Cisco ASA 5585-X Next-Generation Firewall



Similar documents
Cisco ASA 5500-X Series Next-Generation Firewalls

Cisco ASA 5500-X Series Next-Generation Firewalls

Cisco ASA 5500-X Series Next-Generation Firewalls

Cisco ASA 5500 Series Adaptive Security Appliances for the Internet Edge

Cisco ASA 5500 and ASA 5500-X Series Next- Generation Firewalls for Small Offices and Branch Locations

Cisco ASA 5500 and 5500-X Next-Generation Firewall Series Adaptive Security Appliances for Small Offices and Branch Locations

The Cisco ASA 5500 Series Adaptive Security Appliances

The Cisco ASA 5500 Series Adaptive Security Appliances

The Cisco ASA 5500 Series Adaptive Security Appliances

Urządzenia CISCO ASA 5500, dedykowane do małych i średnich firm lub oddziałów. Porównanie modeli dotychczasowych z odpowiednikami w nowej serii 5500-X

Cisco ASA with FirePOWER Services

Cisco SR 520-T1 Secure Router

Cisco Wide Area Application Services (WAAS) Appliances

Cisco ASA 5500 Series IPS Solution

Cisco ubr7200-npe-g2 Network Processing Engine

Cisco ASA 5500 Series Adaptive Security Appliances

Cisco Secure Network Server

Cisco ASA 5500 Series Adaptive Security Appliances

Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module

ARUBA 7000 SERIES CLOUD SERVICES CONTROLLER

How To Build A Cisco Uniden Computing System

Cisco Nexus 7000 Series Supervisor Module

Cisco ASA 5500 Series Adaptive Security Appliances

INTRODUCING THE CISCO ASA 5500 SERIES

Cisco Intrusion Detection System Services Module (IDSM-2)

Cisco VPN Internal Service Module for Cisco ISR G2

Cisco IPS 4200 Series Sensors

Cisco ASA 5500 Series Adaptive Security Appliances

Cisco Nexus 7000 Series.

Cisco 7816-I5 Media Convergence Server

Cisco WAE Deployed with Cisco ACNS: Product Function Matrix. Two 10/100/1000BASE-T. Two 10/100/1000BASE- T

Cisco ASR 9001-S Router

Cisco Wide Area Virtualization Engine

Extending Performance, Versatility, and Reliability at the Provider Edge

Cisco NetFlow Generation Appliance (NGA) 3140

G-TAP A Series // Data Sheet

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Deliver More Applications for More Users

Cisco ASA 5500 Series Firewall Edition for the Enterprise

McAfee Network Security Platform A uniquely intelligent approach to network security

Delivers fast, accurate data about security threats:

McAfee Network Security Platform A uniquely intelligent approach to network security

Security Information & Event Manager (SIEM)

QuickSpecs. Models HP TippingPoint S8010F Next Generation Firewall Appliance

Cisco UCS B-Series M2 Blade Servers

Cisco IPS 4200 Series Sensors

Cisco Unified Communications 500 Series Model 560 for Small Business

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

McAfee Network Security Platform A uniquely intelligent approach to network security

Cisco M-Series Content Security Management Appliance for and Web Security Appliances

Security Information & Event Manager (SIEM)

Enhanced Performance, Versatility, High Availability, and Reliability at the Provider Edge

Cisco Enhanced High-Speed WAN Interface Cards

Cisco Nexus 7000 Series Power Supply Modules

Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection

Cisco Redundant Power System 2300

Cisco Nexus 7000 Series

Application Server V240 Platform

Cisco 2600 Series Modular Access Routers

Cisco NetFlow Generation Appliance 3240

Cisco Wide Area Application Services (WAAS) Network Module

Cisco TelePresence MSE 8000

Cisco TelePresence MSE 8000

Cisco ASA 5500 Series Firewall Edition for the Enterprise

APV9650. Application Delivery Controller

Appliance Comparison Chart

Cisco Unified Communications 500 Series Model 540 for Small Business

Appliance Comparison Chart

Cisco Unified Communications 500 Series Model 540 for Small Business

Check Point 4800 Appliance

Ixia Director TM. Powerful, All-in-One Smart Filtering with Ultra-High Port Density. Efficient Monitoring Access DATA SHEET

Enhanced Performance, Versatility, High Availability, and Reliability at the Provider Edge

Cisco 3300 Series Mobility Services Engine

Cisco UCS B440 M2 High-Performance Blade Server

Data Sheet FUJITSU Storage ETERNUS LT260 Tape System

GigaVUE HD Series // Data Sheet

Overview of Cisco 2600 Series Routers

Cisco Unified IP Phone Power Injector

Cisco C-Series and X-Series Security Appliances

Cisco NetFlow Generation Appliance (NGA) 3140

Specifications. Cisco CSS Benefits. Cisco CSS Benefits. Hardware

The On-Demand Application Delivery Controller

HP ProCurve Switch 1800 Series Overview. HP ProCurve Switch G. HP ProCurve Switch G. HP ProCurve Switch G

Extending Performance, Versatility, and Reliability at the Provider Edge

How To Use The Cisco Wide Area Application Services (Waas) Network Module

IBM Security Network Protection

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Appliance Comparison Chart

SECURITY REIMAGINED. FireEye Network Threat Prevention Platform. Threat Prevention Platform that Combats Web-based Cyber Attacks

Nokia IP Security Platforms Technical Specifications Guide Nokia Enterprise Solutions

Enterprise Switches. Accelar 8000

Content Switching Module for the Catalyst 6500 and Cisco 7600 Internet Router

SecureSphere Appliances

EMC DATA DOMAIN DEDUPLICATION STORAGE SYSTEMS

Appliance Comparison Chart

EMC DATA DOMAIN DEDUPLICATION STORAGE SYSTEMS

Transcription:

Data Sheet Next-Generation Firewall Today s enterprise networks must deal with an increasingly mobile workforce requiring anywhere, anytime access from a variety of company and personal devices. These networks must support an ever-increasing amount of data and transactions, requiring more efficient methods to scale to meet the performance levels of today s applications while ensuring the highest levels of security. The Cisco ASA 5585-X Next-Generation Firewall meets these demands. It delivers unprecedented scalability, performance, and security in a compact two-rack-unit (2RU) footprint. Using a single firewall blade, the delivers eight times the performance density of competitive firewalls. It supports the highest VPN session counts, twice as many connections per second, and four times the connection capacity of competitive firewalls. The meets the growing needs of today s most dynamic organizations. Firewall Features Support for Layer 3 and Layer 4 stateful firewall inspection features, including access control and network address translation, enables organizations to keep existing stateful inspection policies that are essential for compliance regulations. The context-aware Cisco Intrusion Prevention System (IPS) services provide the capability to act more intelligently and aggressively against threats that pose a significant risk to organizations. In addition to comprehensive stateful inspection capabilities, Layer 7 next-generation policies act intelligently on contextual information. Cisco ASA Next-Generation Firewall Services are enhanced with local intelligence from the Cisco AnyConnect Secure Mobility Client and Cisco Security Intelligence Operations (SIO). AnyConnect technology provides information on the type and location of a mobile device before it accesses the network, enabling administrators to maintain high levels of network protection and control. Threat intelligence feeds from Cisco SIO use the global footprint of Cisco security deployments (more than 1.6 million security devices) to analyze approximately one-third of the world s Internet traffic for near-real-time protection from zero-day threats. Cisco ASA Next-Generation Firewall Services deliver application, user ID, and device awareness capabilities for enhanced visibility and control of network traffic. In addition, administrators can: Prevent network intrusions based on dynamically calculated business risk Restrict web and web application usage based on the reputation of a site with Cisco Web Security Essentials (WSE) Proactively protect against Internet threats through up-to-the-minute reputation analysis and robust contentbased URL filtering Enforce differentiated policies based on the user, device, role, and application type Recognize and control more than 1000 applications and 150,000 micro applications with Cisco Application Visibility and Control (AVC) 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 11

Flexible Deployment Options The supports two hardware blades in a single 2RU chassis. The bottom slot (slot 0) hosts the ASA stateful inspection firewall module, while the top slot (slot 1) can be used for adding a dedicated Cisco IPS, Cisco Next-Generation Firewall Services, or a second stateful inspection firewall module. Multiple integrated security services within a single chassis provide broad deployment flexibility and investment protection. The ability to add a second stateful inspection firewall module doubles the firewall performance for superior scalability, performance density, and security for data center use cases. In addition, the top slot can optionally be populated with up to two I/O Modules for high interface density for mission-critical data centers that require exceptional flexibility and security. Clustering Using Cisco ASA Software Release 9.0 and above, customers can combine up to eight firewall modules in a single cluster for up to 320 Gbps of throughput, 1 million connections per second, and more than 50 million concurrent connections in as few as eight RUs. This pay as you grow model enables organizations to purchase what they need today and dynamically add more when their performance needs grow. To protect highperformance data centers from internal and external threats, the cluster can be augmented by adding up to eight Cisco IPS modules for up to 80 Gbps of IPS throughput. Cisco ASA Software clustering delivers a consistent scaling factor, irrespective of the number of units in the cluster, for a linear and predictable increase in performance. Complexity is reduced, as no changes are required to existing Layer 2 and Layer 3 networks. Support for data center designs based on the Cisco Virtual Switching System (VSS) and Cisco Virtual Port Channel (VPC) as well as the Link Aggregation Control Protocol (LACP) provides high availability (HA) with better network integration. For operational efficiency, Cisco ASA clusters are easy to manage and troubleshoot. Policies pushed to the master node are replicated across all the units within the cluster. The health, performance, and capacity statistics of the entire cluster, as well as individual units within the cluster, can be assessed from a single management console. Hitless software upgrades are supported for ease of device updates. Clustering supports HA in both active/active and active/passive modes. All units in the cluster actively pass traffic and all connection information is replicated to at least one other unit in the cluster to support N+1 HA. In addition, single and multiple contexts are supported, along with routed and transparent modes. A single configuration is maintained across all units in the cluster using automatic configuration sync. Cluster-wide statistics are provided to track resource usage. Cisco TrustSec Integration Using Cisco ASA Software Release 9.0 and above, the provides context awareness through the integration of identity-based firewall security and Cisco TrustSec security group tags for enhanced visibility and control. Identity-based firewall security provides more flexible access control to enforce policies based on user and group identities and the point of access. Administrators can write policies that correspond to business rules, a process that increases security, enhances ease of use, and requires fewer policies to manage. Similarly, Cisco TrustSec integration enables security group tags to be embedded into the network, providing administrators with the ability to develop and enforce better, more precise policies. 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 11

