BLOG: Cisco Secure Firewall – Adaptive Security Appliance (ASA) and Firepower

June 15th, 2021 BLOG: Cisco Secure Firewall – Adaptive Security Appliance (ASA) and Firepower

Pete Pavlovich
Systems Engineer

 

 

One of the longer-running firewall lines, the Cisco Adaptive Security Appliance (ASA), has been around since it was introduced by Cisco in May 2005. It succeeded in replacing three distinct lines of Cisco devices, the Cisco PIX, the Cisco IPS 4200 series, and the Cisco VPN 3000 Concentrator. After the next few years, Cisco helped relieve some worry that it did not have some of the more advanced features by releasing the next-generation ASA firewall line. The Cisco ASA cemented itself as a mainstay in many small to medium business environments across the globe.

However, on February 1st, 2021, Cisco announced that the long-running firewall line is coming to an end. While the original line of ASAs were retired years ago, the next-generation firewall line had not met its final run, until now. This market withdrawal has raised concerns for many businesses, as they are now faced with making changes to their firewall, VPN, and next-generation edge solutions. Many of these businesses have gotten to know the ASA line very well, including AnyConnect, a web-based VPN client, for their end users. So, the question now is, what to do? What is an option for these users and what is the Cisco option?

 

Cisco Firepower

Cisco developed the Firepower appliance, the heir apparent and replacement to the ASA. Firepower ran on two different codes, the ASA code and the FTD (Firepower Threat Defense) code. The ASA was the basic software, but it lacked the advanced next-gen and IPS functionality. The next-gen ASA software had a Firepower module that ran inline on top of the existing architecture of the ASA. The module then would provide IPS, Malware, and URL filtering capabilities through Firepower. The Cisco Firepower appliance now integrates the firewall capabilities with the Firepower capabilities from the module together into one solution. This solution now falls under the newly branded Cisco Secure Firewall product line.

The Secure Firewall product line touts major advanced capabilities. All under one roof, Secure Firewall Management Center provides:

  • Unified management of firewalls
  • Application control
  • IPS
  • URL filtering
  • Malware defense policies

 

Security Incident Response

The SecureX platform helps integrate with Firepower Management Center to speed up security incident response. As always, Cisco Talos, the threat intelligence organization at the center of the Cisco Security portfolio, provides one of the most accurate actionable threat intelligence products in the market today.

 

Firepower Use Cases

There is a Firepower appliance for almost any situation and solution. The ASA focused on the medium and small business, and while it had large enterprise capabilities, it didn’t garner too much traction in that field.

The Firepower 9300 series addresses the service provider and higher-end data center. These enable the creation of logical firewalls and scalable VPNs, and they provide IPS and malware protection.

The 4100 series focuses on the larger campus and data center and supports the creation of logical firewalls for deployment scalability, but on a smaller scale. The 2100 series handles large branch, commercial and enterprise industries, doing a lot of the Firepower capabilities needed.

These appliances were released in 2017, and for a while, there was nothing else in the appliance line. It wasn’t until 2019 that Cisco released the 1000 Firepower appliance line, which helped bridge the gap between ASA and Firepower for small and medium businesses.

 

Which Firepower appliance is right for you?

As the ASA product line shuts down and the Firepower appliance line continues to gain traction, it would be beneficial to see how the Firepower line can best help you. There are multiple options to utilize and to deploy, and the Firepower line is a stable and solid option for not only a data center, but your small and medium-sized business as well.

 

Mainline Security Practice

Mainline Information Systems has relationships with security providers like Cisco that are focused on network security, cloud, email, and virtual server. Our security experts help our customers architect solutions to protect their data. From analyzing the current architecture to designing and implementing a new solution, Mainline has the proficiencies necessary to put your environment on secure footing, protecting it from cyber attacks. For more information on security solutions, reach out to your Mainline representative directly, or click here with any questions.

Related Articles and More Information

BLOG: Security Challenges in a Multi-Cloud Environment

BLOG: Cisco Email Security Solutions

VLOG: (2:06) Getting More Out of Your SIEM Solution

Learn how our Security Practice can help you

Submit a Comment

Your email address will not be published. Required fields are marked *