Cisco Firepower NGFW is the industry’s first fully integrated threat-focused next-generation firewall that keeps customers safer, mitigates advanced threats more quickly, and streamlines operations better. This allows customers to stop more threats and get more from their resources and positions security as a growth engine to seize new business opportunities.
Next Generation Firewall (NGFW) Essentials
![]()
Cisco NGFW Platforms
![]()
![]()
![]()
Introducing four new high-performance models
![]()
• 10-Gbps and 40-Gbps interfaces
• Up to 80-Gbps throughput
• 1-rack-unit (RU) form factor
• Low latency
![]()
• Integrated inspection engines for FW, NGIPS, Application Visibility and Control (AVC), URL, Cisco Advanced Malware Protection (AMP)
• Radware DefensePro DDoS
• ASA and other future third party
![]()
• Single management interface with Firepower Threat Defense
• Unified policy with inheritance
• Choice of management deployment options
![]()
![]()
High-speed, scalable security
![]()
Standard Network Modules
![]()
![]()
ASA 5506 Security Levels
Q: I have an ASA 5506-x with a bunch of vlans (sub-interfaces) is there any way to disable the security levels and purely use ACL's?
A: You can essentially set them all to the same security level and use the system command which allows traffic to traverse interfaces with the same security levels. Just go into your int config, give them all a nameif, and then set their security levels to something benign.
There are two variations of the command //same-security-traffic permit inter-interface and <intra-interface>
Intra-between the same interface and itself
Inter-between two different interfaces.
The first of which allows a sort of hair pinning to occur,
You'll still need ACLs, to meter which traffic you want to egress each interface toward the other subnets.
From https://communities.cisco.com/thread/78177
More Cisco Firewall Topics you can read from here: http://blog.router-switch.com/category/reviews/cisco-firewalls-security/
Next Generation Firewall (NGFW) Essentials
Cisco NGFW Platforms
Introducing four new high-performance models
• 10-Gbps and 40-Gbps interfaces
• Up to 80-Gbps throughput
• 1-rack-unit (RU) form factor
• Low latency
• Integrated inspection engines for FW, NGIPS, Application Visibility and Control (AVC), URL, Cisco Advanced Malware Protection (AMP)
• Radware DefensePro DDoS
• ASA and other future third party
• Single management interface with Firepower Threat Defense
• Unified policy with inheritance
• Choice of management deployment options
High-speed, scalable security
Standard Network Modules
ASA 5506 Security Levels
Q: I have an ASA 5506-x with a bunch of vlans (sub-interfaces) is there any way to disable the security levels and purely use ACL's?
A: You can essentially set them all to the same security level and use the system command which allows traffic to traverse interfaces with the same security levels. Just go into your int config, give them all a nameif, and then set their security levels to something benign.
There are two variations of the command //same-security-traffic permit inter-interface and <intra-interface>
Intra-between the same interface and itself
Inter-between two different interfaces.
The first of which allows a sort of hair pinning to occur,
You'll still need ACLs, to meter which traffic you want to egress each interface toward the other subnets.
From https://communities.cisco.com/thread/78177
More Cisco Firewall Topics you can read from here: http://blog.router-switch.com/category/reviews/cisco-firewalls-security/