The Cisco ASA Firewall 5500-X series has evolved from the previous ASA 5500 Firewall series, designed to protect mission critical corporate networks and data centers from today’s advanced security threats.

Through sophisticated software and hardware options (modules), the ASA’s 5500-X series Firewalls support a number of greatly advanced next-generation security features that sets them apart.These include:

• Cisco Intrusion Prevention System (IPS) services. A signature based IPS solution offered as a software or hardware module depending on the ASA 5500-X appliance model.
• Cisco ASA CX Context-aware services. A software module for ASA 5500-X appliances except the ASA 5585-X where it’s offered as a hardware module. Provides IPS services, Application Visibility and Control (AVC), web security and botnet filtering.
• Cisco FirePOWER Services. Cisco’s latest software & hardware threat protection, superseding previous technologies by combining IPS and CX services plus full contextual awareness of users, infrastructure, applications and content, URL filtering with advanced malware protection (AMP). Offered as a software module for 5500-X series appliances except the 5585-X, which requires a dedicated hardware module. Note that FirePOWER services run in parallel with the classical ASA software.
• Cisco Firepower Threat Defense (FTD). This is the next step after the FirePOWER services which was released by Cisco in 2015.  While FirePOWER services run alongside with the classical Cisco ASA software, the newer Firepower Threat Defence combines the Cisco ASA Software + FirePOWER services in one software package. This is also the concept of the newer Firepower appliances (e.g 4100 & 9000 series) which run Firepower Threat Defense software. At this point, Firepower Threat Defence is under continious development but does not still support many features offered by the classical ASA software. For example at the time of writing site-to-site IP Sec VPN is still not available.

Our previous article examined Cisco’s ASA 5500 series Firewall hardware modules, which include the Content Security CSC-SSM & Intrusion Prevention System (IPS) / Intrusion Detection System (IDS) AIP-SCC / AIP-SSM modules. While these solutions are no longer sold by Cisco, they have been widely deployed in data centers and corporate networks around the world and will be supported by Cisco until 2018.

Note: To download datasheets containing technical specifications and features offered by the Cisco 5500-X Series Firewalls with FirePOWER, IPS and CX Context-aware services, visit our Cisco ASA 5500 & 5500-X Series Adaptive Security Appliances Download Section.

Since Cisco’s announcement back in 2013 regarding the discontinuation of its ASA 5500 series firewall appliances in favour of the newer 5500-X Next Generation Firewalls, customers have been contemplating when to upgrade to the newer 5500-X series. Given the fact that Cisco is no longer providing major firmware upgrades to the older ASA 5500 series and the appearance of new advanced security threats and malware (e.g ransomware), it is now considered imperative to upgrade to the newer platform so that security is maintained at the highest possible level.

Customers seeking advanced protection are likely to consider expanding their ASA Firewall capabilities with the purchase of an IPS module, CX Context-aware or FirePOWER services.

Figure 1. The Cisco FirePOWER hardware module for the ASA-5585-X Firewall

Cisco’s FirePOWER advanced security threat protection solution was introduced late 2014 and its purpose is to replace the current ASA 5500-X IPS and ASA CX 5500-X Context-aware offerings.

The diagram below shows key security features provided by most Cisco ASA Firewall appliances. Features such as Clustering, High Availability, Network profiling, Identity-Policy Control, VPN and advanced access lists have until today been fairly standard offerings across the ASA Firewall series, however, the newer 5500-X can now offer the additional FirePOWER services marked in red below:

The 'Cisco KnowledgeBase' section is one of the newest and most popular section on Firewall.cx. Dedicated to Cisco's leading technological inovations, this section offers articles covering multiple categories such Cisco Routers, Switches, Voice over IP and much more.

All articles are written by qualified engineers with years of experience and are complimented by our unique diagrams.

The quality of provided information is so high, readers can use it as a guideline for learning Cisco Technologies, but also for self-study exams.

We should note that Firewall.cx is only site, officially recommended by Cisco's Network Academy Program (see Site Related/Awards section), which confirms the validity of Firewall.cx and provided information.

Articles and examples provided in this section, cover the CCENT, CCNA, CCDA, CCNP & CCVP certification levels.

One of the largest problems faced by organizations of any size is effectively controlling user internet access(from laptops, mobile devices, workstations etc), minimizing the security threats for the organization (ransomware – data loss prevention), user copyright infringement (torrent downloading/sharing movies, games, music etc) and discover where valuable WAN-Internet bandwidth is being wasted.

