Cisco have finally replaced their ageing, albeit it still fantastic, SOHO firewall; The 5505.
Cisco have finally replaced their ageing, albeit it still fantastic, SOHO firewall; The 5505. Not surprisingly the model number hasn’t changed much but the architecture under the hood has had quite a refresh. We’ve got our hands on one over at Atomos Networks and I’ve got the first chance to take it for a bit of a spin.
As you may be able to tell from the above image, first impressions of the appliance are quite different to that of the previous model. It still has the 8 interfaces on the back, it’s still passive cooling, but it has a black feel that can blend in with most areas.
Tech Specs
It now boasts 4GB ram, Atom CPU running at 1200MHZ and 8GB built in flash. 8x1GB interfaces to replace the 8x100Mbit interfaces in the 5505. All these improvements you expect from a new version of any appliance. The ASDM looks the same apart from a few minor tweaks here and there. The main addition that the 5506 brings is Cisco FirePOWER services.
And FirePOWER
FirePOWER is Cisco’s new application, URL filtering and malware protection services following their acquisition of Sourcefire. Setup was a little bit cumbersome. After flicking through the initial setup page it was evident that the only way to manage the FirePOWER module was via the management interface. In version 9.4 of the code the management interface can be used as a bridge for the Sourcefire. To get it to work I had to configure another interface on the ASA for FirePOWER, configure the Sourcefire module with an IP address in the same range, and connect a physical cable from the management interface to the ASA FirePOWER interface. In my case this was gigabit 1/7. Cisco’s recommended design is to use an internal switch an have the FirePOWER on the same network range as the inside interface. Once this was completed I could finally get in to managing the FirePOWER software.
FirePOWER has its own section within the ASDM and rightly so. There are a wealth of options for configuration. The Security plus model we have is equipped with a control and application license meaning we can block certain applications such as Facebook. The interface is fairly intuitive and throws a couple of informational messages if you have conflicting rules in a policy.
Once installing the policy I thought that would be all that was required to get it to work. One thing was missing; a service policy was required to direct traffic to the FirePOWER module. Without it all traffic flows through the normal ASA traffic path without being inspected.
Final thoughts
FirePOWER is a new and welcome improvement to the ASA but still has a little way to go before it will be fully integrated into the appliance. We’ve yet to experience problems in order fully troubleshoot end to end traffic flow through both ASA and FirePOWER modules so we don’t know how tricky this may be. Also be aware that you cannot go straight from 5505 -> 5506. The new model lacks the inbuilt switching mechanism that the 5505 had and is lacking the 2 PoE ports. There is however a model that includes Wireless N. It has some good throughput stats for a SoHo firewall.
If you would like to learn more about our CiscoASA5506-X with FirePower, please contact a member of the Atomos Networks’ technical sales team on 0113 323 7722 or email sales@atomosnetworks.com
Firewalls
We treat the business of network security very seriously indeed. We're experts in this field and along with security vendors like Check Point, we view security as a business process which requires significant consideration and investment (if the scope so requires). We can provide you with world-class firewall products, all of which are next generation. Since we’re not a ‘one size fits all’ IT consultancy, we ensure that the firewall product we recommend meets the exact network security needs of your business.
Physical Security
Atomos Networks specializes in the installation and management of advanced door access systems and CCTV surveillance. We deliver tailored security solutions that combine cutting-edge technology with expert service, ensuring seamless access control and 24/7 monitoring for businesses and facilities. From planning and installation to ongoing maintenance and system management, Atomos provides end-to-end support designed to keep premises secure and operations running smoothly. Committed to reliability and innovation, the company helps clients protect their assets, monitor activity in real time, and maintain a safe environment for staff and visitors.
Web Applications
Our partner, Incapsula, provide a PCI-certified Web Application Firewall (WAF) product that ensures your website or application is protected from attacks. This solution is cost-effective and can be set up in no time at all. If you’d like more information or a free trial, simply get in touch using our contact form
Intrusion Prevention
We offer a range of industry-leading intrusion prevention systems (IPS). We can deliver this as standalone or as a part of your next generation firewall solution and it can be unmanaged or as a fully managed service. The latter really comes down to your budget, but our focus is to assist in protecting your company at all times.