Cisco ASA 5516-X with FirePOWER Services
Threat-Focused Next-Generation Firewall (NGFW) Designed for a New Era of Threat
Sorry, this product is no longer available, please contact us for a replacement.
Click here for more options and pricing!
Please Note: All Prices are Inclusive of GST
Overview:
Meet the industry's first adaptive, threat-focused next-generation firewall (NGFW) designed for a new era of threat and advanced malware protection. Cisco ASA with FirePOWER Services delivers integrated threat defense for the entire attack continuum - before, during, and after an attack - by combining the proven security capabilities of the Cisco ASA firewall with the industry-leading Sourcefire threat and advanced malware protection features together in a single device. The solution uniquely extends the capabilities of the Cisco ASA 5500-X Series Next-Generation Firewalls beyond what today's NGFW solutions are capable of.
Superior Multilayered Protection
Cisco ASA with FirePOWER Services brings distinctive threat-focused next-generation security services to the Cisco ASA 5500-X Series Next-Generation Firewalls and Cisco ASA 5585-X Adaptive Security Appliance firewall products. It provides comprehensive protection from known and advanced threats, including protection against targeted and persistent malware attacks (Figure 1). Cisco ASA with FirePOWER Services features these comprehensive capabilities:
- Site-to-site and remote access VPN and advanced clustering provide highly secure, high-performance access and high availability to help ensure business continuity.
- Granular Application Visibility and Control (AVC) supports more than 3,000 application-layer and risk-based controls that can launch tailored intrusion prevention system (IPS) threat detection policies to optimize security effectiveness.
- The industry-leading Cisco ASA with FirePOWER next-generation IPS (NGIPS) provides highly effective threat prevention and full contextual awareness of users, infrastructure, applications, and content to detect multivector threats and automate defense response.
- Reputation- and category-based URL filtering offer comprehensive alerting and control over suspicious web traffic and enforce policies on hundreds of millions of URLs in more than 80 categories.
- AMP provides industry-leading breach detection effectiveness, a low total cost of ownership, and superior protection value that helps you discover, understand, and stop malware and emerging threats missed by other security layers.
Cisco ASA with FirePOWER Services
Unprecedented Network Visibility
Cisco ASA with FirePOWER Services is centrally managed by the Cisco FireSIGHT Management Center. Management Center provides security teams with comprehensive visibility into and control over activity within the network. Such visibility includes users, devices, communication between virtual machines, vulnerabilities, threats, client-side applications, files, and websites. Holistic, actionable indications of compromise (IoCs) correlate detailed network and endpoint event information and provide further visibility into malware infections.
Management Center also provides content awareness with malware file trajectory that aids infection scoping and root cause determination to speed time to remediation.
Cisco Security Manager provides scalable and centralized network operations workflow management. It integrates a powerful suite of capabilities; including policy and object management, event management, reporting, and troubleshooting for Cisco ASA firewall functions. For small-scale and simple deployments, the Cisco Adaptive Security Device Manager (ASDM) is available to provide on-device, GUI-based firewall network operations management.
Cisco's enterprise-class management tools help administrators reduce complexity with unmatched visibility and control across NGFW deployments.
Cisco FireSIGHT Management Center:
Intuitive High-level and Detailed Drill-Down Dashboards
Reduced Costs and Complexity
Cisco ASA with FirePOWER Services incorporates an integrated approach to threat defense, reducing capital and operating costs and administrative complexity. It smoothly integrates with the existing IT environment, work stream, and network fabric. The purpose-built appliance family is highly scalable, performs at up to multigigabit speeds, and provides consistent and robust security across branch, Internet edge, and data centers in both physical and virtual environments.
With Cisco FireSIGHT Management Center, administrators can streamline operations to correlate threats, assess their impact, automatically tune security policy, and easily attribute user identities to security events. Management Center continually monitors how the network is changing over time. New threats are automatically assessed to determine which can affect your business. Response efforts are then focused on remediation, and network defenses are adapted to changing threat conditions. Critical security activities such as policy tuning are automated, saving time and effort, while protections and countermeasures are maintained in an optimal state.
Cisco FireSIGHT Management Center integrates easily with third-party security solutions through the eStreamer API to streamline operation workflows and fit existing network fabrics.
Features and Benefits:
Feature | Benefits |
---|---|
Next-generation firewall | Industry's first threat-focused NGFW; provides ASA firewall functionality, advanced threat protection, and advanced breach detection and remediation combined in a single device |
Proven ASA firewall | Rich routing, stateful firewall, Network Address Translation, and dynamic clustering for high-performance, highly secure, and reliable access with Cisco AnyConnect VPN |
Market-leading NGIPS | Superior threat prevention and mitigation for both known and unknown threats |
Advanced malware protection | Detection, blocking, tracking, analysis, and remediation to protect the enterprise against targeted and persistent malware attacks |
Full contextual awareness | Policy enforcement based on complete visibility of users, mobile devices, client-side applications, communication between virtual machines, vulnerabilities, threats, and URLs |
Application control and URL filtering | Application-layer control (over applications, geolocations, users, websites) and ability to enforce usage and tailor detection policies based on custom applications and URLs |
Enterprise-class management | Dashboards and drill-down reports of discovered hosts, applications, threats, and indications of compromise for comprehensive visibility |
Streamlined operations automation | Lower operating cost and administrative complexity with threat correlation, impact assessment, automated security policy tuning, and user identification |
Purpose-built, scalable | Highly scalable security appliance architecture that performs at up to multigigabit speeds; consistent and robust security across branch, Internet edge, and data centers in physical and virtual environments |
On-device management | Simplifies advanced threat defense management for small and medium sized business with small scale deployments |
Remote Access VPN | Extends secure corporate network access beyond corporate laptops to personal mobile devices, regardless of physical location; support for Cisco AnyConnect Secure Mobility Solution, with granular, application-level VPN capability, as well as native Apple iOS and Android VPN clients |
Site-to-site VPN | Protect traffic, including VoIP and client-server application data, across the distributed enterprise and branch offices |
Third-party technology ecosystem | Open API that enables the third-party technology ecosystem to integrate with existing customer work streams |
Integration with Snort and OpenAppID | Open source security integration with Snort and OpenAppID for access to community resources and ability to easily customize security to address new and specific threats and applications quickly |
Collective Security intelligence (CSI) | Globally acclaimed security and web reputation intelligence for real-time security protection |
Technical Specifications:
Cisco ASA 5500-X Series Low-End Appliances with FirePOWER Services | |||||
---|---|---|---|---|---|
Cisco ASA 5506-X w/ FirePOWER Services | Cisco ASA 5506W-X w/ FirePOWER Services | Cisco ASA 5506H-X w/ FirePOWER Services | Cisco ASA 5508-X w/ FirePOWER Services | Cisco ASA 5516-X w/ FirePOWER Services | |
Maximum application control (AVC) throughput | 250 Mbps | 250 Mbps | 250 Mbps | 450 Mbps | 850 Mbps |
Maximum application control (AVC) and IPS throughput | 125 Mbps | 125 Mbps | 125 Mbps | 250 Mbps | 600 Mbps |
Maximum concurrent sessions | 20,000; 50000 | 20,000; 50000 | 50,000 | 100,000 | 250,000 |
Maximum New Connections per second | 5,000 | 5,000 | 5,000 | 10,000 | 20,000 |
Application control (AVC) or IPS sizing throughput [440 byte HTTP]* | 90 Mbps | 90 Mbps | 90 Mbps | 200 Mbps | 500 Mbps |
Supported applications | More than 3,000 | ||||
URL categories | 80+ | ||||
Number of URLs categorized | More than 280 million | ||||
