Cisco Cisco SA520 Security Appliance Getting Started Guide
Cisco SA500 Series Security Appliances
An All-in-One UTM Security Solution for Small Businesses
Product Description
Cisco
®
SA500 Series Security Appliances, part of the Cisco
Small Business Series, are all-in-one unified threat management
(UTM) security solutions for small businesses. Combining firewall,
VPN, and optional IPS and email and content security capabilities,
the Cisco SA500 Series gives small businesses the confidence
of knowing that they are protected.
(UTM) security solutions for small businesses. Combining firewall,
VPN, and optional IPS and email and content security capabilities,
the Cisco SA500 Series gives small businesses the confidence
of knowing that they are protected.
Base Hardware Appliances
Cisco SA520
: 200 Mbps firewall throughput; 65 Mbps IPsec VPN
throughput; 15,000 connections; 50 IPsec VPN tunnels and 2 SSL
VPN seats (upgradable to 25); Gigabit Ethernet ports: 1 WAN, 4 or
8 LAN, and 1 optional DMZ/LAN/WAN
VPN seats (upgradable to 25); Gigabit Ethernet ports: 1 WAN, 4 or
8 LAN, and 1 optional DMZ/LAN/WAN
Cisco SA520W with wireless
: All features of the SA520, plus
wireless 802.11b/g/n networking
Cisco SA540 with high performance:
300 Mbps firewall
throughput; 85 Mbps IPsec VPN throughput; 40,000 connections;
100 IPsec VPN tunnels and 50 SSL VPN seats; Gigabit Ethernet
ports: 1 WAN, 8 LAN, and 1 optional DMZ/LAN/WAN port
100 IPsec VPN tunnels and 50 SSL VPN seats; Gigabit Ethernet
ports: 1 WAN, 8 LAN, and 1 optional DMZ/LAN/WAN port
Bundle Solutions
Each of the Cisco SA500 Series base hardware appliances is
available as part of the following bundles (Table 1):
available as part of the following bundles (Table 1):
SA500 UTM Web Bundle with IPS and ProtectLink Web
This bundle adds three-year licenses for intrusion prevention
(IPS) and Cisco ProtectLink Web. IPS protects against threats,
including worms, hackers, and protocol violations. It also enables
control of instant messaging (IM) and peer-to-peer traffic.
This bundle adds three-year licenses for intrusion prevention
(IPS) and Cisco ProtectLink Web. IPS protects against threats,
including worms, hackers, and protocol violations. It also enables
control of instant messaging (IM) and peer-to-peer traffic.
Cisco ProtectLink Web is a hosted service that helps protect
businesses from malware by blocking access to dangerous
websites. It also provides web filtering to block access to inap-
propriate content, helping increase employee productivity.
businesses from malware by blocking access to dangerous
websites. It also provides web filtering to block access to inap-
propriate content, helping increase employee productivity.
It offers fully customizable web filtering with more than 80 URL
categories and the option of time-of-day and day-of-week-based
policies.
categories and the option of time-of-day and day-of-week-based
policies.
SA500 UTM Email Bundle with IPS and ProtectLink Gateway
This bundle provides the same features included in the Web
bundle, plus three years of full-featured email security, includ-
ing antispam, antivirus, antiphishing, and antispyware. Cisco
ProtectLink Gateway is a hosted service that scans emails for
more than 3 million viruses and 400,000 spyware attacks before
they reach the company network. It also provides a quarantine for
blocked emails. Available for protecting 25 or 100 email addresses.
This bundle provides the same features included in the Web
bundle, plus three years of full-featured email security, includ-
ing antispam, antivirus, antiphishing, and antispyware. Cisco
ProtectLink Gateway is a hosted service that scans emails for
more than 3 million viruses and 400,000 spyware attacks before
they reach the company network. It also provides a quarantine for
blocked emails. Available for protecting 25 or 100 email addresses.
Table 1. Cisco SA500 Series Base Hardware and Bundles
SA520
SA520W with
Wireless
SA540 with
High Performance
SKUs
Base hardware (Firewall/VPN)
SA520-K9
SA520W-K9
SA540-K9
Web Bundle with IPS and ProtectLink Web (3 years)
- IPS
- Web filtering
- Web threat protection
SA520-WEB-BUN3-K9
SA520W-WEB-BUN3-K9
SA540-WEB-BUN3-K9
Email Bundle with IPS and
ProtectLink Gateway (3 years)
- IPS
- Web filtering
- Web threat protection
- Antivirus, antispam, antispware,
antiphishing
25 email
addresses
SA520-GW25-BUN3-K9
SA520W-GW25BUN3-K9
SA540-GW25-BUN3-K9
100 email
addresses
SA520-GW100BUN3-K9
SA520W-GW100BN3-K9
SA540-GW100BUN3-K9
Key Specifications
Firewall performance*
200 Mbps
200 Mbps
300 Mbps
Email/web performance*
200 Mbps
200 Mbps
300 Mbps
VPN performance*
65 Mbps
65 Mbps
85 Mbps
Connections
15,000
15,000
40,000
Ports
1 WAN
1 LAN/WAN/DMZ
4 LAN
All 10/100/1000
1 LAN/WAN/DMZ
4 LAN
All 10/100/1000
1 WAN
1 LAN/WAN/DMZ
4 LAN
All 10/100/1000
1 LAN/WAN/DMZ
4 LAN
All 10/100/1000
1 WAN
1 LAN/WAN/DMZ
8 LAN
All 10/100/1000
1 LAN/WAN/DMZ
8 LAN
All 10/100/1000
Wireless (802.11b/g/n)
No
Yes
No
Cisco client VPN
Yes
Yes
Yes
IPsec site-to-site VPN
Yes
Yes
Yes
IPsec remote access VPN
50 seats
50 seats
100 seats
SSL remote access VPN
2 seats included, optional
license upgrade to 25 seats
2 seats included, optional
license upgrade to 25 seats
50 seats included
*Performance test methodology: Maximum performance based on RFC 2544. All results are aggregate bidirectional. Actual performance may vary
depending upon network environment and configuration.
depending upon network environment and configuration.
Key Features and Benefits
•
Built-in stateful packet inspection firewall and IPS provide
business-grade protection from unwanted visitors,
unwanted traffic, and malicious attacks.
•
Demilitarized zone (DMZ) safely hosts file, web, and other
Internet-accessible servers without exposing the busi-
ness’s internal LAN network to threats.
•
Email and web security via Cisco ProtectLink products
provide full-strength, up-to-date protection at full speed.
Powered by Trend Micro, all processing happens using a
cloud-based system, reducing demand on Internet band-
width and internal network and server resources.
•
Award-winning antivirus, antispyware, antispam, and
antiphishing technology uses eight different inspection
techniques to evaluate the sender’s IP address and also to
scan email content, detecting more than 3 million different
virus patterns and more than 400,000 spyware patterns.
•
Web and URL filtering blocks known malicious websites
while limiting employee Internet access to only appropriate
or work-related websites.
•
Built-in VPN capabilities support IP Security (IPsec) or
Secure Sockets Layer (SSL) encrypted network traffic,
providing remote connections for on-the-go users, branch
offices, and telecommuting employees.