Implementing security in layers is the recommended network security design for protecting information assets. This approach is achieved by segmenting your network into various security zones with an ASA Firewall and applying access policies between them according to their security levels. By default Cisco ASA firewalls come with at least four 10/100/1000 network interfaces which are sometimes not enough. Considering that we need one physical interface dedicated for failover configuration (if used) and that usually one dedicated interface is used for Internet connectivity, then we are left with only two physical interfaces for further network segmentation.

Cisco 4GE SSM Network Expansion Module

By using the Cisco ASA 4-Port Gigabit Ethernet Security Services Module (4GE SSM) (shown above) you instantly expand your firewall interfaces to a total of three Fast Ethernet and six Gigabit Ethernet ports on the Cisco ASA 5510 Security Plus, and eight Gigabit Ethernet ports and one Fast Ethernet port on Cisco ASA 5520 and 5540 appliances. This gives you plenty of physical interfaces to work with and apply your security design without hardware limitations.

Related posts:

  1. Cisco ASA 5505 Network Port Interfaces
  2. Cisco IDS/IPS module for Cisco ASA Firewalls (AIP-SSM)
  3. Cisco ASA Redundant Interface Configuration

Tagged with:

Filed under: Cisco ASA Hardware

Like this post? Subscribe to my RSS feed and get loads more!