Cisco ASA 9.4 Code Release

Share on:

This code release brings with it a couple of interesting features and new models to the plethora of Cisco ASA devices already on offer. The new devices added to the ASA family are:

  • ASA 5506W-X — ASA 5506 with inbuilt Wireless Access Point
  • ASA 5506H-X — ASA 5506 Hardened Edition (Ruggedized)
  • ASA 5508-X
  • ASA 5516-X

So a couple of points on the new models, the 5506W-X has an in-built wireless access point which is great for those remote office type scenarios, where you basically want to send down a device that does their routing, switching and wireless on the one appliance. Great little device and I can see this having quite a bit of adoption for executives who already have Easy VPN setups or similar. A couple of points to note on the 5506W-X are:

  • Wireless AP functionality disabled by default
  • Supports 802.11 a/b/g/n but maximum throughput limited to 54 Mbps
  • Internal Antenna only
  • Can be locally administered or centrally via a WLC
  • AP reference is the Cisco 702 series

Next the 5506H-X is a ruggedized appliance meant for industrial control systems and critical infrastructure.

Also we have the 5508-X and 5516-X which are both 1RU units that offer the traditional ASA feature set along with FirePower Services.

In addition to the new hardware supported by ASA code 9.4, we have a couple of other notable features which I am sure will be welcome by all Network Engineers, they are:

  • VXLAN Inspection
  • ASA clustering now supports DHCP Relay
  • Policy Based Routing (PBR)
  • Memory tracking for EEM – write EEM applets for memory events, great for troubleshooting
  • OWA 2013 support for clientless VPN
  • Periodic certificate authentication – re-authenticate VPN clients using thier certificates periodically, great way to check if their certificate is still valid

For the full list of features, please refer to the Release Notes

Overall a solid release with some great new hardware models. It will be interesting to see if Cisco release more new appliances which are even more capable and how much FirePower will be central to the security methodology that Cisco have adopted since the SourceFire acquisition.