Please enable JavaScript.
Coggle requires JavaScript to display documents.
Module 20: Introduction to ASA, image, image, image, image, image, image,…
Module 20: Introduction to ASA
20.1 ASA Solutions
20.1.1 ASA Firewall Models
An IOS router firewall solution is appropriate for small branch deployments and for administrators who are experienced with Cisco IOS.
Firepower 1000
This model is suitable for small office and home office (SOHO) and small business.
Firepower 2100
These models that are intended for the Internet edge of medium to large businesses.
Firepower 4100
This figure displays a 4100 series ASA that is intended for large campus and data center use.
Firepower 9300
Designed for service providers and high-performance data centers, the 9300 appliance delivers carrier-grade performance in a modular chassis.
20.1.3 Advanced ASA Firewall Features
ASA virtualization
Multiple contexts are similar to having multiple standalone devices.
High aviability whith failover
Both platforms must be identical in software, licensing, memory, and interfaces, including the Security Services Module (SSM).
Identify Firewall
The ASA provides optional, granular access control based on an association of IP addresses to Windows Active Directory login information.
20.1.4 Cisco Firepower Series
The Cisco next-generation firewall (NGFW) combines proven firewall technology with advanced threat and malware detection capabilities.
20.1.6 Review of Firewalls in Network Design
Firewalls protect inside networks from unauthorized access by users who are on an outside network. They also protect inside network users from each other.
20.1.7 ASA Firewall Modes of Operation
In routed mode, two or more interfaces separate Layer 3 networks (i.e., domains).
20.1.8 ASA Licensing Requirements
A license specifies the options that are enabled on a given ASA. Most ASA appliances come pre-installed with either a Base license or a Security Plus license.
20.2 The ASA 5506-X with FirePOWER Services
20.2.1 Overview of ASA 5506-X
The Cisco ASA 5506-X is a full-featured security appliance for small businesses, branch offices, and enterprise teleworker environments.
ASA 5506-X Front Panel
The figure below illustrates the back panel of the Cisco ASA 5506-X. The default DRAM memory is 4 GB and the default internal flash memory is 8 GB.
ASA 5506-X Backplane
The figure below shows the inside components of the Cisco ASA 5506-X.
ASA 5506-X Inside Components
20.2.2 ASA Security Levels
The ASA assigns security levels to distinguish between inside and outside networks. Security levels define the level of trustworthiness of an interface.
Security Level Settings
20.2.3 ASA 5506-X Deployment Scenarios
The ASA 5506-X is commonly used as an edge security device. It connects a small business to an ISP device, such as a DSL or cable modem, for access to the internet.
ASA Deployment in Small Branches
ASA Deployment in a Small Business
ASA Deployment in an Enterprise
