Cisco ASA 5500 Series Enterprise Editions Solution Overview

Transcription

1 Cisco ASA 5500 Series Enterprise Editions Solution Overview Thomas Krewedl Systems Engineer 1

2 Agenda Positioning Firewalling IDS/IPS Anti-x (Trendmicro) IPSEC / SSL VPN Pricing Modelle ASA Bundles Feature Licenses 2

3 A New Paradigm for Network Security The Cisco ASA 5500 Series Cisco s Premier Security Appliance Family Bringing Modularity to Network Security A Comprehensive Portfolio of Services Next Generation of Network Security In the tradition of Cisco routers and switches, a standard platform that can adapt and grow Deploy what you need, wherever you need it Migration destination for users of PIX 500 Series and VPN 3000 Series of Security Appliances 3

4 The Need for a New Paradigm Enterprise Security Business Needs Evolving Remote Site Internal Segmentation Increase business resiliency by controlling resource access and containing outbreaks Wireless LAN Data Center Remote Site with Internet Access Sites with local Internet access require a comprehensive set security services in a small footprint DMZ Enterprise Network DMZ Corporate LAN Public Internet Remote User Access Road warriors and mobile workers need secure access to internal corporate resources Business Partners Internet presence and ecommerce sites must be secured against hackers User Internet Access Internal users need protection when accessing the public Internet Extranet The networked business requires secure connections with partners Multiple Environments, each with specific business drivers and organizational needs 4

5 Meeting Needs Requires Many Services Complex Location-specific Requirements Internal Segmentation: Requirements Robust access control Application security Worm protection Outbreak containment Wireless LAN Remote Site Data Center Enterprise Network DMZ Corporate LAN Public Internet Remote User Access: Requirements SSL VPN IPSec VPN Client Protections Threat Defense Business Partners Operational Inefficiencies from Multiple Platforms and Consoles May Require Compromise on Protection Remote Site with Internet Access: Requirements Enterprise-grade firewall Anti-virus Anti-spyware Web security services Site to site VPN DMZ Internet Access Extranet: Requirements Trusted firewall Application controls Sophisticated logging Intrusion Detection Intrusion Prevention Analysis and Correlation Complex Design and Configuration 5

6 ASA 5500 Series Enterprise Editions Cisco ASA 5500 Firewall Edition Cisco ASA 5500 VPN Edition Cisco ASA 5500 IPS Edition Cisco ASA 5500 Anti-X Edition A Family of Tailored Packages for Location Specific Needs Enables standardization on the ASA 5500 series platform to reduce costs in management, training, and sparing Superior protection by providing the right services for the right location Simplifies design and deployment by providing pre-packaged locationspecific security solutions 6

7 ASA 5500 Series Enterprise Editions Tailored Packages to Location Specific Needs FIREWALL Edition ASA 5500 Anti-X Edition Remote Site w/ Local Internet Access Data Center IPS Edition Wireless LAN ASA 5500 IPS Edition Internal Segmentation ASA 5500 IPS Edition Corporate LAN ASA 5500 Firewall Edition Remote Access Users Protect servers and critical assets from hackers and network worms with Intrusion Prevention, worm protection and firewall services DMZ: Inbound Public Internet Services ASA 5500 VPN Edition Robust access and policy enforcement with rich application protections based on Cisco PIX Firewall. Extranet: Business Partner Access Outbound User Internet Access W! NE ANTI-X Edition Protect users from Internet threats and connect remote sites securely with Anti-X, firewall and VPN services VPN Edition Unified SSL & IPSec Remote Access Services with Unified Threat Management W! NE 7

8 Cisco ASA 5500 Series Convergence of Robust, Market-Proven Technologies Enterprise Class Market-Proven Technologies Threat Defense, Secure Connectivity Firewall Technology Cisco PIX Enterprise Class Firewall Stop unwanted guests, control instant messaging and peer-to-peer Anti-X Technology Trend Micro AV Anti-X Defenses Protect against Viruses, Spyware, Spam, and Phishing VPN Technology Cisco VPN 3000 Cisco ASA 5500 Series Network Technology Cisco Network Services Threat Protected VPN IPSec and SSL VPN combined with threat protection services Network Intelligence Routing, Resiliency, QoS, Virtualization 8

