Cisco Cisco ASA 5512-X Adaptive Security Appliance 데이터 시트
White Papers
All contents are Copyright © 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 5
The Cisco ASA 5500 as a Superior Firewall Solution
The Cisco ASA 5500 Series Adaptive Security Appliance provides leading-edge firewall
capabilities and expands to support other security services.
Firewalls provide the first line of defense in any organization’s network security infrastructure. They
do so by matching corporate policies about users’ network access rights to the connection
information surrounding each access attempt. If the variables don’t match, the firewall blocks the
access connection. If the variables do match, the firewall allows the acceptable traffic to flow
through the network.
In this way, the firewall forms the basic building block of an organization’s network security
architecture. It pays to use one with superior performance to maximize network uptime for
business-critical operations. The reason is that the rapid addition of voice, video, and collaborative
traffic to corporate networks is driving the need for firewall engines that operate at very high
speeds and that also support application-level inspection. While standard Layer 2 and Layer 3
firewalls prevent unauthorized access to internal and external networks, firewalls enhanced with
application-level inspection examine, identify, and verify application types at Layer 7 to make sure
unwanted or misbehaving application traffic doesn’t join the network. With these capabilities, the
firewall can enforce endpoint user registration and authentication and provide administrative
control over the use of multimedia applications.
The Need for Speed
As networks evolve to increase business productivity, collaboration, and communication, the
firewall is evolving in parallel. The Cisco
®
ASA 5500 Series Adaptive Security Appliance, for
example, was purpose-built to support both standard policy enforcement and application-level
firewall inspection for hundreds of application protocols. Independent third-party tests show that it
currently outperforms the other firewalls in its class. In addition, it ranked in the highest position in
worldwide market research company Gartner’s firewall “Magic Quadrant” in June 2006 for
leadership and vision.
The Cisco ASA 5500 Series’ high-performance application-inspection capabilities automate the
network to treat traffic according to detailed policies based not only on port, state, and addressing
information, but also on application information buried deep within the packet header. By
comparing this deep-packet inspection information with corporate policies, the firewall will allow or
block certain traffic. For example, it will automatically drop application traffic attempting to gain
entry to the network through an open port—even if it appears to be legitimate at the user and
connection levels—if a business’s corporate policy prohibits that application type from being on the
network.
Such unwanted traffic might consist of non-business-related, peer-to-peer traffic that consumes
large volumes of bandwidth. It might constitute instant messaging traffic other than traffic that
conforms to the corporate instant messaging standard. Or it might be any other non-critical
application traffic that the corporation chooses to filter off the network.