Centralized configuration, logging, monitoring, and reporting | Multi-device Cisco Security Manager and Cisco FireSIGHT Management Center | ||||
On-Device Management | ASDM 7.3.x | ||||
Cisco ASA 5500-X Series Next-Generation Firewalls Hardware | |||||
Cisco ASA 5506-X | Cisco ASA 5506W-X | Cisco ASA 5506H-X | Cisco ASA 5508-X | Cisco ASA 5516-X | |
Stateful inspection throughput (maximum1) | 750 Mbps | 750 Mbps | 750 Mbps | 1 Gbps | 1.8 Gbps |
Stateful inspection throughput (multiprotocol2) | 300 Mbps | 300 Mbps | 300 Mbps | 500 Mbps | 900 Mbps |
Triple Data Encryption Standard/Advanced Encryption Standard (3DES/AES) VPN throughput3 | 100 Mbps | 100 Mbps | 100 Mbps | 175 Mbps | 250 Mbps |
Users/nodes | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited |
IPsec VPN peers | 10; 504 | 10; 504 | 50 | 100 | 300 |
Cisco Cloud Web Security users | 275 | 275 | 275 | 565 | 2000 |
Cisco AnyConnect Premium/Apex VPN peers (included; maximum) | 2; 504 | 2; 504 | 50 | 100 | 300 |
Virtual interfaces (VLANs) | 5; 304 | 5; 304 | 30 | 50 | 100 |
Security contexts5 (included; maximum) | N/A | N/A | N/A | 2; 5 | 2; 5 |
High availability4 | Requires Security Plus License; Active/Standby | Requires Security Plus License; Active/Standby | Requires Security Plus License; Active/Standby | Active/Active and Active/Standby | Active/Active and Active/Standby |
Integrated Wireless Access Point | N/A | Wireless Bands a/b/g/n; Max n wifi throughput 54 Mbps; internal antenna only; local management or centralized via Cisco WLC | N/A | N/A | N/A |
Expansion slot | N/A | N/A | N/A | N/A | N/A |
User-accessible Flash slot | No | No | No | No | No |
USB 2.0 ports | USB port type ‘A’, High Speed 2.0 | USB port type ‘A’, High Speed 2.0 | USB port type ‘A’, High Speed 2.0 | USB port type ‘A’, High Speed 2.0 | USB port type ‘A’, High Speed 2.0 |
Integrated I/O | 8 x 1GE | 8 x 1GE | 4 x 1GE | 8 x 1GE | 8 x 1GE |
Expansion I/O | N/A | N/A | N/A | N/A | N/A |
Dedicated management port | Yes (To be shared with Firepower services), 10/100/1000 | Yes (To be shared with FirePOWER Services), 10/100/1000 | Yes (To be shared with FirePOWER Services), 10/100/1000 Base-T, 100Base-FX, 1000Base-X | Yes (To be shared with FirePOWER Services), 10/100/1000 | Yes (To be shared with FirePOWER Services), 10/100/1000 |
Serial ports | 1 RJ-45 and Mini USB console | 1 RJ-45 and Mini USB console | 1 RJ-45 and Mini USB console | 1 RJ-45 and Mini USB console | 1 RJ-45 and Mini USB console |
Solid-state drive | 50 GB mSata6 | 50 GB mSata6 | 50 GB mSata tested for heat | 80 GB mSata6 | 100 GB mSata6 |
Memory | 4 GB | 4 GB | 4 GB | 8 GB | 12 GB |
Minimum system flash | 8 GB | 4 GB | 8 GB | 8 GB | 8 GB |
System bus | Multibus architecture | Multibus architecture | Multibus architecture | Multibus architecture | Multibus architecture |
Enivronment | |||||
Operating Temperature | 32 to 104°F (0 to 40 °C) | ||||
Operating Relative Humidity | 90 percent noncondensing | 10 to 90 percent noncondensing | |||
Operating Altitude | Designed and tested for 0 to 10,000 ft (3050 m) | ||||
Acoustic noise | Fanless 0 dBA |
Fanless 0 dBA |
Fanless 0 dBA |
41.6 A-weighted decibels (dBA) type 67.2 dBA max |
41.6 dBA type 67.2 dBA max |
Nonoperating Temperature | -13 to 158ºF (-25 to 70ºC) | -40 to 185ºF (-40 to 85ºC) | -13 to 158ºF (-25 to 70ºC) | ||
Nonoperating Relative Humidity | 10 to 95 percent noncondensing | 10 to 95 percent noncondensing | 10 to 90 percent | ||
Nonoperating Altitude | Designed and tested for 0 to 15,000 ft (4572 m) | ||||
Power - Input (per power supply) | |||||
AC range line voltage | External, 90 to 240 volts alternating current (VAC) | ||||
AC normal line voltage | 90 to 240 VAC | 100 to 240 VAC | 100 to 240 VAC | 100 to 240 VAC | 100 to 240 VAC |
AC current | N/A | N/A | N/A | 0.25AC amps | 0.25AC amps |
AC frequency | 50/60 Hz | 50/60 Hz | 50/60 Hz | 50/60 Hz | 50/60 Hz |