9 Cisco ASA 5500 Series Firewall Edition World-class Application Security Services Enables businesses to deploy new applications securely, while protecting valuable assets from unauthorized access Flexible, Reliable Deployment Options Provides wide range of services such as transparent firewall, virtualization, intelligent network integration, and award-winning resiliency Comprehensive Management Solutions Lower Operational Costs Cisco ASA 5500 Firewall Edition Flexible centralized management solutions provide full featured provisioning and monitoring services Cisco ASA 5500 Series Firewall Edition: Trusted technology from the most deployed firewall: Cisco PIX 9

10 Enterprise-Class Firewall Services Easy-to-Manage for Businesses of All Sizes A solid foundation: Built upon the most deployed firewall technology in the world - the Cisco PIX Security Appliance Key Benefits ASA 5500 Desktop Internet Desktop File/Web Server Server Desktop DMZ Valid Business Traffic Unwelcome Visitors, P2P, IM, and Other Unwanted Traffic Prevents unauthorized access to apps, networks, and data Protects your critical assets from unwelcome visitors Helps maximize your uptime Mitigates DoS attacks and offers high availability services Reduces wasted bandwidth and improves productivity Controls usage of peer-to-peer file sharing and instant messaging applications Enables secure deployment of next-gen voice over IP and multimedia applications Helps increase your competitive edge through collaboration 10

11 Application Inspection & Control Engines Provide Control over Application Usage & Network Access Application and protocol-aware inspection services provides strong application-layer security Performs conformance checking, state tracking, security checks, NAT/PAT support and dynamic port allocation Multimedia / Voice over IP H.323 v1-4 SIP SCCP (Skinny) GTP (3G Wireless) MGCP RTSP TAPI / JTAPI Over 30 Engin es Core Internet Protocols Specific Applications Microsoft Windows Messenger Microsoft NetMeeting Real Player Cisco IP Phones Cisco Softphones HTTP FTP TFTP SMTP / ESMTP DNS / EDNS ICMP TCP UDP Database / OS Services ILS / LDAP Oracle / SQL*Net (V1/V2) Microsoft Networking NFS RSH SunRPC / NIS+ X Windows (XDMCP) Security Services IKE IPSec PPTP 11 11

12 Cisco ASA 5500 Series IPS Edition Control Access to Critical Assets Firewall access control and application policy enforcement provide authenticated access to critical resources Accurate, Multi-vector Threat Prevention Achieves maximum attack identification via multiple analysis techniques and technologies Complete Incident Life-cycle Management Cisco ASA 5500 IPS Edition Complete solution covering Management, Monitoring, Incident Response, and Outbreak Prevention Cisco ASA 5500 Series IPS Edition: Protecting Critical Information Assets and Infrastructure 12

13 Business Context and Correlation Risk Rating & Meta Event Generator Provide Threat Context and Correlation Risk Rating: Decision support balances attack urgency with business risk Event Severity Signature Fidelity Attack Relevancy Asset Value of Target How urgent is the threat? How prone to false positive? Is attack relevant to host being attacked? How critical is this destination host? Meta Event Generator: On-device correlation links lower risk events into a high risk meta-event, triggering prevention actions Models attack behavior by correlating: - Event type - Time span DROP Event D Worm Stopped! Risk Rating A + B + C + D = WORM! High Event A Medium Drives Final Mitigation Policy Time: Event D Event C Low RISK RATING Event B

