Call a Specialist Today! (02) 9388 1741
Free Delivery! Free Delivery!

Cisco Secure Firewall ISA3000
Security, speed, and scalability for a powerful data center


Cisco C1200 Series Stack Image
Cisco Products
Cisco Firewall ISA3000
Cisco Industrial Security Appliance 3000 2 copper 2 fiber ports
#ISA-3000-2C2F-K9=
Our Price: Request a Quote

Click here for more options and pricing!

Please Note: All Prices are Inclusive of GST


Overview:

The ISA3000 bundles the proven security of the Cisco Secure Firewall with the visibility and control of industrial protocols and applications developed by leading automation vendors such as Omron, Rockwell, GE, Schneider, Siemens, and others. The ISA3000 is key as you start converging IT and OT security and capturing the benefits of your industrial digitization efforts.

As a foundational component of your IoT/OT security journey, the ISA3000 is the ideal ruggedized firewall to segment industrial networks, protect OT assets from potential threats, and build compliance with a variety of industrial standards, regulations, and guidelines such as NERC-CIP, ISA99/IEC62443, CFATS, ANSI/AWWA G430, and others.

Certified for deployment in the most demanding industries (power utilities, oil and gas, transportation, mining, manufacturing, water utilities, and more), the ISA3000 is widely used as a DMZ firewall to connect small, distributed industrial sites, enforce segmentation of large internal networks, and manage VPN connections to enable secure management of remote assets and seamless distributed operations.

The ISA3000 protects industrial processes and vulnerable control equipment. It leverages industry-leading threat detection and vulnerability exploit protection rules developed by Cisco Talos®, including thousands of industrial-focused rules. Using OpenAppID and Deep Packet Inspection (DPI) of industrial protocols, it even lets you write your own custom detectors to create alerts and block or allow traffic based on the industrial application flows you most care about. Cisco Advanced Malware Protection (AMP) is also built in to continuously track suspect file propagation.

Features and benefits

Enforce security policies in IoT/OT environment

Control industrial network traffic. Cisco ISA3000 supports OT protocols including DNP3, CIP, Modbus, IEC61850, and more.


Certified for deployment in the most demanding industries

Deploy reliable security. Cisco ISA3000 is built to support extreme temperature, vibration, shock, surge, and electrical noise.


Advanced IT and OT threat detection and protection

Cisco ISA3000 leverages industry-leading Talos threat intelligence, including thousands of ICS rules to protect unpatched OT devices.

Product Overview:

The Cisco Secure Firewall ISA3000 offers:

  • Controlled traffic to, from, and between manufacturing cells or industrial zones
  • Secured WAN connectivity for power substations and isolated industrial assets
  • Flexible and secure enterprise-class remote access
  • Critical network infrastructure services such as IP routing, NAT, DNS, DHCP, and more
  • Unequaled threat protection for every level of networking and computing — from the switch, router, OS, and compute infrastructure to industrial control systems
  • Wide support for industrial protocols for visibility and control over every level of your applications in both the industrial and enterprise space
  • More levels of traffic continuity safety than other offerings in the industrial space
  • Common Criteria for IT security certification.

Build your industrial DMZ

Secure small distributed industrial sites. The ISA3000 is the ideal DMZ firewall to connect utility substations, pipeline networks, remote control units, or street cabinets.

Secure operations with network segmentation

Prevent any threats or malicious actors from moving unchallenged laterally through the network. The ISA3000 separates the various parts of your industrial network so that business-critical processes are kept safe.

Protect vulnerable assets from malicious activities

Block threats and exploits to vulnerable industrial control equipment. The ISA3000 leverages threat intelligence from Cisco Talos to detect malicious activity or harmful traffic and protect assets that cannot be patched.

Connect machines with duplicate IP addresses

Enable communications between different machines and cells without changing IP addresses. The ISA3000 translates IP addresses and secures communications so you can easily connect prebuilt systems.

