Last week I took the Securing Networks with ASA Foundation (642-524) exam and passed with a score of 954/1000. It has been 3 years since the last time I took a Cisco exam because I had to renew my CCNA/CCNP/CCSP certifications which were going to expire this coming March. The good thing about recertification is that you can pass any current 642-XXX professional level exam in order to renew ALL of your Professional Level certifications, no matter if the exam is related with security or routing and switching. Therefore by passing the 642-524 exam I have renewed both my CCNP and CCSP for 3 more years. This particular exam will be offered up to 4/8/11 and then will be replaced by the new 642-617 FIREWALL v1.0 exam.

I have noticed that the exam was more difficult from the past and that Cisco has taken measures for more accurate evaluation of the knowledge possessed by the exam takers. There were some “real world” scenarios in the exam which showed an ASDM Graphical User Interface which you could click on it and navigate inside the ASDM just like a real one. There were several questions related with each ASDM scenario, so you had to go inside the ASDM and see all the configuration screens and settings in order to answer that group of questions. You had to be very careful with that type of questions because there were tricks. You had to verify if some traffic flows were being inspected by an embedded AIP-SSM or CSC-SSM modules or if they were being limited by service policies. You also had to check the policy rules, NAT rules, security levels etc in order to accurately answer each question. Anyhow, it was time consuming but if you were focused and careful it was ok.

Anyway, I’m glad that my next Cisco exam recertification is after 3 years!!!

In January 2011 Cisco announced the newest Cisco ASA 5500 version 8.4. This release is coming after almost one year from the previous major release (version 8.3 was introduced in Feb-March 2010). You can upgrade to version 8.4 from any previous ASA version but you should know that if your current software release is older than 8.3, you will need memory upgrade as well (for ASA models 5505, 5510, 5520, 5540). Also, ASA version 8.4 requires ASDM GUI version 6.4 and later.

Most Notable Changes in new version

There are not many important changes compared to 8.3 and older except a couple of new features such as EtherChannel support, stateful failover with dynamic routing protocols, ability to see the top CPU processes etc. In more detail:

EtherChannel Support:

This is the biggest change in my opinion. With EtherChannel (supported on 5510 and higher models) you can group together up to eight physical interfaces which can form one EtherChannel group (up to 48 EtherChannel groups can be created). Therefore, you can have flexible incremental bandwidth since the EtherChannel technology allows bandwidth aggregation in multiples of 100Mbps, 1Gbps, or 10Gbps depending on the speed of the aggregated physical links. Also, resiliency and load balancing between the links is improved.

Stateful Failover with Dynamic Routing Protocols

In the past, when you had dynamic routing protocols configured on the device (such as OSPF, EIGRP) and the device was running in Active/Standby redundancy mode, any failover from the active to the standby device resulted in losing all dynamically learned routes. Now, routes that are learned through dynamic routing protocols on the active unit are now maintained in a Routing table on the standby unit. Upon a failover event, traffic on the secondary unit now passes with minimal disruption because routes are already known on the secondary standby unit.

Show Top CPU Processes

You can now monitor the processes running on the device and see how much CPU is consumed by each process. Use the command show process cpu-usage sorted.

Scalability Features

The new release increases some scalability features (such as number of Vlans, connections, contexts, Anyconnect VPN sessions etc) mainly on higher end models such as 5580, 5585-X.

The full additional feature list can be found on the official Cisco release notes here.