Organizations clearly understand that using a Firewall is no longer adequate to control the websites its users are able to access, remote control applications (Teamviewer, Radmin, Ammyy Admin, Remote desktop etc), file sharing applications - Bittorrent clients (uTorrent, BitComet, Deluge, qBittorrent etc), online cloud storage services (Dropbox, OneDrive, Google Drive, Box, Amazon Cloud Drive, Hubic etc) and other services and applications.

The truth is that web monitoring applications such as GFI’s WebMonitor are a lot more than just a web proxy or internet monitoring solution.

Web monitoring applications are essential for any type or size of network as they offer many advantages:

• They stop users from abusing internet resources
• They block file-sharing applications and illegal content sharing
• They stop users using cloud-based file services to upload sensitive documents, for example saving company files to their personal DropBox, Google Drive etc.
• They stop remote control applications connecting to the internet (e.g Teamviewer, Remote Desktop, Ammy Admin etc)
• They ensure user productivity is kept high by allowing access to approved internet resources and sites
• They eliminate referral ad sites and block abusive content
• They support reputation blocking to automatically filter websites based on their reputation
• They help IT departments enforce security policies to users and groups
• They provide unbelievable flexibility allowing any type or size of organization to customise its internet usage policy to its requirements

Try the award winning GFI WebMonitor for Free and discover how easy you can control users, internet applications, security risks and more.

The Risk in the Business Environment – Illegal Downloading

Most Businesses are completely unaware of how serious these matters are and the risks they are taking while dealing with other ‘more important’ matters.

Companies such as the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA) are in a continuous battle suing and fighting with companies, ISPs and even home users for illegally distributing movies and music.

Many users are aware of this and are now turning to their company’s internet resources, which in many cases offer faster and unlimited data transfer, to download their illegal content such as movies, games, music and other material.

An employer or business can be easily held responsible for the actions of its employees when it comes to illegal download activities, especially if no policies or systems are in place.

In the case of an investigation, if the necessary security policies and web monitoring systems are in place with the purpose of preventing copyright infringement and illegal downloading, businesses are less vulnerable to the illegal implications of their users, plus it allows them to track down and find the person responsible.

The articles to follow deal with one of the most discussed topics around the world, e-mail security. GFI.COM was kind enough to allow Firewall.cx visitors to gain access to their excellent White Page database covering hot e-mail security topics.

A firewall is simply a system designed to prevent unauthorised access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorised Internet users from accessing private networks connected to the Internet. All data entering or leaving the Intranet pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria.

Generally, firewalls are configured to protect against unauthenticated interactive logins from the outside world. This helps prevent "hackers" from logging into machines on your network. More sophisticated firewalls block traffic from the outside to the inside, but permit users on the inside to communicate a little more freely with the outside.

Firewalls are also essential since they can provide a single block point where security and audit can be imposed. Firewalls provide an important logging and auditing function; often they provide summaries to the admin about what type/volume of traffic that has been processed through it. This is an important point: providing this block point can serve the same purpose (on your network) as a armed guard can (for physical premises).

Theoretically, there are two types of firewalls:

1. Network layer

2. Application layer

They are not as different as you may think, as described below.

Which is which depends on what mechanisms the firewall uses to pass traffic from one security zone to another. The International Standards Organization (ISO) Open Systems Interconnect (OSI) model for networking defines seven layers, where each layer provides services that higher-level layers depend on. The important thing to recognize is that the lower-level the forwarding mechanism, the less examination the firewall can perform.

Network Layer Firewalls

This type generally makes their decisions based on the source address, destination address and ports in individual IP packets. A simple router is the traditional network layer firewall, since it is not able to make particularly complicated decisions about what a packet is actually talking to or where it actually came from.Modern network layer firewalls have become increasingly more sophisticated, and now maintain internal information about the state of connections passing through them at any time.

One thing that's an important difference about many network layer firewalls is that they route traffic directly though them, so to use one you either need to have a validly assigned IP address block or to use a private internet address block. The network layer firewalls tend to be very fast and tend to be mostly transparent to its users.

Application Layer Firewalls

These generally are hosts running proxy servers, which permit no traffic directly between networks, and which perform elaborate logging and examination of traffic passing through them. Since proxy applications are simply software running on the firewall, it is a good place to do lots of logging and access control. Application layer firewalls can be used as network address translators, since traffic goes in one side and out the other, after having passed through an application that effectively masks the origin of the initiating connection.