14 Multi-Vector Threat Identification Delivers Broad Anti-X and Malware protection Spyware / Adware Network Worms & Viruses Directed Attacks Traffic Cleansing Prevents installation of malware and blocks phone home communications Frees network bandwidth and controls the transmission of confidential data Controls corporate espionage Stops web defacing by preventing web attacks Prevents zombie, backdoor, and bot placement thus stopping automated attacks (e.g., denial of service (DoS) Stops the infection and propagation of malware Leverages internal development and partnership with Trend Micro Removes traffic ambiguities such as overwritten fragments, TCP segment overwrites, TTL discrepancies Simulates end host behavior to increase inspection accuracy 14

15 Introducing the Cisco ASA 5500 Series Anti-X Edition Enterprise-grade Firewall Built on industry s most trusted and deployed Cisco PIX firewall technology for solid access and policy control High-quality Malware Protection Based on Trend Micro s time tested and market proven technology and business processes for uncompromising security Unified Security and Content Control Cisco ASA 5500 Anti-X Edition Provides everything you need for small office, remote office and kiosks in a single device Cisco ASA 5500 Series Anti-X Edition: Protecting Clients Using the Public Internet 15

16 Market Leading Anti-X Threat Mitigation Comprehensive Malware Protection Comprehensive Protection: Anti-virus Anti-spam Anti-spyware Anti-phishing Spam Viruses Internet Spyware ASA 5500 Phishing Detailed Filtering: URL Filtering Content Filtering Comprehensive Analysis of: Web Traffic and Webmail File Transfers Inappropriate Web Browsing 16

17 Comprehensive Malware Protection Antivirus and Anti-Spyware Security Key Benefits ASA 5500 and CSC SSM Desktop Clean File Internet Desktop File/Web Server Server Desktop DMZ Antivirus: Real-time detection and cleanup of file-based viruses and malicious code at the gateway for SMTP, HTTP, and FTP Internet traffic Anti-Spyware: Comprehensive protection from dangerous spyware that can drain productivity or steal personal and corporate data Maximizes Protection Stops threats before they enter your network Prevents Business Disruption Stops threats before they enter your network Reduces Clean Up Costs Stops threats before they enter your network Minimizes Operational Costs Automated 24x7 updates with marginal operator input 17

18 Advanced Content Filtering URL / Content Filtering and Anti-Phishing Key Benefits ASA 5500 and CSC-SSM Desktop Internet Desktop Desktop URL Blocking and Filtering: Block inappropriate and non-work-related content to improve productivity, optimize network resources, and protect proprietary information Content Filtering: Enable you to allow or prohibit traffic containing key words or phrases Anti-Phishing: Guard against identity theft and protects confidential company information by blocking outbound data to known phishing-related Web site At least 130 reported breaches have exposed more than 55 million Americans to potential ID theft this year USA Today, 1/06 Vigilant Updates Ever-expanding database of known phishing sites, spyware sites, and disease vectors Increases Employee Productivity Stops threats before they enter your network Recaptures Network Resources Rids the network of superfluous traffic Reduces Liability Minimizes risk of identity theft and information leakage URL & CONTENT FILTERING 18

19 Integrated Message Security Anti-Spam Filters Out Unwanted s Key Benefits ASA 5500 and CSC-SSM Desktop Internet Desktop Increases Productivity Filters unwelcome traffic minimizing employee distraction Frees IT Resources Unclogs network transmissions of non-business-relevant traffic Desktop Anti-Spam: Remove most unsolicited before it hits the mail server, increasing employee productivity and preventing wastage of network bandwidth and storage Source: Brightmail, May

20 Content Security and Control SSM: Product Details and Licenses Platforms / Subscription Levels CSC SSM-10 CSC SSM User 100 User 500 User 250 User 500 User 750 User 1,000 User Feature Sets Base Services: Cisco ASA 5500 Series Content Security and Control Module (CSC SSM) File-based Anti-Virus and malware filtering; Anti-Spyware Plus License: Anti-Spam, Content Filtering, AntiPhishing, URL Filtering & Blocking Note: License Packages subject to change prior to FCS 20