Technical Specifications:

ISA3000 Diagram

Cisco Secure Firewall ISA3000 General Capabilities
Capability Features
Robust industrial design
  • Built for harsh environments and temperature ranges (-40° to 158°F; -40° to 70°C)
  • Hardened for vibration, shock, surge, and electrical noise immunity
  • Four Gigabit Ethernet uplink ports, providing multiple resilient design options (4 copper or 2 copper plus 2 fiber)
  • Complies with multi-industry specifications for industrial automation, Intelligent Transport Systems (ITS), and electrical substation environments
  • Improves uptime, performance, and safety of industrial systems and equipment
  • Compact DIN rail unit design with industrial LED features, allowing easy monitoring
  • Fanless and convection cooled with no moving parts for extended durability
  • IEEE 1588v2 Precision Time Protocol (PTP) clock synchronization (default profile is supported)
  • Alarm I/O for monitoring and signaling to external equipment.
User-friendly GUI device manager
  • On-device management for local awareness and immediate control using Cisco Firepower ® Device Manager
  • Centralized management configuration, logging, monitoring, and reporting using Cisco Firepower Management Center
  • Cloud-based management option available with Cisco Defense Orchestrator
  • Multidevice management that handles hundreds of devices
  • User-specific access and control customizations
Traffic continuity and protection
  • Full “lights out” traffic bypass copper ports
  • Default passive deployment learning mode
  • Software updates without traffic loss
  • Connection limitations to protect from denial-of-service-causing traffic
  • Latency detection and mitigation functions
  • Quality-of-service policies
OT and ICS protocol support
  • BACnet
  • Common Industrial Protocol (CIP) (AppID for individual CIP applications available)
  • Companion Specification for Energy Metering (COSEM)
  • Connection Oriented Transport Protocol (COTP)
  • Distributed Network Protocol (DNP3)
  • EtherNet/IP
  • Generic Object Oriented Substation Events (GOOSE)
  • Generic Substation Events (GSE)
  • Emission Control Protocol
  • Fujitsu Device Control
  • Honeywell Control Station/NIF Server
  • Honeywell Esperion DSA Server Monitor
  • IEC 60870-5-104 (AppID for individual commands available)
  • IEC 61850 MMS (AppID for individual commands available)
  • ISO Manufacturing Message Specification (MMS)
  • Modbus
  • Omron FINS
  • OPC Unified Architecture (OPC-UA)
  • Q.931
  • Siemens S7
  • SRC
  • TPKT
Access control capabilities
Capability Features
Proven, extensible access control
  • Enforces ISA99/IEC 62443 segmentation needs
  • Stateful inspection (Layers 2 through 7)
  • Transparent and routed firewall operation modes
  • Provides features to enable electronic security perimeter (ESP) for NERC-CIP compliance
  • Next-Generation Intrusion Prevention System (NGIPS)
  • Identity-based access control policies (users, devices, SGTs, etc.)
  • VPN: Remote Access, site-to-site
Application control
  • Visibility and control of all DMZ infrastructure
  • Visibility and control of industrial applications
  • Visibility and control of individual protocol commands and values
  • ICS/OT protocol visibility and/or control
Remote access enablement and control
  • Network access control via Cisco AnyConnect ®
  • Cisco ISE support
  • Site-to-site VPN
  • Remote Access VPN
  • Cisco Secure Desktop
  • Support for Citrix and VMware clientless connections
Multilevel access controls
  • Global block lists — automated or manual
  • Global allow lists
  • Third-party intelligence feed utilization
  • File allow lists
  • File block lists
  • Application-level access control
  • 802.1X support
Cisco TrustSec® controls
  • In-band and out-of-band identity
  • Active Directory integration
  • Policy based on SGTs
  • 802.1X support
  • MACsec and MAC Authentication Bypass (MAB) support
  • Enforces endpoint security state for remote access
Networking capabilities
Capability Features
DMZ infrastructure
  • DNS services
  • Dynamic Host Configuration Protocol (DHCP) services
  • Authentication, authorization, and accounting (AAA) support
  • IP routing (v4 and v6)
Layer 3 routing
  • IPv4 static routing
  • Dynamic routing (Routing Information Protocol [RIP], Enhanced Internet Gateway Routing Protocol [EIGRP], Intermediate System to Intermediate System [IS-IS], Open Shortest Path First [OSPF], and Border Gateway Protocol [BGP])
Network Address Translation (NAT)
  • Static NAT
  • With port translation, one-to-many, nonstandard ports
  • Dynamic NAT
  • Dynamic Port Address Translation (PAT)
  • Identity NAT
Layer 2 IPv6
  • IPv6 host support, HTTP over IPv6, Simple Network Management Protocol (SNMP) over IPv6
Trunking
  • 802.1q trunks supported
Logging
  • Local logs, syslog, Security Analytics and Logging (SAL), eStreamer, and Log in the management application
  • Proven integration with leading security information and event management (SIEM) systems (QRadar, Splunk, etc.)
Clock synchronization
  • IEEE 1588 (hardware-enabled PTP)
Performance specifications
Feature Performance
Throughput: NGIPS (1024B) 500 Mbps
Throughput: Firewall (FW) + Application Visibility and Control (AVC) (1024B) 375 Mbps
Throughput: FW + AVC + Intrusion Prevention System (IPS) (1024B) 350 Mbps
Maximum concurrent sessions, with AVC 50,000
Maximum new connections per second, with AVC 2700
IPsec VPN throughput
(1024B TCP with Fastpath)
50 Mbps
Maximum VPN peers 25
Application Visibility and Control (AVC) Standard, supporting more than 4000 applications as well as geo locations, users, and websites
URL filtering More than 80 categories