Dual-power supplies | None | None | None | None | Yes |
DC domestic line voltage | N/A | N/A | N/A | N/A | N/A |
DC international line voltage | N/A | N/A | N/A | N/A | N/A |
DC current | N/A | N/A | N/A | N/A | N/A |
Power - Output | |||||
Steady state | 12V @2.5A | 12V @2.5A | 5V @3.6A | 12V @ 3.0A | 12V @ 3.0A |
Maximum peak | 12V @ 5A | 12V @ 5A | 5V @4.4A | 12V @ 5.0A | 12V @ 5.0A |
Maximum heat dissipation | 103 Btu/hr | 103 Btu/hr | 103 Btu/hr | 123 Btu/hr | 123 Btu/hr |
Physical Specifications | |||||
Form Factor | Desktop | Desktop | Desktop, rack mountable, wall mountable, DIN-Rail | 1 rack unit (RU), 19-in. rack-mountable | |
Dimensions (H x W x D) | 7.871 x 9.23 x 1.72 in. (19.992 x 23.444 x 4.369 cm) |
9.05 x 9.05 x 2.72 in. (23.0 x 23.0 x 6.9 cm) |
17.2 x 11.288 x 1.72 in. (43.688 x 28.672 x 4.369 cm) |
||
Weight (with AC power supply) | 4 lb (1.82 kg) | 4 lb (1.82 kg) | 7 lb (3.18 kg) | 8 lb (3 kg) | 8 lb (3 kg) |
Safety | UL 60950 CAN/CSA-C22.2 No. 60950 EN 60950 IEC 60950 AS/NZS 60950 |
UL 60951 CAN/CSA-C22.2 No. 60951 EN 60951 IEC 60951 AS/NZS 60951 |
UL 60950 CAN/CSA-C22.2 No. 60950 EN 60950 IEC 60950 AS/NZS 60950 |
UL 60952 CAN/CSA-C22.2 No. 60952 EN 60952 IEC 60952 AS/NZS 60952 |
UL 60953 CAN/CSA-C22.2 No. 60953 EN 60953 IEC 60953 AS/NZS 60953 |
Electromagnetic compatibility (EMC) | 47 CFR Part 15 CISPR22: Edition 6.0 CNS13438 EN 300 386 V1.6.1 EN 55022 EN61000-3-2 EN61000-3-3 ICES-003 Issue 5 QCVN 54: BTTTT TCVN 7189 VCCI: V-3 CISPR24 EN 300 386 V1.6.1 EN301 489-1 v1.9.2 EN301 489-17 v2.1.1 EN301 489-24 v1.5.1 EN301 489-4 V1.4.1 EN301 489-7 v1.3.1 EN55024 QCVN 18: BTTTT TCVN 7317 |
* Activating more features will change performance
[1] Maximum throughput measured with UDP traffic under ideal conditions.
[2] Multiprotocol = Traffic profile consisting primarily of TCP-based protocols/applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS.
[3] PN throughput and sessions count depend on the ASA device configuration and VPN traffic patterns. These elements should be taken into consideration as part of your capacity planning.
[4] Separately licensed feature; includes two SSL licenses with base system.
[5] Higher specifications are associated with the Security Plus license.
[6] Usable space dependent upon system software.
[7] Derate the maximum operating temperature 1.5°C per 1000 ft above sea level.
Platform Support / Compatibility:
Cisco ASA with FirePOWER Services include Cisco ASA firewalling, AVC, URL filtering, NGIPS, and AMP. This unique set of capabilities is available on the Cisco ASA 5500-X Series NGFW platforms: Cisco ASA 5506-X, 5506W-X, 5506H-X, 5508-X, 5516-X, 5512-X, 5515-X, 5525-X, 5545-X, 5555-X, and 5585-X with Security Services Processor SSP-10, SSP-20, SSP-40, and SSP-60.
The Cisco ASA 5585-X FirePOWER Services SSP-10, SSP-20, SSP-40, and SSP-60 hardware blades are supported on the Cisco ASA 5585-X platform. Cisco ASA 5585-X SSP-10, SSP-20, SSP-40, and SSP-60 firewalls require Cisco ASA Software Release 9.2.2 and later. Cisco ASA with FirePOWER Services software is supported on the Cisco ASA 5500-X Series of next-generation midrange security appliances running Cisco ASA Software Release 9.2.2 and later. Cisco FireSIGHT Management Center and Cisco Security Manager are required to manage Cisco ASA with FirePOWER Services ASA 5512-X, 5515-X, 5525-X, 5545-X, 5555-X, and 5585-X with Security Services Processor SSP-10, SSP-20, SSP-40, and SSP-60. ASDM V 7.3.x is available on-device to manage single instance deployments of Cisco ASA 5506-X, 5506W-X, 5506H-X, 5508-X, and 5516-X with FirePOWER Services.
Documentation:
Download the Cisco ASA 5500-X Series with FirePOWER Services Datasheet (PDF).
Pricing Notes:
- All Prices are Inclusive of GST
- Pricing and product availability subject to change without notice.
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote