Cisco Firepower 2110
Cisco Firepower NGFW اولین فایروال نسل بعدی با محوریت تهدید است که به صورت یکپارچه مدیریت می شود. این فایروال منحصر به فرد، محافظت پیشرفته را قبل، بعد و به هنگام تهدیدات، ارائه می دهد. ASA 2110 هم می تواند به عنوان Next-Generation Firewall (NGFW) به کار گرفته شود و هم به عنوان Next-Generation IPS. آن ها برای اینترنت لبه، کامل و بدون نقص هستند.
مزایای ASA 2110
- اطمینان خاطر از انعطاف پذیری بیزینس از طریق ایجاد امنیت بهینه توسط عملکردهای پایدار
- کاهش هزینه های مربوط به فعال سازی IPS
- دارای دو برابر پورت بیشتر و عملکرد بهتر در مقابل محصولات مشابه با قیمت یکسان
ویژگی های ASA 2110
Stop more threats
شامل بدافزارهای شناخته شده و ناشناخته با استفاده از سیستم محافظت پیشرفته در برابر بدافزارها (AMP) و sandboxing
Gain more insight
امکان کنترل عالی محیط اطراف با استفاده از isco Firepower next-gen IPS.
Detect earlier, act faster
طبق گزارشات سیسکو، زمان متوسط بین آلوده شدن تا شناسایی سیستم ها، یک دوره ۱۰۰ روزه است، اما می توان با فایروال سیسکو این زمان را به یک روز کاهش داد.
Reduce complexity
مدیریت یکپارچه و شناسایی خودکار تهدید از طریق عملکردهای امنیتی شامل firewalling، NGIPS و AMP
Get more from your network
بالا بردن سطح امنیت و استفاده از مزایای امکانات موجود با ادغام اختیاری سایر راه حل های امنیتی سیسکو
برای دانلود فایل Cisco ASA 2110 Datasheet اینجا را کلیک نمایید.
Performance | Firepower 2110 |
|---|---|
Throughput: FW + AVC | 2.00Gbps |
Throughput: AVC + IPS | 2.00Gbps |
Maximum concurrent sessions, with AVC | 1million |
Maximum new connections per second, with AVC | 12,000 |
IPSec VPN Throughput (1024B TCP w/Fastpath) | 750Mbps |
Maximum VPN Peers | 1500 |
| Cisco Firepower Device Manager (local management) | Yes |
| Centralized management | Centralized configuration, logging, monitoring, and reporting are performed by the Management Center or alternatively in the cloud with Cisco Defense Orchestrator |
Application Visibility and Control (AVC) | Standard, supporting more than 4000 applications, as well as geolocations, users, and websites |
AVC: OpenAppID support for custom, open source, application detectors | Standard |
Cisco Security Intelligence | Standard, with IP, URL, and DNS threat intelligence |
| Cisco Firepower NGIPS | Available; can passively detect endpoints and infrastructure for threat correlation and Indicators of Compromise (IoC) intelligence |
| Cisco AMP for Networks | Available; enables detection, blocking, tracking, analysis, and containment of targeted and persistent malware, addressing the attack continuum both during and after attacks. Integrated threat correlation with Cisco AMP for Endpoints is also optionally available |
| Cisco AMP Threat Grid sandboxing | Available |
| URL Filtering: number of categories | More than 80 |
| URL Filtering: number of URLs categorized | More than 280 million |
| Automated threat feed and IPS signature updates | Yes: class-leading Collective Security Intelligence (CSI) from the Cisco Talos Group |
| Third-party and open-source ecosystem | Open API for integrations with third-party products; Snort and OpenAppID community resources for new and specific threats |
| High availability and clustering | Active/standby; for Cisco Firepower 9300 intrachassis clustering of up to 5 chassis is allowed; Cisco Firepower 4100 Series allows clustering of up to 6 chassis |
| VLANs maximum | 1024 |
| Cisco Trust Anchor Technologies | ASA 5506-X, 5508-X, and 5516-X appliances, Firepower 2100 Series and Firepower 4100 Series and 9300 platforms include Trust Anchor Technologies for supply chain and software image assurance. Please see the section below for additional details |
| ASA Performance and Capabilities | |
| Stateful inspection firewall throughput1 | 3Gbps |
| Stateful inspection firewall throughput (multiprotocol)2 | 1.5Gbps |
| Concurrent firewall connections | 1million |
| Firewall latency (UDP 64B microseconds) | - |
| New connections per second | 18000 |
| IPsec VPN throughput (450B UDP L2L test) | 500Mbps |
| IPsec/Cisco AnyConnect/Apex site-to-site VPN peers | 1500 |
| Maximum number of VLANs | 400 |
| Security contexts (included; maximum) | 25;2 |
| High availability | Active/active and active/standby |
| Clustering | - |
| Scalability | VPN Load Balancing |
| Centralized management | Centralized Management (CSM) not currently supported for 2100 series |
| Adaptive Security Device Manager | Web-based, local management for small-scale deployments |
| Hardware | |
| Dimensions (H x W x D) | 4.4*42.9*50.2 cm |
| Form factor (rack units) | 1RU |
| Security module slots | - |
| I/O module slots | 0 |
| Integrated I/O | 12 x 10M/100M/1GBASE-T Ethernet interfaces (RJ-45), 4 x 1 Gigabit (SFP) Ethernet interfaces |
| Network modules | None |
| Maximum number of interfaces | Up to 16 total Ethernet ports (12x1G RJ-45, 4x1G SFP) |
| Integrated network management ports | 1x 10M/100M/1GBASE-T Ethernet port (RJ-45) |
| Serial port | 1 x RJ-45 console |
| USB | 1x USB 2.0 Type-A (500mA) |
| Storage | 1x 100 GB, 1x spare slot (for MSP) |
| Fans | 4integrated (2 internal, 2 exhaust) fans4 |
| Noise | 56 dBA @ 25C 74 dBA at highest system performance. |
| Rack mountable | Yes. Fixed mount brackets included (-2post). Mount rails optional (4-post EIA-310-D rack) |
| Weight | 7.3kg |
| Temperature: operating | 0to 40°C |
| Humidity: operating | 10to 85% noncondensing |
| Humidity: nonoperating | 5to 95% noncondensing |
| Altitude: operating | 10000ft max |
| Altitude: nonoperating | 40000ft max |
| Power Supplies | |
| Configuration | Single integrated 250W AC power supply. |
| AC input voltage | 100to 240 V AC |
| AC maximum input current | 2.7A at 100V> |
| AC maximum output power | 250W |
| AC frequency | 50to 60 Hz |
| AC efficiency | 88%at 50% load < |
| DC input voltage | - |
| DC maximum input current | - |
| DC maximum output power | - |
| DC efficiency | - |
| Redundancy | None |