Cut Costs While Improving Performance and Security The Next-Generation Firewall delivers superior scalability, performance, and security to handle high data volumes without sacrificing performance. Most firewalls require up to 16RUs and 5100 watts to scale to the level of performance that the achieves with only 2RUs and 785 watts. This performance helps enterprises meet the increasing demands for network connectivity without the need to invest in additional data center space and incur the corresponding maintenance costs. Based on tests conducted by Cisco, the significantly reduces initial procurement costs by 80 percent, power consumption costs by 85 percent, and rack space requirements by 88 percent in addition to significant reductions in overall integration and management complexity and costs. In addition, you can install up to two firewall modules in a single chassis, providing scalability to 80 Gbps. Table 1 gives the capabilities of the four models, and Table 2 lists characteristics of the Cisco ASA 5585-X IPS Security Services Processor ( modules. Table 3 shows characteristics of the Cisco ASA 5585-X CX SSP 10 and 20 hardware blades. Table 1. Next-Generation Firewall Capabilities and Capacities Feature with SSP-10 with SSP-20 with SSP-40 with SSP-60 Typical use case Edge Edge Data center Data center Users or nodes Unlimited Unlimited Unlimited Unlimited Stateful Inspection firewall throughput (maximum 1* ) Stateful inspection firewall throughput (multiprotocol) 2 Concurrent firewall connections Firewall connections per second Packets (64 byte) per second 4 Gbps 10 Gbps 20 Gbps 40 Gbps 2 Gbps 5 Gbps 10 Gbps 20 Gbps 1,000,000 2,000,000 4,000,000 10,000,000 50,000 125,000 200,000 350,000 1,500,000 3,000,000 5,000,000 9,000,000 Security contexts 3 Up to 50 Up to 50 Up to 50 Up to 50 Authentication Active Directory agent, LDAP, Kerberos, NTLM Active Directory agent, LDAP, Kerberos, NTLM Active Directory agent, LDAP, Kerberos, NTLM Active Directory agent, LDAP, Kerberos, NTLM Maximum IPS 2 Gbps (with IPS SSP-10) 3 Gbps (with IPS SSP-20) 5 Gbps (with IPS SSP-40) 10 Gbps (with IPS SSP-60) throughput 4 Cisco Next-Generation Firewall throughput (multiprotocol) 5 2 Gbps 5 Gbps Not Available Not Available 1 Maximum throughput with UDP traffic measured under ideal test conditions. 2 Multiprotocol refers to a traffic profile consisting primarily of TCP-based protocols and applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS. 3 Available for the firewall feature set. 4 Firewall traffic that does not go through IPS SSP module can have higher throughput. 5 Throughput was measured using Cisco ASA CX Software Release 9.1.1 with multiprotocol traffic profile with both Cisco Application Visibility Control (AVC) and Cisco Web Security Essentials (WSE). Traffic logging was enabled as well. 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 11

Feature with SSP-10 with SSP-20 with SSP-40 Maximum VPN 1 Gbps 2 Gbps 3 Gbps 5 Gbps throughput 6 Cisco AnyConnect or clientless VPN peers Premium Cisco AnyConnect VPN peer license levels 7 Interfaces Maximum number of interfaces Integrated network management ports Integrated network ports Maximum number of integrated network ports with SSP-60 Up to 5,000 Up to 10,000 Up to 10,000 Up to 10,000 2, 10, 25, 50, 100, 250, 500, 750, 1000, 2500, and 5000 2, 10, 25, 50, 100, 250, 500, 750, 1000, 2500, 5000, and 10,000 2, 10, 25, 50, 100, 250, 500, 750, 1000, 2500, 5000, and 10,000 8-port 10/100/1000, 2-port 8-port 10/100/1000, 2-port 6-port 10/100/1000, 4-port 10 Gigabit Ethernet ** (SFP+) 10 Gigabit Ethernet ** (SFP+) 10 Gigabit Ethernet (SFP+) 16-port 10/100/1000, 4-port 10 Gigabit Ethernet ** (SFP+) (requires IPS SSP-10) 16-port 10/100/1000, 4-port 10 Gigabit Ethernet ** (SFP+) (requires IPS SSP-20) 12-port 10/100/1000,8-port 10 Gigabit Ethernet (SFP+) (requires IPS SSP-40) 2, 10, 25, 50, 100, 250, 500, 750, 1000, 2500, 5000, and 10,000 6-port 10/100/1000, 4-port 10 Gigabit Ethernet (SFP+) 12-port 10/100/1000, 8-port 10 Gigabit Ethernet (SFP+) (requires IPS SSP-60) 2-port 10/100/1000 2-port 10/100/1000 2-port 10/100/1000 2-port 10/100/1000 8-port 10/100/1000, 2-port 10 Gigabit Ethernet *** (SFP+) 16-port 10/100/1000, 4-port 10 Gigabit Ethernet *** SFP+ (SSP-10 and IPS SSP-10) 8-port 10/100/1000, 2-port 10 Gigabit Ethernet *** (SFP+) 16-port 10/100/1000, 4-port 10 Gigabit Ethernet *** SFP+ (SSP-20 and IPS SSP-20) 6-port 10/100/1000, 4-port 10 Gigabit Ethernet (SFP+) 12-port 10/100/1000,8-port 10 Gigabit Ethernet SFP+ (SSP-40 and IPS SSP-40) Interface card slots 2 2 2 2 Virtual interfaces (VLANs) Scalability High availability Redundant power 250 250 250 250 VPN clustering and load balancing Active/Active 8 and Active/Standby Supported, second power supply optional VPN clustering and load balancing Active/Active 8 and Active/Standby Supported, second power supply optional VPN clustering and load balancing Active/Active 8 and Active/Standby Supported, second power supply optional USB 2.0 ports 2 2 2 2 Serial ports 1 RJ-45, console and auxiliary 1 RJ-45, console and auxiliary 1 RJ-45, console and auxiliary 6-port 10/100/1000, 4-port 10 Gigabit Ethernet (SFP+) 12-port 10/100/1000, 8-port 10 Gigabit Ethernet SFP+ (SSP-60 and IPS SSP-60) VPN clustering and load balancing Active/Active 8 and Active/Standby Supported 1 RJ-45, console and auxiliary Rack-mountable Yes, rack mounts included Yes, rack mounts included Yes, rack mounts included Yes, rack mounts included Memory Minimum system flash 6 GB (SSP-10) 12 GB (SSP-10 and IPS SSP-10) 2 GB (SSP-10) 4 GB (SSP-10 and IPS SSP-10) Operating temperature 32 to 104 F (0 to 40 C) Relative humidity Altitude 10 to 90 percent Designed and tested for 0 to 10,000 ft (3050 m) 12 GB (SSP-20) 24 GB (SSP-20 and IPS SSP-20) 2 GB (SSP-20) 4 GB (SSP-20 and IPS SSP-20) 32 to 104 F (0 to 40 C) 10 to 90 percent Designed and tested for 0 to 10,000 ft (3050 m) 12 GB (SSP-40) 36 GB (SSP-40 and IPS SSP-40) 2 GB (SSP-40) 4 GB(SSP-40 and IPS SSP-40) 32 to 104 F (0 to 40 C) 10 to 90 percent Designed and tested for 0 to 10,000 ft (3050 m) 24 GB (SSP-60) 72 GB (SSP-60 and IPS SSP-60) 2 GB (SSP-60) 4 GB (SSP 60 and IPS SSP-60) 32 to 104 F (0 to 40 C) 10 to 90 percent Designed and tested for 0 to 10,000 ft (3050 m) Noise 65 dba max 65 dba max 65 dba max 65 dba max Temperature Relative humidity -40 to +158 F (-40 to +70 C) 5 to 95 percent -40 to +158 F (-40 to +70 C) 5 to 95 percent -40 to +158 F (-40 to +70 C) 5 to 95 percent -40 to +158 F (-40 to +70 C) 5 to 95 percent 6 VPN throughput and sessions count depend on the Cisco ASA device configuration and VPN traffic patterns. These elements should be taken into consideration as part of your capacity planning. Maximum throughput numbers are based on IPsec IKEv1 Remote Access VPN Connectivity. 7 Separately licensed feature; includes two SSL licenses with base system. 8 Available for the firewall feature set. 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 11

Feature with SSP-10 with SSP-20 with SSP-40 with SSP-60 Altitude 0 to 30,000 ft (9144 m) 0 to 30,000 ft (9144 m) 0 to 30,000 ft (9144 m) 0 to 30,000 ft (9144 m) Range line voltage 100 to 240 VAC 100 to 240 VAC 100 to 240 VAC 100 to 240 VAC Normal line voltage 100 to 240 VAC 100 to 240 VAC 100 to 240 VAC 100 to 240 VAC Maximum current 9A (100 VAC), 4.5A (200 VAC) 9A (100 VAC), 4.5A (200 VAC) 9A (100 VAC), 4.5A (200 VAC) 9A (100 VAC), 4.5A (200 VAC) Frequency 50 to 60 Hz 50 to 60 Hz 50 to 60 Hz 50 to 60 Hz Steady state Maximum peak Maximum heat dissipation Form factor Dimensions (H x W x D) Weight Safety Electromagnetic compatibility (EMC) 320W (1 SSP only) 670W (1 SSP and 1 IPS 370W (1 SSP only) 770W (1 SSP and 1 IPS 3960 BTU/hr (100 VAC), 5450 BTU/hr (200 VAC) 2 RU, 19-in. rackmountable 3.47 x 19 x 26.5 in. (8.8x 48.3 x 67.3 cm) 50 lb (22.7 kg) with 1 SSP and single power supply 62 lb (28.2 kg) with SSP and IPS-SSP and dual power supplies UL 60950-1, CAN/CSA- C22.2 No. 60950-1 EN 60950-1, IEC 60950-1, AS/NZS 60950-1GB4943 47CFR Part 15 (CFR 47) Class A, AS/NZS CISPR22 Class A, CISPR2 2 Class A, EN55022 Class A, ICES003 Class A, VCCI Class A EN61000-3-2, EN61000-3-3, KN22 Class A, CNS13438 Class A, EN50082-1, EN55024, CISPR24, EN300386, KN 61000-4 Series 320W (1 SSP only) 670W (1 SSP and 1 IPS 370W (1 SSP only) 770W (1 SSP and 1 IPS 3960 BTU/hr (100 VAC), 5450 BTU/hr (200 VAC) 2 RU, 19-in. rackmountable 3.47 x 19 x 26.5 in. (8.8x 48.3 x 67.3 cm) 50 lb (22.7 kg) with 1 SSP and single power supply 62 lb (28.2 kg) with SSP and IPS-SSP and dual power supplies UL 60950-1, CAN/CSA- C22.2 No. 60950-1 EN 60950-1, IEC 60950-1, AS/NZS 60950-1GB4943 47CFR Part 15 (CFR 47) Class A, AS/NZS CISPR22 Class A, CISPR2 2 Class A, EN55022 Class A, ICES003 Class A, VCCI Class A EN61000-3-2, EN61000-3-3, KN22 Class A, CNS13438 Class A, EN50082-1, EN55024, CISPR24, EN300386, KN 61000-4 Series 320W (1 SSP only) 670W (1 SSP and 1 IPS 370W (1 SSP only) 770W (1 SSP and 1 IPS 3960 BTU/hr (100 VAC), 5450 BTU/hr (200 VAC) 2 RU, 19-in. rackmountable 3.47 x 19 x 26.5 in. (8.8x 48.3 x 67.3 cm) 50 lb (22.7 kg) with 1 SSP and single power supply 62 lb (28.2 kg) with SSP and IPS-SSP and dual power supplies UL 60950-1, CAN/CSA- C22.2 No. 60950-1 EN 60950-1, IEC 60950-1, AS/NZS 60950-1GB4943 47CFR Part 15 (CFR 47) Class A, AS/NZS CISPR22 Class A, CISPR2 2 Class A, EN55022 Class A, ICES003 Class A, VCCI Class A EN61000-3-2, EN61000-3-3, KN22 Class A, CNS13438 Class A, EN50082-1, EN55024, CISPR24, EN300386, KN 61000-4 Series 320W (1 SSP only) 670W (1 SSP and 1 IPS 370W (1 SSP only) 770W (1 SSP and 1 IPS 3960 BTU/hr (100 VAC), 5450 BTU/hr (200 VAC) 2 RU, 19-in. rackmountable 3.47 x 19 x 26.5 in. (8.8x 48.3 x 67.3 cm) 50 lb (22.7 kg) with 1 SSP and single power supply 62 lb (28.2 kg) with SSP and IPS-SSP and dual power supplies UL 60950-1, CAN/CSA- C22.2 No. 60950-1 EN 60950-1, IEC 60950-1, AS/NZS 60950-1GB4943 47CFR Part 15 (CFR 47) Class A, AS/NZS CISPR22 Class A, CISPR2 2 Class A, EN55022 Class A, ICES003 Class A, VCCI Class A EN61000-3-2, EN61000-3-3, KN22 Class A, CNS13438 Class A, EN50082-1, EN55024, CISPR24, EN300386, KN 61000-4 Series Note: Performance numbers were tested and validated with Cisco ASA Software Release 8.4. Table 2. Characteristics of IPS Security Services Processor Modules Feature IPS SSP-10 IPS SSP-20 IPS SSP-40 IPS SSP-60 Cisco IPS throughput 2 Gbps 3 Gbps 5 Gbps 10 Gbps Technical Specifications Memory 6 GB 12 GB 24 GB 48 GB Flash 2 GB 2 GB 2 GB 2 GB Environmental Operating Ranges Operating Temperature Relative humidity 0 to 104 F (0 to 40 C) 10 to 90 percent 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 11

Feature IPS SSP-10 IPS SSP-20 IPS SSP-40 IPS SSP-60 Nonoperating Temperature Power output (from power supply) Power consumption Physical Specifications Dimensions (H x W x D) Weight -40 to +158 F (-40 to +70 C) 400W maximum 1.70 x 17.20 x 15.60 in. (4.32 x 43.69 x 39.62 cm) 11.5 lb (5.2 kg) Regulatory and Standards Compliance Safety UL 60950-1, CAN/CSA-C22.2 No. 60950-1 EN 60950-1, IEC 60950-1, AS/NZS 60950-1 GB4943 Electromagnetic Compatibility (EMC) 47CFR Part 15 (CFR 47) Class A, AS/NZS CISPR22 Class A, CISPR2 2 Class A, EN55022 Class A, ICES003 Class A, VCCI Class A EN61000-3-2, EN61000-3-3, KN22 Class A, CNS13438 Class A, EN50082-1, EN55024, CISPR24, EN300386, KN 61000-4 Series Table 3. Characteristics of CX Security Services Processor 10 and 20 Hardware Blades Product Model CX SSP-10 CX SSP-20 Technical Specifications Memory 12 GB 24 GB Disk storage 600 GB 600 GB Hot-swappable hard disk Yes Yes RAID level and controller RAID 1, Software RAID 1, Software Minimum flash 8 GB 8 GB Environmental Operating Ranges Operating temperature 50 to 95ºF (10 to 35ºC) 50 to 95ºF (10 to 35ºC) Relative humidity 10 to 90% () 10 to 90% () Nonoperating temperature -40 to 158ºF (-40 to 70ºC) -40 to 158ºF (-40 to 70ºC) Relative humidity 5 to 95% () 5 to 95% () Altitude 0 to 30,000 ft (9144 m) 0 to 30,000 ft (9144 m) Power Consumption and Mean Time Between Failures Maximum peak 400W 400W Steady State Mean time between failures (MTBF) 109,887 hrs 87,829 hrs Physical Specifications Dimensions (H x W x D) 1.70 x 6.80 x 11.00 in (4.32 x 17.27 x 27.94 cm) 1.70 x 6.80 x 11.00 in (4.32 x 17.27 x 27.94 cm) Weight 3.00 lb (1.36 kg) 3.00 lb (1.36 kg) Management Features Management and monitoring interface Configuration, logging, and monitoring 2 Ethernet 10/100/1000 ports 2 Ethernet 10/100/1000 ports Basic Cisco Prime Security Manager Basic Cisco Prime Security Manager Reporting Basic Cisco Prime Security Manager Basic Cisco Prime Security Manager 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 11

Product Model CX SSP-10 CX SSP-20 Centralized configuration, logging, monitoring, and reporting Multidevice Cisco Prime Security Manager Multidevice Cisco Prime Security Manager Regulatory and Standards Compliance Safety UL 60950 Electromagnetic compatibility (EMC) CSA C22.2 No. 60950 EN 60950 IEC 60950 AS/NZS60950 CE marking FCC Part 15 Class A AS/NZS CISPR22 Class A VCCI Class A EN55022 Class A CISPR22 Class A EN61000-3-2 EN61000-3-3 UL 60950 CSA C22.2 No. 60950 EN 60950 IEC 60950 AS/NZS60950 CE marking FCC Part 15 Class A AS/NZS CISPR22 Class A VCCI Class A EN55022 Class A CISPR22 Class A EN61000-3-2 EN61000-3-3 I/O Modules Mission-critical data centers running Cisco ASA Software Release 8.4.4 and later can use the top slot of the Cisco ASA 5585-X to add up to two I/O modules for exceptional flexibility and security. With two Cisco ASA 5585-X I/O modules, a single can support up to twenty 10 Gigabit Ethernet ports or up to 50 1 Gigabit Ethernet ports. Using the Divider, the top slot is partitioned into two half-slots, with each I/O module occupying one half-slot. When only one I/O module is installed, a half-slot blank cover is required to cover the empty half-slot. Table 4 describes each of the I/O modules in more detail. Table 4. I/O Modules Product Description Number of Ports Product Part Number Configuration Options SFP/SFP+ Ports SFP Ports 10/100/1000BASE-T Ports 8-port 10 4-port 10 20-port 1 8 - - ASA5585-NM-8-10GE 4 - - ASA5585-NM-4-10GE - 12 8 ASA5585-NM-20-1GE slot divider - - - ASA5585-SEPTUM half-slot cover - - - ASA5585-BLANK-H Spares 8-port 10 4-port 10 2-port 1 8 - - ASA5585-NM-8-10GE= 4 - - ASA5585-NM-4-10GE= - 12 8 ASA5585-NM-20-1GE= slot divider - - - ASA5585-SEPTUM= half-slot cover - - - ASA5585-BLANK-H= 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 11