21 Obtaining the CSC module - licensing continued The customer buy the hardware Separately as spare Part of ASA bundle Selectable option for ASA platform 1 st year software/pattern subscription service included with initial purchase. SMARTnet is purchased to support the hardware and base software. Year 2+ the customer purchases SMARTnet from Cisco for the hardware and ASA software Subscription renewal for pattern/signature updates directly from Trend Micro. Customer must continue subscription with Trend Micro Support for the Trend Micro application (CSC) is included in SMARTnet. 21

22 Introducing the Cisco ASA 5500 Series VPN Edition VPN for Any Deployment Environment Clientless and full network VPN access delivers unsurpassed customizability for diverse requirements Threat Protected VPN Integrated endpoint and network security technologies ensure the VPN is not a conduit for damaging security threats Making VPNs More Cost Effective Cisco ASA 5500 VPN Edition Integrated load balancing, network intelligence and security reduces the number of devices required to scale and secure the VPN Cisco ASA 5500 Series VPN Edition: Scalable, Secure SSL and IPSec VPN Remote Access 22

23 Cisco VPN Services for Any Deployment Scenario SSL and IPSec VPN Services with Comprehensive Security Supply Partner Requires access to ordering databases Flexible Access Scenarios: Site-to-Site Connectivity IPSec & SSL VPN Remote Access Branch Office Requires Site-to-Site Internet Hourly Employee Requires access to online schedule and timesheets (specific apps) Employee at Home Requires consistent LAN-like access ASA 5500 Armored VPN: Firewall and Anti-X Services Stop Threats Inspect/Control VPN Sessions Integrated Malware Mitigation Unified User Management 23

24 Threat Protected VPN Leveraging On-Board Security to Protect the VPN Threat Vector Application Firewall & Access Control: Application Inspection/Control Granular, Per-User/Group Access Control Protocol Anomaly Detection Stateful Traffic Filtering Remote Access VPN User Virus Spyware Unwanted Application Threat Mitigation: Incident Control Virus Detection Worm Mitigation Spyware Detection Internet ASA 5500 Comprehensive Endpoint Security: Pre-Connection Posture Assessment Malware Mitigation Session/Data Security Post-Session Clean-Up 24

25 Customizable Remote Application Access Full Network Access: IPSec and SSL VPN ASA 5500 Customizable access and streamlined management comprehensive IPSec and SSL VPN solutions on one platform Ease of administration dynamically downloadable SSL VPN client is centrally configured and easy to update Fast initiation and operation multiple delivery methods and small download size ensures broad compatibility and rapid download 25

26 Customizable Application Access SSL VPN Client for WebVPN Leverages depth of Cisco encryption client experience to deliver a lightweight, stable and easy-to-support SSL VPN tunneling client Features Benefits Enables IPSec-like application access through web-pushed client Fast client download time Less than 250KB download via Java, Active X or.exe No re-boot required after installation Client may be either removed at end of session or left permanently installed Compatible with Cisco Softphone for VoIP support Touchless central site configuration Multiple delivery methods ensure broad compatibility No reboot = happy users No trace of client after session provides better security Touchless administration Multimedia data, voice desktops for greatest user productivity Win 2000 and XP only 26

27 Customizable Remote Application Access Clientless Access ASA 5500 Fully clientless web-based network access allows anywhere access to network resources Web content transformation provides excellent compatibility with web pages containing Java, ActiveX, complex HTML and JavaScript Multiple browser support ensures broad connection compatibility Uniform and efficient application delivery via fully clientless Citrix support Customizable user portal for ease of use and enhanced user experience 27

28 Optimizing SSL VPN Application Performance Enhancing the End-User Experience Optimized Application Access Enhancing Performance of Resource-Intensive Applications like OWA and Lotus inotes Safe Caching Safe caching head-end device and remote client cache non-security impacting information Improves application response times for end-users Improves application performance by reducing latency Increases performance for resource-intensive applications across SSL-VPN, such as Outlook Web Access (OWA) and Lotus inotes Compression GZIP compression support reduces bandwidth consumption Benefits both SSL VPN Client and Clientless modes 28

