Cisco Systems ASA 5510
It may be the biggest networking company in the world but Cisco is also very keen to make a much bigger mark in the security arena.
Cisco already has a well established product line-up with its PIX firewall and VPN concentrator appliances having a strong following but its latest ASA (adaptive security appliance) family moves the focus firmly onto the UTM security solution. Here we take an exclusive look at the ASA 5510 which is aimed squarely at the SMB sector.
Having already run an exclusive review of Cisco's ISR 3845 we can see a few similarities with both families offering firewall, VPN and intrusion prevention capabilities. However, the ISR products are primarily communications solutions and as we previously observed only support anti-virus scanning via Cisco's NAC software which is essentially a separate product.
For anti-spam measures you'll also need to set up an ISR with special access controls that look for POP3 and SMTP traffic and pass it on to a separate filtering server or appliance.
The ASA family targets those companies that specifically want a UTM solution that covers firewalling plus IPsec and SSL VPNs but includes optional measures such as anti-virus, anti-spam and intrusion prevention. Along with the higher-end ASA appliances, the 5510 uses the same VPN code as Cisco's VPN 3000 concentrators. The ASAs are being offered as a replacement or an alternative solution but although there is an overlap across the ranges, Cisco advised us it has no plans to bring the VPN 3000 products to end of life. The ASA appliances also amalgamate technology from Cisco's PIX firewalls and IPS 4200 intrusion prevention devices.
The 5510 comes with five switched Fast Ethernet ports of which three are licensed for use in the base configuration. Upgrades are provided to activate the remaining ports and also allow one to be dedicated to management access. The 5510 has a single expansion slot which accepts an SSM (security services module) that adds additional functions. For anti-virus and anti-spam Cisco has made a deal with Trend Micro so the module implements its InterScan security suite.
Your first job is to configure the interfaces and assign a security value to each one which determines the risks they face. An external port that's open to the Internet would normally be given a value of zero to indicate that it is totally untrustworthy whilst an internal port on the LAN may be given a value of 100 to show it can be completely trusted. Next you need to set up the firewall and a quick start wizard kicks off with a set of default rules that block all unsolicited inbound traffic. Custom rules are simple enough to create as you select an interface, add source and destination networks, the service being handled and an action. Rule priority is determined strictly by their position in the list and multiple rules can be saved off as complete security polices. You also get a handy flow diagram beneath the list which shows clearly what the selected rule is doing.
Plenty of wizards make light work of creating site-to-site and mobile client IPsec VPNs and for SSL VPNs a separate section is provided for accessing the CSD (Cisco secure desktop) manager. Remote users access the appliance by running Cisco's WebVPN software and profiles determine what network resources they are allowed to access and how their PC or laptop is cleaned up after their SSL VPN sessions have ended.
The ASA 5510 certainly has the ability to deliver a comprehensive range of security measures and the extensive upgrade options on offer make it a highly versatile UTM appliance. The sheer number of features means it will take a while to customise to suit but the new management interface does provide good access to the various functions along with plenty of assistance.
The ASA 5510 offers a comprehensive network security solution to SMBs that can be configured to suit a wide range of scenarios and requirements and the new management interface makes light work of configuration.
Pentium 4 Celeron 1.6GHz; 64MB CompactFlash; 256MB Flash; Cisco embedded encryption accelerator; 5 x 10/100BaseTX; RJ45 serial port; 2 x USB 2.0; expansion slot for optional CSC SSM module; CompactFlash slot; CLI and ASDM management.