The Web Proxy filter can go around 350Mbps, and the stateful packet inspection engine supports over 2Gbps.
-----Original Message----- From: Aaron T. Rohyans [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2008 3:11 PM To: NT System Admin Issues Subject: RE: Cisco ASA 5500 For small to mid-size business, perhaps. It's all personal preference really. That being said, somehow I doubt that ISA has 10Gbps (cleartext) and 1Gbps (encrypted) throughput when sitting on a backbone Service Provider network. Packet Filter Firewalls still serve a purpose :) Aaron Rohyans IT Coordinator, IDC-USA [EMAIL PROTECTED] 317.244.8307 (V) 317.244.4600 (F) -----Original Message----- From: Steve Moffat [mailto:[EMAIL PROTECTED] On Behalf Of NTSysAdmin Sent: Friday, October 24, 2008 1:49 PM To: NT System Admin Issues Subject: RE: Cisco ASA 5500 Time to do what the good Dr Shinder says & move to ISA.....still not 1 documented compromise or security issue since 2000. Get rid of your packet filters and put in a real firewall. :) -----Original Message----- From: Mike French [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2008 2:42 PM To: NT System Admin Issues Subject: Cisco ASA 5500 FYI..... October 23, SearchSecurity - (International) Cisco warns of security appliance flaws. Cisco Systems Inc. warned of multiple flaws in its ASA 5500 Series Adaptive Security Appliances and PIX Security Appliances that could be used by an attacker to bypass security controls and gain access to critical systems. The appliances are used to provide a variety of network security features to address Voice over Internet Protocol (VoIP) security, VPN connections for remote employees and firewall services. Cisco's advisory warned of a Windows NT domain authentication bypass vulnerability, IPv6 denial of service flaw and crypto accelerator memory leak vulnerability. Cisco said its ASA and PIX devices could be susceptible to VPN authentication bypass since they support Microsoft Windows server operating systems, which are vulnerable to a Windows NT Domain authentication flaw. Appliances configured for IPSec or SSL-based remote access VPN may be vulnerable, Cisco said. The IPv6 denial-of-service flaw could cause an IPv6 packet to force ASA and PIX devices to reload. Cisco said devices running software versions from 7.2(4)9 or 7.2(4)10 that have IPv6 enabled are vulnerable to this issue. ASA appliances are vulnerable to a crypto accelerator memory leak vulnerability. Source: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1335 757,00.html MIKE FRENCH NETWORK ENGINEER ~EQUITY BANK Office: 214.231.4565 [EMAIL PROTECTED] Doing IT Right! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~