29 Clientless User Portal Customizability Control look and feel of portal on per-group basis Filter portal to file, URL and server level WebVPN portal dynamically customizable based on access controls Customizable Banner Graphic Customizable Banner Message Customizable Access Methods Customizable Colors and Sections Customizable Links, Network Resource Access 29

30 WebVPN Clientless Access Fully Clientless Citrix Support Port Forwarding Applet Download Slow download, software conflicts, browser blocks applet Citrix Server Microsoft Office Mainframe Access Typical SSL VPN Citrix Support Citrix support requires vendor SSL Client or Java applets or other system resident software Slow application initiation May not function due to browser security settings Potential software conflicts, especially on non-managed systems Citrix Server Microsoft Office Mainframe Access Fully Clientless Citrix Support Cisco Citrix Support Fully clientless Citrix Access Fast initiation time nothing additional to download High performance no local application translation Not impacted by differences in browser preference or security settings Highly stable no potential for client software conflicts 30

31 Clientless Thick-Client Application Access Port Forwarding Supplements pure clientless web browser access by providing connectivity to non-webified thick client applications like: POP, SMTP or IMAP Outlook, Notes, etc. Instant messaging Calendar Client-initiated TCP-based applications like Telnet Java-based applet (Sun JVM v1.4+) Less than 100KB download 31

32 Wireless Device Access Clientless Pocket PC Support Pocket PC 2003 Browser: Pocket Internet Explorer (PIE) Software: Microsoft + Manufacture OEMs The built in browser with Pocket PC 2003 is compatible with WebVPN clientless access. Internet ASA

33 Cisco Secure Desktop How it Works Step One: A user on the road connects with the concentrator and the Cisco Secure Desktop is pushed down to the endpoint Step Two: An encrypted sandbox or hard drive partition is created for the user to work in Step Three: The user logs in Step Four: At Logout the Virtual Desktop that the user has been working in is eradicated and the user is notified Cisco Secure Clientless Desktop SSL VPN Note: CSD download and eradication is seamless to the user. If the user forgets to terminate the session autotimeout will close the session www and erase all session information ASA 5500 EmployeeOwned Desktop Windows 2000 and XP only 33

34 Cisco Secure Desktop Malware Detection Features: At session initiation CSD checks the host system for abnormal drivers indicating the presence of keystroke logging programs CSD prompts the user to select and terminate the suspicious modules before loading the Secure Desktop If the user does not terminate all associated/unrecognized keystroke loggers the secure desktop is unloaded User is notified during the session if a keystroke logger is attempting install from within the secure desktop Remote User Public Machine CSD can also be configured to check for the Microsoft AntiSpyware Software before the session 34

35 Cache Cleaner for Linux and Mac Running the Cache Cleaner on Host Machines Remote Machine The Cache Cleaner provides for the disabling or erasing all data that was downloaded, input, or created in the browser including file downloads, configuration changes, cached browser information, passwords entered, and auto-complete information. The Cache Cleaner can be used with: Macintosh (MacOS X) - Safari 1.0 or later Red Hat Linux v9 - Mozilla 1.1 or later on As a subset of Cisco Secure Desktop for Windows 98, Me, NT4, 2000, and XP Explorer 5.0 or later 35

36 Cisco Adaptive Security Device Manager (ASDM) World-class Unified Threat Management and Monitoring Simplified security deployment and configuration via easy to use wizards and management tools, specially designed for today s SMB administrator New! Enhance operational efficiency via business class policy enforcement tools Ensure business continuity via real time status monitoring, and reporting tools 36 36

37 Complete Enterprise Architecture ASA 5500 Anti-X Edition CS-Manager CONFIGURATION PROVISIONING configuration, and maintenance Data Center Wireless LAN ASA 5500 IPS Edition Internal Segmentation ASA 5500 IPS Edition MONITORING ANALYSIS MITIGATION ASA 5500 VPN Edition Remote Access Users Common policy view for the enterprise DMZ: Inbound Corporate LAN CS-MARS Visualization Remote Site w/ tools to facilitate Local Internet Access deployment, ASA 5500 Firewall Edition Public Internet Network-wide Services view of topology and context Extranet: Business Partner Access Valuable analysis and Outbound User Internet reports Access 37

