Cisco Adds Firepower to ASA Firewall

But what does that mean for Cisco's existing IPS on ASA technology?

By Sean Michael Kerner | Posted Sep 16, 2014
Page of   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

When Cisco closed its deal to acquire Sourcefire for $2.7 Billion in October of 2013, it was made clear that there would be some integration of Sourcefire Firepower technology into the existing Cisco security portfolio.

At the time of the acquisition, Cisco's primary firewall platform was the ASA security appliance portfolio. As recently as May of this year, when Cisco last updated its network security assets, company executives reiterated the fact that there was no intersection between Sourcefire's Firepower technology and the ASA.

That's now changing.

Cisco today announced that it would integrating Firepower services as an option for ASA firewalls. Firepower can be leveraged as a software solution or as a blade that can plug into an ASA 5585 chassis. The ASA 5585 has been Cisco's top-end firewall since it first debuted in 2008 and has been updated multiple times since.

Scott Harrell, VP of product management at Cisco, explained that the Sourcefire Firepower services can be used to replace an existing Cisco IPS service running on the ASA. Additionally, Harrell said that the ASA CX, which was first introduced in 2012, is now a "legacy" firewall. When the ASA CX was announced, Cisco claimed that it was a next-generation firewall with context awareness. The ASA CX has now been superseded by the Sourcefire technologies.

"We're driving customers to Firepower services, but we obviously realize that customers have made an investment in Cisco IPS," Harrell said. "So we'll continue to invest in and update Cisco IPS, but long-term, the direction is Firepower services."

The plan is to help customers migrate over time in a painless way.

The other side of the coin is hardware. Sourcefire had its own lineup of hardware appliances. Harrell said that there is little overlap between the locations where an ASA is deployed and where Sourcefire appliances have traditionally been deployed.

"The Firepower appliance is a high-performance technology that often sits in a data center," Harrell said. "The ASA is also used in the data center too, but it's often used at the network edge."

Harrell said that Cisco is "doubling down" on the Firepower software stack and will increase investment in the stack.

Sean Michael Kerner is a senior editor at Enterprise Networking Planet and Follow him on Twitter @TechJournalist.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter