One aspect of the ASA’s capability is context awareness. This means that the ASA uses the following 4 characteristics in determining whether a connection should be permitted or denied:
- User Identity
- Application Identity
- Type of device used for access
- Origin of access
It’s through the Cisco ASA (CX) NGFW that these capabilities are possible.
The following image represents complete context information.
So using these various aspects of context information allows us to create very granular policies with the Cisco ASA (CX) NGFW. You currently cannot create time-based policies with the Cisco ASA (CX) NGFW. Additionally it you can create user or group based policies by interacting with active directory.
Cisco ASA (CX) NGFW Management
The configuration management tool that you used to configure the Cisco ASA (CX) NGFW is Cisco Prime Security Manager. This device manager is on box and provided by Cisco free of charge. You can also get an off-box version of Cisco Prime Security Manager which requires licensing, however this will allow you to manage multiple devices.
Cisco ASA (CX) NGFW Hardware
Cisco ASA (CX) NGFW is a Security Services Processor (SSP) hardware module. The SSP is available for the 5585 – X model of ASA. This module goes into the top slot of the chassis.
The above image is linked back to Cisco.com and as you can see it shows you the ASA hardware. The chassis on the bottom is the one we are discussing in this post. With the 5585 – X model you would need to run ASA 8.4(4) code and above. The Cisco ASA (CX) NGFW is also available as a software module on the 5500 – X series next-generation firewalls running ASA code version 9.1.1 and later.