38 Managing ASA in the Enterprise: Provisioning Large Scale Deployments CISCO SECURITY MANAGER Enables Management of an Integrated Security Fabric Domain-based Policy Enforcement for End-to-End Management Scalable, Distributed Deployment Flexible modes for Efficient dayto-day policy administration Simultaneous management of ASA 5500 series and existing Cisco security solutions FABRIC 38

39 Managing ASA in the Enterprise: Threat Management CISCO SECURITY MARS Higher Network Availability Through Faster Threat Mitigation FABRIC Rapid threat identification Topology awareness for focused mitigation Data correlation for advanced protection Eases migration through multi-vendor support 39

40 CS-MARS Provides Security Monitoring, Analysis, and Response Broad event coverage Correlation and summarization Identify session flows Map attack path to network topology Mitigation enforcement devices are identified Exact mitigation command is provided 40

41 Cisco ASA 5500 Series in Summary Cisco ASA 5500 Series Adding Value to the Business Superior protection through location-specific security Decreases operational costs by standardizing on one family Simplifies design and management Part of a greater whole Cisco Self-Defending Network 41

42 Cisco ASA 5500 Models Comparison 42

43 ASA Models Comparison Cisco ASA 5500 Series Model/License Sec Plus Cisco ASA Software Version 7.1(2) 7.1(2) 7.1(2) 7.1(2) Market SMB SMB, Enterprise Enterprise Performance Summary Maximum firewall throughput (Mbps) Maximum 3DES/AES VPN (Mbps) Maximum IPSEC VPN Peers ,000 Maximum WebVPN Peers Maximum connections 50, , , ,000 Maximum connections/second 6,000 6,000 9,000 20,000 Large Enterprise 43

44 ASA Models Comparison Cisco ASA 5500 Series Model/License Sec Plus Cisco ASA Software Version 7.1(2) 7.1(2) 7.1(2) 7.1(2) Technical Summary Memory (MB) System flash (MB) Integrated ports 3-10/100, 1-10/100 OOB2 5-10/ /100/1000, 1-10/ /100/1000, 1-10/100 Maximum virtual interfaces (VLANs) Integrated VPN acceleration Yes Yes Yes Yes SSM expansion slot Yes Yes Yes Yes 44

45 ASA Models Comparison Cisco ASA 5500 Series Model/License Sec Plus 5520 Cisco ASA Software Version 7.1(2) 7.1(2) 7.1(2) 7.1(2) SSM Capabilities 5540 SSMs supported CSC SSM, AIP SSM, 4GE SSM CSC SSM, AIP SSM, 4GE SSM CSC SSM, AIP SSM, 4GE SSM CSC SSM, AIP SSM, 4GE SSM Maximum concurrent threat mitigation throughput (Mbps) (Firewall + IPS Services) 150 with AIP-SSM with AIPSSM with AIPSSM with AIPSSM (CSC-SSM-10) 1000 (CSC-SSM-20) 500 (CSC-SSM10) 1000 (CSCSSM-20) 500 (CSC-SSM10) 1000 (CSCSSM-20) 500 (CSC-SSM10) 1000 (CSC-SSM20) Anti Spam, Anti Phishing, URL Filtering Anti Spam, Anti Phishing, URL Filtering Anti Spam, Anti Phishing, URL Filtering Anti Spam, Anti Phishing, URL Filtering SSM Capabilities CSC SSM, AIP SSM, 4GE SSM CSC SSM, AIP SSM, 4GE SSM CSC SSM, AIP SSM, 4GE SSM CSC SSM, AIP SSM, 4GE SSM SSMs supported 150 with AIP-SSM with AIPSSM with AIPSSM with AIPSSM-20 Maximum Number of users for Anti Virus, Anti Spyware scanning (CSC SSM only) Plus features on CSC SSM 45

46 ASA Models Comparison Cisco ASA 5500 Series Model/License Security Plus Cisco ASA Software Version 7.1(2) 7.1(2) 7.1(2) 7.1(2) Application layer security Yes Yes Yes Yes Layer 2 transparent firewalling Yes Yes Yes Yes Security contexts (included/maximum)3 0/0 0/0 2/10 2/50 GTP/GPRS inspection3 No No Yes Yes High availability support4 Not supported A/S A/A and A/S A/A and A/S Intrusion Prevention (IPS) and network antivirus Yes, with AIP-SSM Yes, with AIP-SSM Yes, with AIP-SSM Key Features Yes, with AIP-SSM 46

47 Cisco ASA 5500 Bundels and Pricing 47

48 ASA Bundel Pricing Cisco ASA 5500 Series Firewall Edition Bundles Product Number Product Description Price ASA5510-BUN-K9 ASA 5510 Appliance with SW, 3FE, 3DES/AES USD 3, ASA5510-SEC-BUN-K9 ASA 5510 Security Plus Appliance with SW, HA, 5FE, 3DES/AES USD 4, ASA5520-BUN-K9 ASA 5520 Appliance with SW, HA, 4GE+1FE, 3DES/AES USD 7, ASA5540-BUN-K9 ASA 5540 Appliance with SW, HA, 4GE+1FE, 3DES/AES USD 16, Cisco ASA 5500 Series Anti-X Edition Bundles Product Number Product Description ASA5510-CSC10-K9 ASA 5510 Appl w/ CSC10, SW, 50 Usr AV/Spy, 1 YR Subscript USD 7, ASA5510-CSC20-K9 ASA 5510 Appl w/ CSC20, SW, 500 Usr AV/Spy, 1 YR Subscript USD 12, ASA5520-CSC10-K9 ASA 5520 Appl w/ CSC10, SW, 50 Usr AV/Spy, 1 YR Subscript USD 11, ASA5520-CSC20-K9 ASA 5520 Appl w/ CSC20, SW, 500 Usr AV/Spy, 1 YR Subscript USD 16, Price 48

49 ASA Bundel Pricing Cisco ASA 5500 Anti-X Licenses Product Number Product Description ASA-CSC10-PLUS ASA 5500 CSC SSM10 Plus Lic. (Spam/URL/Phish, 1Yr Subscript) USD 1, ASA-CSC20-PLUS ASA 5500 CSC SSM20 Plus Lic. (Spam/URL/Phish, 1Yr Subscript) USD 3, ASA-CSC10-USR-100 ASA 5500 Content Security SSM User License USD ASA-CSC10-USR-250 ASA 5500 Content Security SSM User License USD 1, ASA-CSC10-USR-500 ASA 5500 Content Security SSM User License USD 5, ASA-CSC20-USR-750 ASA 5500 Content Security SSM User License USD 3, ASA-CSC20-USR-1K ASA 5500 Content Security SSM User License USD 6, Price 49

50 ASA Bundel Pricing Cisco ASA 5500 Series IPS Edition Bundles Product Number Product Description Price ASA5510-AIP10-K9 ASA 5510 Appliance with AIP-SSM-10, SW, 3FE, 3DES/AES ASA5520-AIP10-K9 ASA 5520 Appliance w/ AIP-SSM-10, SW, HA, 4GE+1FE, 3DES/AES USD 12, ASA5520-AIP20-K9 ASA 5520 Appliance w/ AIP-SSM-20, SW, HA, 4GE+1FE, 3DES/AES USD 15, ASA5540-AIP20-K9 ASA 5550 Appliance w/ AIP-SSM-20, SW, HA, 4GE+1FE, 3DES/AES USD 24, USD 7, CON-SUSA for ASA 5500 Series Products CON-SUSA for ASA 5500 Series Products Product Number Product Description CON-SUSA-AS1A10K9 IPS SIGNATURE ONLY ASA5510 w/ AIP-SSM-10, 3 FE, 3DES/AES USD CON-SUSA-AS2A10K9 IPS SIGNATURE ONLY ASA5520 w AIP-SSM-10, 4GE+1FE, 3DES/AES USD CON-SUSA-AS2A20K9 IPS SIGNATURE ONLY ASA5520 w AIP-SSM-20, 4GE+1FE, 3DES/AES USD CON-SUSA-AS4A20K9 IPS SIGNATURE ONLY ASA5540 w AIP-SSM-20,4GE + 1FE,3DES/AES USD Price 50