Table 5 lists the 10 Gigabit Ethernet Enhanced Small Form-Factor Pluggable (SFP+) and 1 Gigabit Ethernet SFPs that are supported. Table 5. Supported SFP and SFP+ Modules Supported SFP modules Supported SFP+ modules Product Part Number GLC-SX-MMD GLC-LH-SMD GLC-T GLC-ZX-SMD GLC-EX-SMD SFP-10G-SR SFP-10G-LRM SFP-10G-LR SFP-10G-ER SFP-H10GB-CU1M SFP-H10GB-CU3M SFP-H10GB-CU5M SFP-H10GB-ACU7M SFP-H10GB-ACU10M Product Description Cisco 1000 Base-SX SFP module, MMF, 850nm, DOM Cisco 1000 Base-LX/LH SFP module, MMF/SMF, 1310nm, DOM Cisco 1000 Base-T copper SFP Cisco 1000 Base-EX SFP module, SMF, 1550nm, DOM Cisco 1000 Base-ZX SFP module, SMF, 1310nm, DOM 10G SR SFP+ modules 10G LRM SFP+ module 10G LR SFP+ module 10G ER SFP+ module 10G BASE-CU SFP+ cable 1 meter, passive 10G BASE-CU SFP+ cable 3 meter, passive 10G BASE-CU SFP+ cable 5 meter, passive 10G BASE-CU SFP+ cable 7 meter, active 10G BASE-CU SFP+ cable 10 meter, active Optional DC Power Supplies Service providers and data centers that require data-center-powered equipment can purchase Data Center Power Supply modules with built-in fans. These power supplies deliver up to 1150 watts of data center power for Next-Generation Firewalls. Two data center power supplies are required for each chassis. The minimum software required is Cisco ASA Software Release 8.4.5. Warranty Information Find warranty information on Cisco.com at the Product Warranties page. Ordering Information Help customers understand all the components or parts they need to purchase in order to install and use the product. To place an order, visit the Cisco Ordering Homepage. Table 6 lists part numbers for customer convenience. Table 6. Ordering Information Product Name Firewall Edition Bundles Firewall Edition SSP-10 bundle includes 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, DES license Firewall Edition SSP-10 bundle includes 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license Security Plus Firewall Edition SSP-10 bundle includes 8 Gigabit Ethernet interfaces, 2 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license Product Part Number ASA5585-S10-K8 ASA5585-S10-K9 ASA5585-S10X-K9 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 11

Product Name Firewall Edition SSP-20 bundle includes 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, DES license Firewall Edition SSP-20 bundle includes 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license Security Plus Firewall Edition SSP-20 bundle includes 8 Gigabit Ethernet interfaces, 2 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license Firewall Edition SSP-40 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, DES license Firewall Edition SSP-40 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license Firewall Edition SSP-40 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license Firewall Edition SSP-60 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license Firewall Edition SSP-60 bundle includes 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license IPS Edition Bundles IPS Edition SSP-10 IPS SSP-10 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, DES license IPS Edition SSP-10 IPS SSP-10 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license Security Plus IPS Edition SSP-10 IPS SSP-10 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 5000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license IPS Edition SSP-20 IPS SSP-20 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, DES license IPS Edition SSP-20 IPS SSP-20 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 Gigabit Ethernet SFP interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, 3DES/AES license Security Plus IPS Edition SSP-20 IPS SSP-20 bundle includes firewall services, 8 Gigabit Ethernet interfaces, 2 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license IPS Edition SSP-40 IPS SSP-40 bundle includes firewall services, 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces, 10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, DES license IPS Edition SSP-40 IPS SSP-40 bundle includes firewall services, 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces,10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license IPS Edition SSP-60 IPS SSP-60 bundle includes firewall services, 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces,10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license IPS Edition SSP-60 IPS SSP-60 bundle includes firewall services, 6 Gigabit Ethernet interfaces, 4 10 Gigabit Ethernet SFP+ interfaces, 2 Gigabit Ethernet management interfaces,10,000 IPsec VPN peers, 2 Premium VPN peers, dual AC power, 3DES/AES license SSL/IPsec VPN Edition Bundles SSL/IPsec VPN Edition SSP-10 Bundle includes 5000 IPsec VPN peers, 5000 Premium VPN peers, firewall services, 8 Gigabit Ethernet interfaces, 2 management interfaces, 3DES/AES license SSL/IPsec VPN Edition SSP-20 Bundle includes 10,000 IPsec VPN peers, 10,000 Premium VPN peers, firewall services, 8 Gigabit Ethernet interfaces, 2 management interfaces, 3DES/AES license Product Part Number ASA5585-S20-K8 ASA5585-S20-K9 ASA5585-S20X-K9 ASA5585-S40-K8 ASA5585-S40-K9 ASA5585-S40-2A-K9 ASA5585-S60-2A-K8 ASA5585-S60-2A-K9 ASA5585-S10P10-K8 ASA5585-S10P10-K9 ASA5585-S10P10XK9 ASA5585-S20P20-K8 ASA5585-S20P20-K9 ASA5585-S20P20XK9 ASA5585-S40P40-K8 ASA5585-S40P40-K9 ASA5585-S60P60-K8 ASA5585-S60P60-K9 ASA5585-S10-5K-K9 ASA5585S20-10K-K9 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 9 of 11

