A firewall is a network security device that can monitor incoming and outgoing network traffic.
It can allow or block traffic by performing simple packet filtering and stateful inspection based on ports and protocols.
A firewall establishes a barrier between trusted internal networks and untrusted outside networks.
A next-generation firewall can provide standard firewall functionality plus block threats such as advanced malware and application layer attacks.
According to Gartners definition, a next generation firewall must include:
- Standard firewall capabilities such as stateful inspection
- An integrated IPS
- Application level inspection
- Ability to leverage external security intelligence to address evolving security threats
Cisco has integrated Firepower NGIPS services with Cisco ASA firewalls.
The combination of the two services far exceed the definition set by Gartner.
The Firepower NGFW is available on the following appliances:
- Firepower series appliances
- ASA 5500-X appliances except the 5585-X
The Firepower NGFW appliance support the following software images:
ASA Software Image
The appliance runs as a legacy firewall with no Firepower services.
ASA Software Image with Firepower Services Software Image
The appliance runs two software images on the same appliance. Each one requires a separate management application. This enables the ASA to become a NGFW
Firepower Threat Defence Software Image
Merges the SA software image and Firepower services into a single image.
The Firepower Threat Defense software is also supported on ISR modules and Firepower virtual NGFW.
The Firepower images can be managed with the Firepower Management Centre or Firepower Device Manager.
The ASA images can be managed through a command line interface, Cisco security manager, Cisco Adaptive Security Device Manager or Cisco Defence Orchestrator