Having an application in the way in some cases may impact performance and may make the firewall less transparent. Early application layer firewalls are not particularly transparent to end-users and may require some training. However more modern application layer firewalls are often totally transparent. Application layer firewalls tend to provide more detailed audit reports and tend to enforce more conservative security models than network layer firewalls.

The Future of firewalls sits somewhere between both network layer firewalls and application layer firewalls. It is likely that network layer firewalls will become increasingly aware of the information going through them, and application layer firewalls will become more and more transparent. The end result will be kind of a fast packet-screening system that logs and checks data as it passes through.

Chris Partsenidis, Founder & Editor-in-Chief of Firewall.cx was recently interviewed by Fluke Networks as a Network Security Specialist, providing amongst other, his insight on many hot network performance & security topics.

In the interview, Chris also explains the reason he created Firewall.cx and why the site has become one of the largest and most recognized network security websites world-wide.  Chris also touches on the most common reasons of network performance problems and how IT Departments can improve their network.

Finally, Chris talks about common bad habits organizations have when it comes to managing their networks, resulting in vulnerability to hackers, and what organizations should be doing to better protect their networks.

To read Chris’s insightful interview simply follow the link below:

http://www.flukenetworks.com/content/expert-interview-with-chris-partsenidis-for-fluke-networks

GFI.COM was kind enough to allow the Firewall.cx community to directly use their Free Online Security Services. Recommended to any Network Administrator or home users who wish to secure their network!

GFI Email Security Testing Zone - http://www.emailsecuritytest.com

Test whether your email system is vulnerable to email viruses and attacks! The zone allows visitors to freely discover instantly if their system is secure against current and future email threats, such as emails containing infected attachments, emails with malformed MIME headers, HTML mails with embedded scripts and much more !

GFI Event Log Scanner - http://www.eventlogscan.com

Intrusion Detection by checking for high security events happening on your machine, such as users logging on to your machine, accesses to important files on your machine, failed logon attempts, security policy changes to your machine, and more! Use EventLogScan to check that your system is truly secure!

This section contains articles covering a variety of network security topics, security whitepapers, product reviews,  Cisco password decoder/cracker and much more.

In this era of constantly pushing for more productivity and greater efficiency, it is essential that every resource devoted to web access within a business is utilised for business benefit. Unless the company concerned is in the business of gaming or social media, etc. it is unwise to use resources like internet/web access, and the infrastructure supporting it, for a purpose other than business. Like they say, “Nothing personal, just business”

With this in mind, IT administrators have their hands full ensuring management of web applications and their communication with the Internet. The cost of not ensuring this is loss of productivity, misuse of bandwidth and potential security breaches. As a business it is prudent to block any unproductive web application e.g. gaming, social media etc. and restrict or strictly monitor file sharing to mitigate information leakages.

Track, monitor and block any user application from the internet with award winning GFI WebMonitor - Limited Free Download!

It is widely accepted that in this area firewalls are of little use. Port blocking is not the preferred solution as it has a similar effect to a sledge hammer. What is required is the fineness of a scalpel to parse out the business usage from the personal and manage those business requirements accordingly. To be able to manage web application at such a level, it is essential to be able to identify and associate the request with its respective web application. Anything in line with business applications goes through, the rest are blocked.

This is where GFI WebMonitor excels in terms of delivering this level of precision and efficiency. It identifies access requests from supported applications using inspection technology and helps IT administrators to allow or block them. Hence, the administrators can allow certain applications for certain departments while blocking certain other applications as part of a blanket ban, thus enhancing the browsing experience of all users.

So, to achieve this, the process is to use the unified policy system of GFI WebMonitor. The policies can be configured specifically for application control or, within the same policy, several application controls can be combined using other filtering technologies.

Let’s take a look at the policy panel of GFI WebMonitor:

Figure 1. GFI WebMonitor Policy Panel interface. Add, delete, create internet access policies with ease (click to enlarge)

During the past decade, we’ve seen the global IT security market flooded with new network security and firewall security appliances. New vendors emerging into the market while existing well-known vendors introduce new smarter and complex firewalls that aim to keep enterprise organizations as safe as possible. Palo Alto Networks is one of the new-generation security vendors who have managed to break into a saturated market and make their stand.

It’s no coincidence that Palo Alto Networks is considered to be a leader and pioneer when it comes to Next Generation Firewall appliances and Gartner seems to agree with this statement based on their Magic Quadrant report in the Next Generation Firewall Segment:

Figure 1. Gartner Magic Quadrant for Enterprise Network Firewalls

Palo Alto Networks Next-Generation Firewalls unique way of processing a packet using the Single ­­­Pass Parallel Processing (SP3) engine makes them a clear leader.