51 ASA Bundel Pricing Cisco ASA 5500 Series SSL VPN Edition Bundles Product Number Product Description Price ASA5510-SSL50-K9 ASA 5510 VPN Edition w/ 50 SSL User License, 3DES/AES USD 7, ASA5510-SSL100-K9 ASA 5510 VPN Edition w/ 100 SSL User License, 3DES/AES USD 11, ASA5510-SSL250-K9 ASA 5510 VPN Edition w/ 250 SSL User License, 3DES/AES USD 23, ASA5520-SSL500-K9 ASA 5520 VPN Edition w/ 500 SSL User License, HA, 3DES/AES USD 37, ASA5540-SSL1000-K9 ASA 5540 VPN Edition w/ 1000 SSL User License, HA, 3DES/AES USD 55, Product Number Product Description ASA5500-SSL-10 ASA 5500 SSL VPN 10 User License USD 1, ASA5500-SSL-25 ASA 5500 SSL VPN 25 User License USD 3, ASA5500-SSL-50 ASA 5500 SSL VPN 50 User License USD 3, ASA5500-SSL-100 ASA 5500 SSL VPN 100 User License USD 7, ASA5500-SSL-250 ASA 5500 SSL VPN 250 User License USD 19, ASA5500-SSL-500 ASA 5500 SSL VPN 500 Peer License USD 29, ASA5500-SSL-750 ASA 5500 SSL VPN 750 User License USD 33, ASA5500-SSL-1000 ASA 5500 SSL VPN 1000 User License USD 38, Product Number 51

52 ASA Bundel Pricing Cisco ASA 5500 Modules Product Number Product Description Price ASA-SSM-AIP-10-K9= ASA 5500 AIP Security Services Module-10 USD 6, ASA-SSM-AIP-20-K9= ASA 5500 AIP Security Services Module-20 USD 10, ASA-SSM-CSC-10-K9= ASA Content Security SSM-10 w/ 50 Usr AV/Spy, 1YR Subscript USD 4, ASA-SSM-CSC-20-K9= ASA Content Security SSM-20 w/ 500 Usr AV/Spy, 1YR Subscript USD 10, SSM-4GE= ASA Port Gigabit Ethernet SSM (RJ-45+SFP) USD 5, Cisco ASA 5500 VFW Licenses Product Number Product Description ASA5500-SC-5= ASA Security Contexts License USD 3, ASA5500-SC-10= ASA Security Contexts License USD 7, ASA5500-SC-20= ASA Security Contexts License USD 12, ASA5500-SC-50= ASA Security Contexts License USD 25, Price 52

53 Cisco ASA 5500 Series Business Edition Bundles Designed for your needs Basic High Availability Full Anti-X Cisco ASA 5510 Cisco ASA Sec Plus License Cisco ASA CSC SSM List Price Starting at $3,495 Starting at $4,495 Starting at $7,195 Platform Services App Firewall, 250 IPSec Peers, 2 SSL Peers, 10 VLANs, 3 FE Same as Basic, plus A/S Failover, 25 VLANs, 5 FE, 2X session capacity Same as Basic, plus full Anti-X services via CSC SSM Recommended Options 10, 25, 50 User SSL VPN Licenses 10, 25, 50 User SSL VPN Licenses Components Same SSL options and Sec Plus License for A/S Failover and more capacity 53