• Botnet Traffic Filter: The proliferation of spyware, malware, and botnets, as well as user participation in Web 2.0 applications such as Facebook and MySpace, are increasing the demand for multiple levels of endpoint protection. The Cisco ASA Botnet Traffic Filter complements existing content security solutions by monitoring network ports for rogue activity and by detecting infected internal endpoints and bots sending command and control traffic back to a host on the Internet. The command and control domains and hosts associated with botnets and malware distribution are accurately and reliably identified using a dynamic database managed by the Cisco Security Intelligence Operations center. An annual license enables the Botnet Traffic Filter functionality and updates to the database.
• Multicast group Network Address Translation (NAT): Multicast applications include distance learning, telemedicine, and financial applications. The multicast group NAT feature enables the separation of internal multicast streams from external multicast streams for added security.
• H.239 support: The Cisco ASA H.323 inspection engine now supports H.239, which defines rules and messages to establish an additional channel that can be used to show video. This feature enables Cisco ASA appliances to inspect H.329 signaling from video endpoints.
• Unified Communications Proxy on the Cisco ASA 5580: This feature extends Cisco ASA Unified Communications Proxy features-Phone Proxy, Mobility Proxy, Presence Federation Proxy, and Transport Layer Security (TLS) Proxy-to the Cisco ASA 5580. This increases the maximum capacity of the Unified Communications Proxy solution to 10,000 sessions for TLS Proxy, Mobility Proxy, and Presence Federation Proxy, and to 5000 sessions for Phone Proxy.
• ASA Phone Proxy media termination address for multiple interfaces The Phone Proxy requires a media termination address to terminate media from remote phones. For customers with security policies that prevent external routes on the internal network, this feature delivers the ability to configure the media termination address for multiple interfaces, eliminating the need to deploy a NAT device between the internal network and the Phone Proxy.
• Transparent firewall mode support for IPv6 addressing: Cisco ASA Software Release 8.2 flexibly extends the support of IPv6 addressing in transparent firewall mode to enable quick ASA deployments into existing IPv6 networks without requiring IP readdressing.
• 250 VLANs on the Cisco ASA 5580: The number of virtual interfaces available on the Cisco ASA 5580 has increased from 50 to 250.
• TCP state bypass: With Cisco ASA Software Release 8.2, business can selectively disable firewall TCP inspection on ASA appliances. This is useful for allowing certain traffic to flow through in asymmetric routing scenarios when two ASA appliances are in different locations that are not adjacent to Layer 2.
• IPv6 support for AIP SSM modules: The Cisco ASA now supports IPv6 capabilities on the Cisco ASA AIP SSM modules. Customers can send IPv6 packets from the ASA to the AIP SSM modules for both IPv6 and IPv4 IPS inspection. Minimum IPS software required is Cisco IPS software version 6.2.
Remote-access VPN features:
• Cisco AnyConnect Essentials: This feature offers basic AnyConnect tunneling support for customers who require VPN remote access but do not need Cisco Secure Desktop features or clientless SSL VPN capabilities. AnyConnect Essentials supports mobile connectivity options with the AnyConnect Mobile license. Upgrade to the full-featured AnyConnect Premium license (traditional AnyConnect) is available by applying a traditional AnyConnect license or shared license to the ASA appliance.
• Shared license support for SSL VPN: The shared license server device (holding the shared license) and participant devices must be able to communicate with one another on an internal network either directly or through a VPN connection. Each participating device must have a license that enables the shared licensing capability. Shared licenses support the full AnyConnect feature set, including Cisco Secure Desktop and clientless SSL VPN.
• Cisco AnyConnect Mobile: AnyConnect Mobile provides Windows Mobile 5.0, 6.0, and 6.1 full client support for touch-screen Windows Mobile devices. AnyConnect Mobile is compatible with AnyConnect Essentials and Premium (traditional AnyConnect) licenses, as well as with shared licenses.
• Pre-fill username from certificate: This security feature facilitates user login by pre-filling the username in username/password authentication from a field of the user's certificate.
• Double authentication: This feature enables the validation of two separate sets of credentials at login. For example, one-time password (OTP) can be used as the primary authentication and an Active Directory domain credential can be used for the secondary authentication method.
• Per-group certificate authentication enable: This feature allows administrators to configure whether to require a certificate on a per-URL or per-FQDN basis. This setting is global on all Cisco ASA Software releases.
• Per-group Cisco Secure Desktop enable: This feature allows administrators to configure Cisco Secure Desktop functions on a per-URL or per-FQDN basis. This setting is global on all Cisco ASA Software releases.
• Microsoft SharePoint 2007 support: Cisco ASA Software Release 8.2 provides official Microsoft SharePoint 2007 support for clientless SSL VPN connections.
• EKU tunnel group: Cisco ASA Software Release 8.2 provides an extended key usage (EKU) extension in the tunnel-group map.
• Cisco Adaptive Security Device Manager (ASDM) Public Server Configuration Wizard: This wizard enables administrators to easily automate the process of configuring an ASA appliance to allow certain internal servers such as email or web servers to be publicly accessible on the Internet.
• Cisco ASDM OTP authentication, authorization, and accounting (AAA) support: This support allows administrative users to authenticate Cisco ASA appliances and ASDM through OTPs supported by RSA SecureID. This feature addresses security concerns associated with administrators using static passwords for authentication.
• Cisco ASDM support for Cisco Secure Desktop customization: This ASDM enhancement allows customers to customize how Cisco Secure Desktop screens are displayed to remote users, allowing administrators to show appropriate screens depending on a user's responsibilities and job functions.
• SNMPv3 support: Cisco ASA Software Release 8.2 supports Simple Network Management Protocol (SNMP) version 3, the newest version of SNMP, adding authentication and privacy options to secure protocol operations.
• Cisco NetFlow Secure Event Logging: This feature was originally introduced on the Cisco ASA 5580, and is now extended to other Cisco ASA models to provide administrators with more comprehensive event logging information.
Table 1. Ordering Information for Cisco ASA Software Release 8.2
Existing Cisco ASA customers with Cisco SMARTnet® service contracts can easily download Cisco ASA Software Release 8.2 at no additional cost. The software release prices are available on the Cisco price list. Table 1 lists ordering information for Cisco ASA Software Release 8.2. Table 2 provides information on E-delivery licenses for electronic fulfillment.
For More Information