Note: Read all our technical articles covering Palo Alto Firewalls by visiting our Palo Alto Firewall Section.

Basically, the SP3 engine utilizes the same stream-based signature format to process the protection features like Anti-Virus, Spyware, Vulnerability Protection and Data Filtering. By doing so the firewall saves valuable processing power, unlike other Unified Threat Management (UTM) appliances which serially process each security feature offered, this often introduces latency to the network traffic.

The advanced security features like App-ID, User-ID, Content-ID along with Security profiles, comprising feature like Antivirus, Anti-Spyware, Vulnerability protection, URL Filtering, DoS Protection and Data Filtering makes Palo Alto the leader. Most importantly its malware analysis solution WildFire offers advanced protection from unknown threats.

Palo Alto Networks offers its firewalls as Hardware Platforms and Virtual Platforms. Its Hardware Platforms comes in different flavors.

Figure 2. The Palo Alto Firewall family

PA-200 and PA-500 Series Firewalls are meant for Small Businesses and come with very limited throughput and do not support Virtual Systems. Virtual Systems, also known as VSYS, is used to create virtual firewall instances in a single-pair of Palo Alto Firewalls, in other words, Virtual Systems can be compared to contexts in Cisco ASA Firewalls or vdom in Fortinet firewalls. The PA-200, PA-500 Series Firewalls offer a very limited number of security policies like security rules, NAT rules, policy based forwarding rules and a few more.

Datasheets on Palo Alto Firewall appliances and Virtual Servers are available at our Palo Alto Datasheets and Guides download area

The table below provides a clear comparison of features and technical specifications of both PA-500 and PA-200 firewall models:

The Linux KnowledgeBase is a collection of valuable articles that cover a number of applications and functions of the Linux operating system. Its goal is to educate users about the Linux operating system and provide a unique reference guide for everyone, regardless of the experience level.

This section contains articles covering Linux news from various vendors including: Redhat, Fedora, Debian, CentOS, SUSE, OpenLinux, Slackware, Ubuntu, Mandrake and more.

For every business, established or emerging, the Internet is an essential tool which has proved to be indispensable. The usefulness of the internet can be counteracted by abuse of it, by a business’s employees or guests. Activities such as downloading or sharing illegal content, visiting high risk websites and accessing malicious content are serious security risks for any business.

There is a very easy way of monitoring, managing and implementing effective Internet usage. GFI WebMonitor can not only provide the aforementioned, but also provide real – time web usage. This allows for tracking bandwidth utilisation and traffic patterns. All this information can then be presented on an interactive dashboard. It is also an effective management tool, providing a business with the internet usage records of its employees.

Such reports can be highly customised to provide usage information based on the following criteria/categories:

• Most visited sites
• Most commonly searched phrases
• Where most bandwidth is being consumed
• Web application visibility

Some of the sources for web abuse that can be a time sink for employees are social media and instant messaging (unless the business operates at a level where these things are deemed necessary). Such web sites can be blocked.

GFI WebMonitor can also achieve other protective layers for the business by providing the ability to scan and block malicious content. WebMonitor helps the business keep a close eye on its employees’ internet usage and browsing habits, and provides an additional layer of security.

On its main dashboard, as shown below, the different elements help in managing usage and traffic source and targets:

Figure 1. WebMonitor’s Dashboard provides in-depth internet usage and reporting

WebMonitor’s main dashboard contains a healthy amount of information allowing administrators and IT managers to obtain important information such as:

• See how many Malicious Sites were blocked and how many infected files detected.
• View the Top 5 Users by bandwidth
• Obtain Bandwidth Trends such as Download/Upload, Throughput and Latency
• Number of currently active web sessions.
• Top 5 internet categories of sites visited by the users
• Top 5 Web Applications used to access the internet

Knowing which applications are used to access the internet is very important to any business. Web applications like YouTube, Bittorrent, etc. can be clearly identified and blocked, providing IT managers and administrators a ringside view of web utilisation.

nChronos is a network security application used for forensic analysis and 24x7 data capturing. nChronos allows IT Administrators, Network Engineers and IT Managers to capture data packets on their network and analyze them at any specific point. With its advanced anaylsis tools and easy-to-use interface, nChronos has become one of the most valuable network security tool in the network security industry.

Here you will find a number of technical how-to articles that aim to help you get the most out of the product.

