Security and VPN

Cisco ASA Next-Generation Firewall Services

End-to-End Network Intelligence and Control

Multifaceted, highly dynamic applications and bring-your-own-device (BYOD) workplaces have become the norm. And with them comes the challenge to balance productivity with security. A new approach is needed — without abandoning time-tested methods — to unify the network's security framework, accelerate business innovation, and proactively protect against new and emerging threats.

Cisco ASA CX Context-Aware Security

Video Data Sheet

Learn about features and capabilities of Cisco ASA Next-Generation Firewall Services. (4:12 min)


End-to-End Network Intelligence

End-to-End Network Intelligence

Learn how Cisco ASA Next-Generation Firewall Services helps administrators make better security decisions. (2:52 min)


Features and Capabilities

Cisco ASA Next-Generation Firewall Services address these needs by adding next-generation capabilities, including Application Visibility and Control (AVC) and Web Security Essentials (WSE), to the industry's most proven stateful inspection firewall. The results are end-to-end network intelligence and streamlined security operations. And your organization can reap the productivity benefits of new applications and devices without compromising security.

End-to-End Network Intelligence

The ASA Next-Generation Firewall delivers application and user ID awareness capabilities for enhanced visibility and control of network traffic. In addition, ASA Next-Generation Firewall Services enable administrators to:

  • Control specific behaviors within allowed micro-applications using AVC
  • Restrict web and web application usage based on reputation of the site using WSE
  • Proactively protect against Internet threats using Cisco Security Intelligence Operations (SIO)
  • Enforce differentiated policies based on the user, device, role, and application type

Granular Application Control

Dynamic, multifaceted applications have blurred the line between legitimate business applications and those that can distract employees and misuse bandwidth. ASA Next-Generation Firewall Services include AVC to recognize over 1000 applications and more than 75,000 micro-applications.

As a result, administrators can enforce individual- and group-based access to specific components of an application while disabling others. They can also block port- and protocol-hopping applications for more effective security, while writing fewer policies. Specific behaviors can be blocked within allowed micro-applications for an additional layer of control.

Proactive, Intelligent Threat Protection

Using Cisco SIO, ASA Next-Generation Firewall Services gather threat intelligence feeds from nearly 2 million Cisco security devices worldwide. So you can get near-real-time protection from zero-day threats.

Cisco WSE uses these same feeds to enable reputation-based web application security policies. In addition, WSE enables robust content-based URL filtering with differentiated access policies based on user, group, device, and role.

Many Devices, Total Control

Workers want anywhere, anytime access to the network from a variety of business and personal mobile devices. With ASA Next-Generation Firewall Services, administrators can confidently allow these devices while maintaining high levels of network protection and control.

Using Cisco AnyConnect, ASA Next-Generation Firewall Services let you clearly see the specific type of device attempting to gain access to the network. It gives information on whether the device is located within the network or is attempting remote access, and supports differentiated access policies based on this information.

Video Data Sheet

Viewing this video requires the latest version of Adobe Flash Player with JavaScript enabled.

Get the Flash Player

End-to-End Network Intelligence

Viewing this video requires the latest version of Adobe Flash Player with JavaScript enabled.

Get the Flash Player