The ASA (Adaptive Security Appliance) is a network security product that is a part of Cisco’s Advanced Network Firewall portfolio. A network Firewall is a hardware or software device that sits usually at the edge of a network and provides security by allowing or denying traffic based upon a set of pre-configured rules. In large […]
Traffic Rate and Bandwidth Limiting on Cisco ASA Firewall
With the new modular policy framework (MPF) introduced in ASA versions 7.x and 8.x, the firewall administrator is now able to apply policing and rate limiting to traffic passing through the ASA appliance. I got a few questions from people how this functionality works and decided to throw in a quick example below which you […]
Cisco ASA Firewall (5500 and 5500-X) Security Levels Explained
This article describes the security levels concept as used in the Cisco ASA firewall appliance. The following information applies to both the older 5500 series and the newer 5500-X series of appliances. What is Security Level A Security Level is assigned to interfaces (either physical or logical sub-interfaces) and it is basically a number from […]
Cisco ASA 5505-5510-5520-5540-5550-5580 Performance Throughput and Specs
The Cisco ASA 5500 series of firewall appliances has been in the market for a long time when they replaced the older PIX hardware firewalls. The new generation of-course listens to the name ASA 5500-X which is currently in the market. However many professionals and companies still have older ASA 5500 series firewall appliances in […]
Password Recovery for the Cisco ASA 5500 Firewall (5505,5510,5520 etc)
If you have lost the administrator password to access the security appliance you can recover the ASA password with the following steps: Recovering your Password on Cisco ASA Step1: Connect to the firewall using a console cable Step2: Power cycle the appliance (power off and then on) Step3: Press the Escape key to enter ROMMON […]
Cisco ASA 5505, 5510 Base Vs Security Plus License Explained
CISCO ASA 5505 CISCO ASA 5510 The two smallest ASA Firewall models, the 5505 and the 5510, are the only ones that have two types of licenses. They can be ordered either with a Base License or a Security Plus License. Many customers of mine are always asking me what the difference is between the […]
How to Block HTTP DDoS Attack with Cisco ASA Firewall
Denial of Service attacks (DoS) are very common these days. Especially Distributed DoS attacks (called also DDoS) can be executed quite easily by attackers who own large networks of BotNets. Thousands of malware-infected computers (which comprise the so called “BotNets”) are controlled by attackers and can be instructed to start attacks at any target. Usually […]
How to Block Access to Websites with a Cisco ASA Firewall (with FQDN)
In this article I will show you how to deny access to specific websites (domain names) with a normal Cisco ASA firewall. This works on either the older 5500 models or the new 5500-X series devices. The only pre-requisite for the firewall is to run software version 8.4.2 and later. Also, you don’t need to […]
DNS Doctoring – Access Internal WebSite using its public URL
In this post we will discuss DNS Doctoring on Cisco ASA firewalls. This is a useful feature and although it’s very simple to configure, not many people know about it. DNS Doctoring is helpful in the following situation: Assume you have a Web Server connected to a DMZ zone on a Cisco ASA firewall and […]
ExtraBacon Cisco ASA Vulnerability
A new serious vulnerability was discovered on Cisco ASA devices, called “EXTRABACON”, and was recently patched by Cisco by releasing several software updates for the device. You need to carefully read the following security advisory (CVE-2016-6366) from Cisco and patch your devices as soon as possible. At the end of the article above there is […]
No switch option on Cisco ASA 5506-X
The new ASA 5506-X and 5508-X were released a few months ago from Cisco and are the models which will replace the very successful ASA5505 SOHO firewall. Especially the 5506-X is marketed as the ideal replacement for the 5505 which was very popular and successful in small network deployments. As you might know already, the […]
New Cisco ASA 5506-X / 5508-X will replace ASA 5505
Currently the smallest ASA appliance is the 5505 which has been in the market for several years with millions of installations worldwide. This small, passively cooled firewall still receives all the latest ASA software upgrades and features and has been a favorite firewall appliance for SOHO or Small/Medium Businesses. The ASA 5505 is equipped with […]
Cisco ASA Firewall Fundamentals Book now available on Amazon
I’m excited to announce today that my ASA book “Cisco ASA Firewall Fundamentals-3rd Edition” is now available on Amazon as a physical Paperback book. I have had numerous requests from people to publish my book in printed format as well, so here we go. The book is available on almost all Amazon websites and you […]