![]() As an example, if HTTP is running on Port 8080 or SSH is running on Port 16022, ASA CX will still identify the traffic correctly as HTTP or SSH.ĪSA CX is delivered in two form factors: as a hardware module on the Cisco ASA 5585-X SSP 10 and ASA 5585-X SSP 20 security appliances, and as a software module supported on the Cisco ASA 5500-X Series of midrange security appliances. ![]() It can also identify traffic even when it is using nonstandard ports. As a result, administrators can easily block port- and protocol-hopping applications such as Skype and other peer-to-peer (P2P) applications for more effective security, while writing fewer policies. Application recognition is based on signatures, heuristics, and content scanning, removing the need to tie applications to ports. Specific behaviours can also be blocked within allowed micro-applications for an additional layer of control. ![]() The feeds are updated every three to five minutes for near-real-time protection from zero-day threats. It provides visibility and control into more than 1000 applications and 75,000 micro-applications, enabling organizations to provide individual or group-based access to specific components of an application while disabling other components (such as allowing Facebook for general use, while blocking Facebook games). It is also capable of near real time protection using threat intelligence feeds from Cisco Security Intelligence Operations (SIO), which employ the global footprint of Cisco security deployments (more than 2 million devices) to analyse 70 percent of the world’s Internet traffic from email, IPS, and web threat vectors. In addition, ASA CX enables administrators to control specific behaviors within allowed micro-applications, control web and web application usage based on reputation of the site, proactively protect against Internet threats, and impose differentiated policies based on the user, device, role, and application type. It delivers application and user ID awareness capabilities for greater visibility and control of network traffic, which is indispensable for next-generation firewalls. Cisco ASA CX is a fantastic blend of legacy Cisco firewall and next generation capabilities to protect your network on application level.
0 Comments
Leave a Reply. |