More than 280 million URLs categorized
Defined interfaces 200, 400 (with SecPlus license on ASA), 400 (FTD)
VLAN counts 5, 100 (with SecPlus license on ASA), 100 (FTD)
IPv4 MACsec Access Control Entries (ACEs) 1000 with default TCAM template
NAT Bidirectional, 128 unique subnet NAT entries, which can expand to tens of thousands of translated entries if designed properly
Security feature specifications
Feature Support information
Transport Layer Security (TLS) decryption Yes
AVC: OpenAppID support for custom, open-source application detectors Standard
Cisco security intelligence Standard, with IP, URL, and DNS threat intelligence
Cisco Firepower NGIPS Available; can passively detect endpoints and infrastructure for threat correlation and IoC intelligence
Cisco Secure Firewall
(formerly Cisco AMP for Networks)
Available; enables detection, blocking, tracking, analysis, and containment of targeted and persistent malware, addressing the attack continuum both during and after attacks. Integrated threat correlation with Cisco Secure Endpoint (formerly Cisco AMP for Endpoints) is also optionally available
Cisco Secure Malware Analytics
(formerly Cisco Threat Grid) sandboxing
Available
Automated threat feed and IPS signature updates Yes: class-leading Collective Security Intelligence (CSI) from the Cisco Talos group (https://www.cisco.com/c/en/us/products/security/talos.html)
Third-party and open-source ecosystem Open API for integrations with third-party products; Snort® and OpenAppID community resources for new and specific threats
High availability and clustering Active/standby failover
Cisco Trust Anchor technologies Includes Trust Anchor technologies for supply chain and software image assurance
Physical specifications
Description Specification
Hardware
  • 4-core Intel Atom processor (industrial temp.)
  • 8-GB DRAM (soldered down)
  • 16-GB onboard flash memory
  • mSATA 64 GB
  • 1-GB removable SD flash memory card (industrial temp.)
  • Mini-USB connector for console
  • RJ-45 traditional console connector
  • Dedicated 10/100/1000 management port
  • Hardware-based anti-counterfeit, anti-tamper chip
  • Factory reset option
Alarm I/O
  • Two alarm inputs to detect dry contact open or closed
  • One Form C alarm output relay
Dimensions (WxHxD)
  • 11.2 x 13 x 16 cm (4.41 x 5.12 x 6.30 in.)
Weight
  • 1.9 kg (4.2 lb)
Power supply and ranges
  • Dual internal DC
  • Nominal: ± 12V DC, 24V DC, or 48V DC
  • Maximum range: 9.6V DC to 60V DC
  • Power consumption: 24W
Mean time between failures (MTBF)
  • ISA-3000-4C: 398,130 hours
  • ISA-3000-2C2F: 376,580 hours

Documentation:

Download the Cisco Secure Firewall ISA300 Datasheet (.PDF)

It appears you don't have a PDF plugin for this browser. No biggie... you can click here to download the PDF file.

Pricing Notes:

Cisco Products
Cisco Firewall ISA3000
Cisco Industrial Security Appliance 3000 2 copper 2 fiber ports
#ISA-3000-2C2F-K9=
Our Price: Request a Quote