Our popular Networking section is well-known for the variety of high-quality articles covering topics such as Network Protocols, OSI Model, IPv4 & IPv6 addressing, Subnetting, Routing, Routing protocols, CIDR-Supernettting, Ethernet technologies, VLAN Networks, Virtual Trunk Protocol (VTP), Network Address Translation (NAT), Firewalls, WAN Technologies and much more.

All articles make use of our award-winning diagrams and contain illustrations aimed to help make the learning process as easy as possible no matter how complex the topic might be.

We hope you enjoy this section and manage to master all information included.

Managing network performance is always a great challenge. This doubles when multiple point-products are used to manage it. Introducing OpManager v12, world's first truly integrated network management software for faster and smarter network management. It out-of-the-box offers network monitoring, physical and virtual server monitoring, flow-based bandwidth analysis, firewall log analysis and archiving, configuration and change management, and IP address and switch port management, thereby providing all the visibility and control that you need over your network.

Here you will find a number of technical how-to articles that aim to help you get the most out of the product.

Our previous article explained how Palo Alto Firewalls make use of Security Zones to process and enforce security policies. This article will explain the different configuration options for physical Ethernet and logical interfaces available on the Palo Alto Firewall.

It’s easy to mix and match the interface types and deployment options in real world deployments and this seems to be the strongest selling point of Palo Alto Networks Next-Generation Firewalls. Network segmentation becomes easier due to the flexibility offered by a single pair of Palo Alto appliances.

Below is a list of the configuration options available for Ethernet (physical) interfaces:

• Tap Mode
• Virtual Wire
• Layer 2
• Layer 3
• Aggregate Interfaces
• HA

Following are the Logical interface options available:

• VLAN
• Loopback
• Tunnel
• Decrypt Mirror

The various interface types offered by Palo Alto Networks Next-Generation Firewalls provide flexible deployment options.

Tap Mode Deployment Option

TAP Mode deployment allows passive monitoring of the traffic flow across a network by using the SPAN feature (also known as mirroring).

A typical deployment would involve the configuration of SPAN on Cisco Catalyst switches where the destination SPAN port is the switch port to which our Palo Alto Firewall connects, as shown in the diagram below:

Figure 1. Palo Alto Next Generation Firewall deployed in TAP mode

The advantage of this deployment model is that it allows organizations to closely monitor traffic to their servers or network without requiring any changes to the network infrastructure.

During the configuration of SPAN it is important to ensure the correct SPAN source and SPAN Destination ports are configured while also enabling Tap mode at the Firewall.

The following articles deal with one of the hottest topics around: Network, Web and IDS (Intrusion Detection System) Security.

The articles have been carefully selected to ensure they provide acurate and upto date information to our readers, while some have been written by our team, in response to our visitors request!

This section contains articles covering IT Security news from around the world.

What makes Palo Alto Networks Next-Generation Firewall (NGFW) so different from its competitors is its Platform, Process and Architecture. Palo Alto Networks delivers all the next generation firewall features using the single platform, parallel processing and single management systems, unlike other vendors who use different modules or multiple management systems to offer NGFW features.

More technical and how-to articles covering Palo Alto's Firewalls can be found in our Palo Alto Networks Firewall Section

Palo Alto Networks Next-Generation Firewall’s main strength is its Single Pass Parallel Processing (SP3) Architecture, which comprises two key components:

1. Single Pass Software
2. Parallel Processing Hardware

Figure 1.   Palo Alto Networks Firewall Single Pass Parallel Processing Architecture

Single Pass Software

Palo Alto Networks Next-Generation Firewall is empowered with Single Pass Software, which processes the packet to perform functions like networking, user identification (User-ID), policy lookup, traffic classification with application identification (App-ID), decoding, signature matching for identifying threats and contents, which are all performed once per packet as shown in the illustration below:

Figure 2: Palo Alto Networks Firewall - Single-Pass Architecture Traffic Flow

This processing of a packet in one go or single pass by Palo Alto Networks Next-Generation Firewall enormously reduces the processing overhead, other vendor firewalls using a different type of architecture produce a significantly higher overhead when processing packets traversing the firewall. It’s been observed that the Unified Threat Management (UTM), which processes the traffic using multi-pass architecture, results in process overhead, latency introduction and throughput degradation.

The diagram below illustrates the multi-pass architecture process used by other vendors’ firewalls, clearly showing differences to the Palo Alto Networks Firewall architecture and how the processing overhead is produced: