Cisco ASANext-Generation Firewall Services blend a proven, stateful inspection firewall with next-generation capabilities and a host of additional network-based security controls for end-to-end network intelligence and streamlined security operations. Cisco ASA Next-Generation Firewall Services enable organizations to rapidly adapt to dynamic business needs while maintaining the highest levels of security. It also enables administrators to control specific behaviors within allowed micro applications and enforce differentiated policies based on the user, device, role, application type, and threat profile.

They empower enterprises to finally say “yes” to applications, devices, and the evolving global workforce. Most next-generation firewalls differ from classic firewalls in that they can identify which applications are being requested and which user has requested them. Cisco ASA Next-Generation Firewall Services provide the application and user ID awareness that is essential for any next-generation firewall. In addition, they deliver:

  • Precise application visibility and control, including behavior controls within allowed micro applications
  • Reputation-based web security
  • Passive and active authentication
  • User device information
  • Near-real-time threat protection

Cisco ASA Next-Generation Firewall Services use threat intelligence feeds from Cisco Security Intelligence Operations (SIO), which employ the global footprint of Cisco security deployments (more than 2million devices) to analyze 70 percent of the world’s Internet traffic from email, intrusion prevention system (IPS) activity, and web threat vectors. The feeds are updated every three to five minutes for near-real-time protection from zero-day threats.

Nope! Cisco ASA Next-Generation Firewall Services enable organizations to continue to use their existing firewall rules and objects while adding richer, context-aware rules that can act intelligently on contextual information. Cisco ASA Next-Generation Firewall Services support Layer 3 and Layer 4 stateful firewall features, including access control, network address translation, and stateful inspection. Organizations can keep their existing stateful inspection firewall policies while adding rich Layer 7 context-aware rules.

Cisco ASA Next-Generation Firewall Services employ deep packet inspection for application recognition and therefore do not require a separate connection per application.