Cisco Secure Firewall ISA3000
Security, speed, and scalability for a powerful data center
Our Price: Request a Quote
Click here for more options and pricing!
Please Note: All Prices are Inclusive of GST
Overview:
The ISA3000 bundles the proven security of the Cisco Secure Firewall with the visibility and control of industrial protocols and applications developed by leading automation vendors such as Omron, Rockwell, GE, Schneider, Siemens, and others. The ISA3000 is key as you start converging IT and OT security and capturing the benefits of your industrial digitization efforts.
As a foundational component of your IoT/OT security journey, the ISA3000 is the ideal ruggedized firewall to segment industrial networks, protect OT assets from potential threats, and build compliance with a variety of industrial standards, regulations, and guidelines such as NERC-CIP, ISA99/IEC62443, CFATS, ANSI/AWWA G430, and others.
Certified for deployment in the most demanding industries (power utilities, oil and gas, transportation, mining, manufacturing, water utilities, and more), the ISA3000 is widely used as a DMZ firewall to connect small, distributed industrial sites, enforce segmentation of large internal networks, and manage VPN connections to enable secure management of remote assets and seamless distributed operations.
The ISA3000 protects industrial processes and vulnerable control equipment. It leverages industry-leading threat detection and vulnerability exploit protection rules developed by Cisco Talos®, including thousands of industrial-focused rules. Using OpenAppID and Deep Packet Inspection (DPI) of industrial protocols, it even lets you write your own custom detectors to create alerts and block or allow traffic based on the industrial application flows you most care about. Cisco Advanced Malware Protection (AMP) is also built in to continuously track suspect file propagation.
Features and benefits
Enforce security policies in IoT/OT environment
Control industrial network traffic. Cisco ISA3000 supports OT protocols including DNP3, CIP, Modbus, IEC61850, and more.
Certified for deployment in the most demanding industries
Deploy reliable security. Cisco ISA3000 is built to support extreme temperature, vibration, shock, surge, and electrical noise.
Advanced IT and OT threat detection and protection
Cisco ISA3000 leverages industry-leading Talos threat intelligence, including thousands of ICS rules to protect unpatched OT devices.
Product Overview:
The Cisco Secure Firewall ISA3000 offers:
- Controlled traffic to, from, and between manufacturing cells or industrial zones
- Secured WAN connectivity for power substations and isolated industrial assets
- Flexible and secure enterprise-class remote access
- Critical network infrastructure services such as IP routing, NAT, DNS, DHCP, and more
- Unequaled threat protection for every level of networking and computing — from the switch, router, OS, and compute infrastructure to industrial control systems
- Wide support for industrial protocols for visibility and control over every level of your applications in both the industrial and enterprise space
- More levels of traffic continuity safety than other offerings in the industrial space
- Common Criteria for IT security certification.
Build your industrial DMZ
Secure small distributed industrial sites. The ISA3000 is the ideal DMZ firewall to connect utility substations, pipeline networks, remote control units, or street cabinets.
Secure operations with network segmentation
Prevent any threats or malicious actors from moving unchallenged laterally through the network. The ISA3000 separates the various parts of your industrial network so that business-critical processes are kept safe.
Protect vulnerable assets from malicious activities
Block threats and exploits to vulnerable industrial control equipment. The ISA3000 leverages threat intelligence from Cisco Talos to detect malicious activity or harmful traffic and protect assets that cannot be patched.
Connect machines with duplicate IP addresses
Enable communications between different machines and cells without changing IP addresses. The ISA3000 translates IP addresses and secures communications so you can easily connect prebuilt systems.
Technical Specifications:
Cisco Secure Firewall ISA3000 General Capabilities | |
---|---|
Capability | Features |
Robust industrial design |
|
User-friendly GUI device manager |
|
Traffic continuity and protection |
|
OT and ICS protocol support |
|
Access control capabilities | |
---|---|
Capability | Features |
Proven, extensible access control |
|
Application control |
|
Remote access enablement and control |
|
Multilevel access controls |
|
Cisco TrustSec® controls |
|
Networking capabilities | |
---|---|
Capability | Features |
DMZ infrastructure |
|
Layer 3 routing |
|
Network Address Translation (NAT) |
|
Layer 2 IPv6 |
|
Trunking |
|
Logging |
|
Clock synchronization |
|
Performance specifications | |
---|---|
Feature | Performance |
Throughput: NGIPS (1024B) | 500 Mbps |
Throughput: Firewall (FW) + Application Visibility and Control (AVC) (1024B) | 375 Mbps |
Throughput: FW + AVC + Intrusion Prevention System (IPS) (1024B) | 350 Mbps |
Maximum concurrent sessions, with AVC | 50,000 |
Maximum new connections per second, with AVC | 2700 |
IPsec VPN throughput (1024B TCP with Fastpath) |
50 Mbps |
Maximum VPN peers | 25 |
Application Visibility and Control (AVC) | Standard, supporting more than 4000 applications as well as geo locations, users, and websites |
URL filtering | More than 80 categories More than 280 million URLs categorized |
Defined interfaces | 200, 400 (with SecPlus license on ASA), 400 (FTD) |
VLAN counts | 5, 100 (with SecPlus license on ASA), 100 (FTD) |
IPv4 MACsec Access Control Entries (ACEs) | 1000 with default TCAM template |
NAT | Bidirectional, 128 unique subnet NAT entries, which can expand to tens of thousands of translated entries if designed properly |
Security feature specifications | |
---|---|
Feature | Support information |
Transport Layer Security (TLS) decryption | Yes |
AVC: OpenAppID support for custom, open-source application detectors | Standard |
Cisco security intelligence | Standard, with IP, URL, and DNS threat intelligence |
Cisco Firepower NGIPS | Available; can passively detect endpoints and infrastructure for threat correlation and IoC intelligence |
Cisco Secure Firewall (formerly Cisco AMP for Networks) |
Available; enables detection, blocking, tracking, analysis, and containment of targeted and persistent malware, addressing the attack continuum both during and after attacks. Integrated threat correlation with Cisco Secure Endpoint (formerly Cisco AMP for Endpoints) is also optionally available |
Cisco Secure Malware Analytics (formerly Cisco Threat Grid) sandboxing |
Available |
Automated threat feed and IPS signature updates | Yes: class-leading Collective Security Intelligence (CSI) from the Cisco Talos group (https://www.cisco.com/c/en/us/products/security/talos.html) |
Third-party and open-source ecosystem | Open API for integrations with third-party products; Snort® and OpenAppID community resources for new and specific threats |
High availability and clustering | Active/standby failover |
Cisco Trust Anchor technologies | Includes Trust Anchor technologies for supply chain and software image assurance |
Physical specifications | |
---|---|
Description | Specification |
Hardware |
|
Alarm I/O |
|
Dimensions (WxHxD) |
|
Weight |
|
Power supply and ranges |
|
Mean time between failures (MTBF) |
|
Documentation:
Download the Cisco Secure Firewall ISA300 Datasheet (.PDF)
Pricing Notes:
- All Prices are Inclusive of GST
- Pricing and product availability subject to change without notice.
Our Price: Request a Quote