I have found the following informative video which shows how to physically install a Content Security Services (CSC) Module in a Cisco ASA 5510 firewall appliance, and also how to create the initial setup configuration of this module using the graphical ASDM GUI of ASA firewall.
The CSC module provides protection against Viruses, Spam, Spyware and other unwanted traffic that can be found in data flowing in and out of your network, so I think its one of the useful security controls that you can put in place to protect your network and data.
After the introduction of Cisco ASA software version 8.3 last year, the device’s memory requirements for low-end models have been doubled. Many firewall administrators have been discouraged from this move from Cisco because they had to upgrade their firewalls RAM memory in order to upgrade to the newest versions. Upgrading the memory not only costs money but it imposes an operational hassle as well (network downtime, need to open-up the chassis etc). I get many questions from my readers about memory upgrade guides, so the links below might be helpful for some of you.
The following table shows the new memory requirements for all Cisco ASA 5500 models for software version 8.3 and later:
I get a lot of questions regarding the meaning of user license numbers for the Cisco ASA 5505. This model is offered in three User License options. 10 users, 50 users and UL (unrestricted license). The meaning of user license basically refers to concurrent IP addresses that can communicate between Internal (inside) network and Internet (outside) interface. So, for 10 user license, only 10 concurrent internal hosts (IP addresses) can access the internet. The same applies for 50 users (only 50 concurrent IP addresses can access the Internet). For UL license, there is no such restriction.
The user licensing has also an effect on the maximum number of IP addresses that can be assigned by the DHCP server of the ASA5505 to the internal hosts. For a 10-user license, the max number of DHCP clients on the internal network is 32. For 50-user license, the max number of DHCP clients is 128.
The official explanation from Cisco regarding the Cisco ASA5505 user licensing is as follows:
“In routed mode, hosts on the inside (Business and Home VLANs) count towards the limit only when they communicate with the outside (Internet VLAN). Internet hosts are not counted towards the limit. Hosts that initiate traffic between Business and Home are also not counted towards the limit. The interface associated with the default route is considered to be the Internet interface. If there is no default route, hosts on all interfaces are counted toward the limit. In transparent mode, the interface with the lowest number of hosts is counted towards the host limit. See the show local-host command to view host limits. “
The terms “Business” and “Home” VLANs above refer to the Internal and DMZ network zones.
The 5580 is the Flag-Ship Cisco ASA model. It comes as two versions, the ASA 5580-20 and the ASA 5580-40, which differ in the performance parameters. The ASA 5580 is basically an HP Server Chassis with 6 slots on the back for inserting interface card modules. The 5580 is designed for the largest and most traffic demanding network topologies. It is ideal for high-speed data centers and large campus networks. It supports the largest firewall throughput in the hardware firewall market, with 5 Gbps (5580-20) and 10 Gbps (5580-40) capacity. It is also the only model supporting 10Gbps interfaces. Like the 5550, it does not support an embedded Security Services Module (SSM), so you cannot integrate an IDS/IPS functionality inside the same chassis.
Let’s see the features of the ASA 5580 in more detail below: Read the rest of this entry
Now let us see the next ASA model in the series which is the Cisco ASA 5550. With over one gigabit firewall performance (1.2 Gbps) this appliance can be easily used on ISP public services segments or on medium data rate campuses and data centers. From this model and up, there is no support for Security Services Module (SSM), so basically you can not include an IDS/IPS or Content Inspection functionality integrated inside the box. However, with this model you get the advantage of having eight gigabit integrated copper ports (8-10/100/100) PLUS four optical gigabit ports (4 SFPs), which means you will not run out of network port capacity easily.