routeprotocol.com

Next Generation Firewalls (NGFW)

A firewall is a network security device that can monitor incoming and outgoing network traffic.

It can allow or block traffic by performing simple packet filtering and stateful inspection based on ports and protocols.

A firewall establishes a barrier between trusted internal networks and untrusted outside networks.

A next-generation firewall can provide standard firewall functionality plus block threats such as advanced malware and application layer attacks.

According to Gartners definition, a next generation firewall must include:

  • Standard firewall capabilities such as stateful inspection
  • An integrated IPS
  • Application level inspection
  • Ability to leverage external security intelligence to address evolving security threats

Cisco has integrated Firepower NGIPS services with Cisco ASA firewalls.

The combination of the two services far exceed the definition set by Gartner.

The Firepower NGFW is available on the following appliances:

  • Firepower series appliances
  • ASA 5500-X appliances except the 5585-X

The Firepower NGFW appliance support the following software images:

ASA Software Image

The appliance runs as a legacy firewall with no Firepower services.

ASA Software Image with Firepower Services Software Image

The appliance runs two software images on the same appliance. Each one requires a separate management application. This enables the ASA to become a NGFW

Firepower Threat Defence Software Image

Merges the SA software image and Firepower services into a single image.

The Firepower Threat Defense software is also supported on ISR modules and Firepower virtual NGFW.

Management

The Firepower images can be managed with the Firepower Management Centre or Firepower Device Manager.

The ASA images can be managed through a command line interface, Cisco security manager, Cisco Adaptive Security Device Manager or Cisco Defence Orchestrator


Posted

in

, ,

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.