Cisco Cisco ASA 5585-X Adaptive Security Appliance 백서
Cisco and Public Sector Cyberdefense
7
Cisco NetFlow is supported on the Cisco Catalyst 6500 and 4500 Series
switches. Depending on the supervisor engine in use, an additional
service module might be required to provide hardware-accelerated
NetFlow.
switches. Depending on the supervisor engine in use, an additional
service module might be required to provide hardware-accelerated
NetFlow.
The Cisco Catalyst 6500 Series switch can also play an important role
in the detection of new security threats with its comprehensive support
of capability-enhancing
in the detection of new security threats with its comprehensive support
of capability-enhancing
service modules.
4
Service modules provide
an integrated services architecture, where security capabilities can be
handled in-line with the switches that provide forwarding capabilities.
Some benefits of an integrated services model include:
handled in-line with the switches that provide forwarding capabilities.
Some benefits of an integrated services model include:
• Scalable and “pay-as-you-grow” designs integrating security with
existing and new deployment of technologies, such as data center
server load balancing, wireless, IP telephony, and Multiprotocol Label
Switching (MPLS) segmentation
server load balancing, wireless, IP telephony, and Multiprotocol Label
Switching (MPLS) segmentation
• Depth and breadth of security services integrated with the switch
in hardware and software to enable “defense in depth” to mitigate
increasing complexity of network security threats
increasing complexity of network security threats
• High performance with dedicated hardware acceleration and
high availability to meet demands of large and mission-critical
environments
environments
• More granular and differentiated control of network access and
security at lower TCO with advanced capabilities such as managed
virtualization, allowing a single firewall or VPN service module to act as
multiple logical devices, each with its own management and policy
virtualization, allowing a single firewall or VPN service module to act as
multiple logical devices, each with its own management and policy
• Simplified network operations and management lowering operation
costs
Some of the more commonly deployed security-related Cisco Catalyst
6500 service modules are listed in Table 2.
6500 service modules are listed in Table 2.
Table 2 Cisco Catalyst 6500 Series Switch Service Modules
Service Module
Capabilities
Firewall Services Module (FWSM)
High-performance firewall with 5.5Gbps throughput per FWSM and up to 20Gbps per chassis; 100,000
connections/sec and 1 million concurrent connections; and up to 256 virtual firewalls with resource
management.
connections/sec and 1 million concurrent connections; and up to 256 virtual firewalls with resource
management.
IPsec VPN SPA
Provides IPsec VPN services without need for overlay equipment or network alteration. Delivers 2.5Gbps
encryption throughput with 3DES and AES, supports 16,000 active tunnels simultaneously.
encryption throughput with 3DES and AES, supports 16,000 active tunnels simultaneously.
Network Analysis Module (NAM):
Provides application-level visibility for real-time traffic analysis. Information can be used for VoIP quality
monitoring, curbing unproductive network traffic, optimizing WAN bandwidth.
monitoring, curbing unproductive network traffic, optimizing WAN bandwidth.
Application Control Engine (ACE):
Provides rich levels of application and network security. Includes bidirectional support for content inspection,
SSL encryption/decryption, and transaction logging for application security forensics.
SSL encryption/decryption, and transaction logging for application security forensics.
The modular architecture of the Cisco Catalyst 6500 Series switch makes it extremely versatile for positioning anywhere within the network. The
functionality provided by these service modules will be further explored when we discuss the data center and the WAN.
functionality provided by these service modules will be further explored when we discuss the data center and the WAN.
4
Many of the service module
capabilities referenced
here are also available
as standalone Cisco
appliances. Ultimately,
the choice between
an appliance-based or
integrated service-based
architecture is up to the
network designer. To
provide customers with the
maximum flexibility, Cisco
supports both architectures.
capabilities referenced
here are also available
as standalone Cisco
appliances. Ultimately,
the choice between
an appliance-based or
integrated service-based
architecture is up to the
network designer. To
provide customers with the
maximum flexibility, Cisco
supports both architectures.
Continue
Previous