Thursday, January 12, 2017

Next Generation Firewalls : Cisco ASA Firepowers

Next Generation Firewalls : Cisco ASA Firepowers

Cisco come-up with the next generation firewalls called Cisco ASA Firepowers which have various capabilities like NGIPS- Next Generation Intrusion Prevention, AVC- Application visibility and control, AMP- Advance Malware Prevention and URL filtering.

It can be used as a module and run differently then ASA. The ASA Firepower module can software and Hardware.

Fig 1.1- Cisco ASA Firepower


#Audience : Cisco Security ( CCIE -Security, Systems Engineer, Architecture Specialist, Network Design engineers )

Competition : Palo-Alto Firewalls, Checkpoint Firewalls, Bluecoat Firewalls , Fortinet Firewalls
  • Cisco Next generation firewalls have continuous analysis and retrospective detection feature while all other firewalls have limited feature.
  • Cisco Next generation firewalls continuously using network file trajectory feature while it is not available there in Palo-alto, Checkpoint and Fortinet Firewalls
  • Cisco Next Generation firewall have impact assessment and Security automation feature, so that feature is lacked there in other firewalls,  Cisco have adaptive threat management feature as well in their next generation firewall call ASA Firepower.
  • It also have Behavioural indicators of compromise ( loCs) included in Firepower.
  • They have inbuilt feature os user, network and endpoint awareness.
  • NGIPS- Next Generation Intrusion Prevention is signature based in Fortinet and Palo- Alto Firewalls but in Cisco Next generation Firepower, it is inbuilt.
  • They have the other features like advanced threat protection while other have limited feature.
  • You can also have Malware remediation feature in ASA Firepowers.
Study has been done for the other features also like Threat intelligence ( Talos ), Cisco ASA Firepower can handled 1.5 million of Unique malware samples per day and that is much much more than the other firewall category.

Unique study that Cisco ASA firewall can block upto 19.7 billion threats per day while other firewalls didn't have report. It also scanned 600 billion Emails while fortinet firewall can do it upto 6 billion only. It can also handled 16 billion web requests per day while in competition Fortinet can only done 35 million of web requests, what a huge margin it is and yes Cisco firepower is advanced next generation firewall with full features.

Fig 1.2- ASA Firepower 


So this is the basic features and the capability of Cisco ASA Firepower called the " Next Generation Firewall" 

It is the basic tutorial on Cisco Firepower, we will come with other stuff in the next generation firewalls and the how it works in the real environment with the traffic flow.

Networks Baseline

Author & Editor

Networks Baseline is a group of Network Engineers having the huge experience in Cisco network and architectural domain.

Popular Posts