Product Name SSL/IPsec VPN Edition SSP-40 Bundle includes 10,000 IPsec VPN peers, 10,000 Premium VPN peers, firewall services, 8 Gigabit Ethernet interfaces, 2 management interfaces, 3DES/AES license SSL/IPsec VPN Edition SSP-60 Bundle includes 10,000 IPsec VPN peers, 10,000 Premium VPN peers, firewall services, 8 Gigabit Ethernet interfaces, 2 management interfaces, 3DES/AES license Firewall IPS VPN Premium Bundles Integrated Edition SSP-10 IPS SSP-10 Bundle with firewall services, IPS services, 5,000 IPsec VPN peers, 5,000 Premium VPN peers, 16 Gigabit Ethernet interfaces, 4 Gigabit Ethernet SFP interfaces, 4 management interfaces, 3DES/AES license Integrated Edition SSP-20 IPS SSP-20 Bundle with firewall services, IPS services, 10,000 IPsec VPN peers, 10,000 Premium VPN peers, 16 Gigabit Ethernet interfaces, 4 Gigabit Ethernet SFP interfaces, 4 management interfaces, 3DES/AES license Integrated Edition SSP-40 IPS SSP-40 Bundle with firewall services, IPS services, 10,000 IPsec VPN peers, 10,000 Premium VPN peers, 12 Gigabit Ethernet interfaces, 8 10 Gigabit Ethernet SFP+ interfaces, 4 management interfaces, 3DES/AES license Integrated Edition SSP-60 IPS SSP-60 Bundle with firewall services, IPS services, 10,000 IPsec VPN peers, 10,000 Premium VPN peers, 12 Gigabit Ethernet interfaces, 8 10 Gigabit Ethernet SFP+ interfaces, 4 management interfaces, 3DES/AES license Security Services Processors and IPS Security Services Processors Security Services Processor-10 (SSP-10) Security Services Processor-20 (SSP-20) Security Services Processor-40 (SSP-40) Security Services Processor-60 (SSP-60) IPS Security Services Processor-10 (SSP-10) IPS Security Services Processor-20 (SSP-20) IPS Security Services Processor-40 (SSP-40) IPS Security Services Processor-60 (SSP-60) DC Power Supplies Cisco ASA 5585 DC Power Supply (configurable option) Cisco ASA 5585 DC Power Supply (spare) SSP60 DC Power bundle SSP40 DC Power bundle Product Part Number ASA5585S40-10K-K9 ASA5585S60-10K-K9 ASA5585-S10P10SK9 ASA5585-S20P20SK9 ASA5585-S40P40SK9 ASA5585-S60P60SK9 ASA-SSP-10-K8= ASA-SSP-20-K8= ASA-SSP-40-K8= ASA-SSP-60-K8= ASA-SSP-IPS10-K9= ASA-SSP-IPS20-K9= ASA-SSP-IPS40-K9= ASA-SSP-IPS60-K9= ASA5585-DC-PWR ASA5585-DC-PWR= ASA5585-S60-2D-K9 ASA5585-S40-2D-K9 To Download the Software Visit the Cisco Software Center to download Cisco ASA Software. Service and Support Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. Included in the "Operate" phase of the service lifecycle are Cisco Security IntelliShield Alert Manager Service, Cisco SMARTnet, Cisco Service Provider Base, and Cisco Services for IPS. These services are suitable for enterprise, commercial, and service provider customers. Cisco Security IntelliShield Alert Manager Service provides a customizable, web-based threat and vulnerability alert service that allows organizations to easily access timely, accurate, and credible information about potential vulnerabilities in their environment. Cisco Services for IPS supports modules, platforms, and bundles of platforms and modules that feature Cisco IPS capabilities. Cisco SMARTnet and Cisco Service Provider Base support other products in this family. 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 10 of 11

For More Information For more information, please visit the following links: Cisco ASA 5500-X Series Next-Generation Firewalls: http://www.cisco.com/en/us/products/ps6120/index.html. Cisco ASA Next-Generation Firewall Services: http://www.cisco.com/en/us/products/ps12521/index.html. Cisco Cloud Web Security: http://www.cisco.com/en/us/products/ps11720/index.html. Cisco TrustSec Solutions: http://www.cisco.com/en/us/netsol/ns1051/index.html. Cisco AnyConnect Secure Mobility: http://www.cisco.com/en/us/netsol/ns1049/index.html. Cisco Security Manager: http://www.cisco.com/en/us/products/ps6498/index.html. Cisco Adaptive Security Device Manager: http://www.cisco.com/en/us/products/ps6121/index.html. Cisco Security Services: http://www.cisco.com/en/us/products/svcs/ps2961/ps2952/serv_group_home.html. Cisco ASA 5500-X Series Next-Generation Firewall Licensing Information: http://www.cisco.com/en/us/products/ps6120/products_licensing_information_listing.html. Printed in USA C78-730903-00 02/14 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 11 of 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information