with both families offering firewall, VPN and intrusion prevention capabilities. However, the ISR products are primarily communications solutions and as we previously observed only support anti-virus scanning via Cisco's NAC software which is essentially a separate product.

For anti-spam measures you'll also need to set up an ISR with special access controls that look for POP3 and SMTP traffic and pass it on to a separate filtering server or appliance.

The ASA family targets those companies that specifically want a UTM solution that covers firewalling plus IPsec and SSL VPNs but includes optional measures such as anti-virus, anti-spam and intrusion prevention. Along with the higher-end ASA appliances, the 5510 uses the same VPN code as Cisco's VPN 3000 concentrators. The ASAs are being offered as a replacement or an alternative solution but although there is an overlap across the ranges, Cisco advised us it has no plans to bring the VPN 3000 products to end of life. The ASA appliances also amalgamate technology from Cisco's PIX firewalls and IPS 4200 intrusion prevention devices.

Advertisement
Advertisement - Article continues below

The 5510 comes with five switched Fast Ethernet ports of which three are licensed for use in the base configuration. Upgrades are provided to activate the remaining ports and also allow one to be dedicated to management access. The 5510 has a single expansion slot which accepts an SSM (security services module) that adds additional functions. For anti-virus and anti-spam Cisco has made a deal with Trend Micro so the module implements its InterScan security suite.

Your first job is to configure the interfaces and assign a security value to each one which determines the risks they face. An external port that's open to the Internet would normally be given a value of zero to indicate that it is totally untrustworthy whilst an internal port on the LAN may be given a value of 100 to show it can be completely trusted. Next you need to set up the firewall and a quick start wizard kicks off with a set of default rules that block all unsolicited inbound traffic. Custom rules are simple enough to create as you select an interface, add source and destination networks, the service being handled and an action. Rule priority is determined strictly by their position in the list and multiple rules can be saved off as complete security polices. You also get a handy flow diagram beneath the list which shows clearly what the selected rule is doing.

Plenty of wizards make light work of creating site-to-site and mobile client IPsec VPNs and for SSL VPNs a separate section is provided for accessing the CSD (Cisco secure desktop) manager. Remote users access the appliance by running Cisco's WebVPN software and profiles determine what network resources they are allowed to access and how their PC or laptop is cleaned up after their SSL VPN sessions have ended.

The ASA 5510 certainly has the ability to deliver a comprehensive range of security measures and the extensive upgrade options on offer make it a highly versatile UTM appliance. The sheer number of features means it will take a while to customise to suit but the new management interface does provide good access to the various functions along with plenty of assistance.

Verdict

The ASA 5510 offers a comprehensive network security solution to SMBs that can be configured to suit a wide range of scenarios and requirements and the new management interface makes light work of configuration.

Pentium 4 Celeron 1.6GHz; 64MB CompactFlash; 256MB Flash; Cisco embedded encryption accelerator; 5 x 10/100BaseTX; RJ45 serial port; 2 x USB 2.0; expansion slot for optional CSC SSM module; CompactFlash slot; CLI and ASDM management.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019