Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2763
Views
0
Helpful
5
Replies

utm integration with cisco asa 5510

sila-wila
Level 1
Level 1

‎06-18-2017 02:26 AM - edited ‎02-21-2020 06:11 AM

hello everyone;


We have at the level of our structure cisco equipment: firewall asa 5510 and 6509. our network includes around 4000 Ethernet jacks in addition to severel wifi access points.
We would like to incorporate a utm into our networks for features not available in the 5510 asa.
The asa has a CSC-SSM module but does not support more than 1000 users.
 Is there a possibility to complete the asa 5510 or is better to opt for a new appliance.
What type of asa allowing to have all the functionalities of a UTM
Any suggestion is welcome

0 Helpful
5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-18-2017 05:30 AM

Your ASA 5510 with CSC-SSM module is long past end of sales.

Depending on what you mean by "UTM", you may be well-served by a current model (i.e. 5516-X) ASA with FirePOWER services. That will give you the option of IPS, URL Filtering and Malware protection. It will not give you email security (a component sometimes associated with UTM).

0 Helpful

sila-wila
Level 1
Level 1
In response to Marvin Rhoads

‎06-18-2017 09:22 AM

Thank you for reply

We would like an equipment, in addition to traditional filtering, with the features of web content filtering, zero day protection, dos and ddos ​​protection, ids, ips, anti-spyware, anti-phishing. Is there a cisco product that can be aquired to complete the features not offered by the asa 5510? Or put aside the asa and buy another?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to sila-wila

‎06-18-2017 10:46 PM

As I noted the ASA with FirePOWER services provides several of those features.

Denial of Service and Distributed Denial of Service (DoS and DDos) protection are best implemented in an upstream service (i.e. with your provider or, to some extent, on an upstream router).

Phishing is delivered via email vector and thus not best protected with a device designed for email secuirty. Cisco provides both on-premises and cloud-based email security via the Email Security appliance and Cloud Email Security (ESA and CES) products. Which is best for you depends on your current and planned email environment.

0 Helpful

sila-wila
Level 1
Level 1
In response to Marvin Rhoads

‎06-19-2017 12:53 AM

hello,

The asa 5510 is directly connected to the router of our internet provider which only makes the routing and does not provide any filtering and protection. Our servers and local network are behind the asa. Our asa ensures NAT functionality and access control with ACL

I would like to know if there is a solution that will complement the functionality of the asa 5510. Otherwise we would be obliged to set aside this equipment and purchase another equipment which would incur additional costs for the organization.
For the messaging service, we could get by with linux

thanks for help

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to sila-wila

‎06-19-2017 12:59 AM

You cannot add on to the 5510 itself. As I mentioned it has not been sold for several years.

The newer models add the features I already described. If those don't meet your needs then you should consider other vendors.

In over 30 years as a network engineer and security specialist, I have never heard of an entire organization using Linux for messaging. That makes no sense to me.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card