Cisco Secure Firewall ISA3000
Security, speed, and scalability for a powerful data center

Cisco Products

Cisco Firewall ISA3000

Cisco Industrial Security Appliance 3000 2 copper 2 fiber ports

#ISA-3000-2C2F-K9=
המחיר שלנו: הצעת מחיר

הצעת מחיר

מחירים נוספים מופיעים למטה, או לחצו כאן!

שימו לב: כל המחירים באתר כוללים מע"מ. החיוב יבוצע על פי שער "העברות והמחאות מכירה" של המטבע (דולר אמריקאי) ביום אישור ההזמנה.

Overview:

The ISA3000 bundles the proven security of the Cisco Secure Firewall with the visibility and control of industrial protocols and applications developed by leading automation vendors such as Omron, Rockwell, GE, Schneider, Siemens, and others. The ISA3000 is key as you start converging IT and OT security and capturing the benefits of your industrial digitization efforts.

As a foundational component of your IoT/OT security journey, the ISA3000 is the ideal ruggedized firewall to segment industrial networks, protect OT assets from potential threats, and build compliance with a variety of industrial standards, regulations, and guidelines such as NERC-CIP, ISA99/IEC62443, CFATS, ANSI/AWWA G430, and others.

Certified for deployment in the most demanding industries (power utilities, oil and gas, transportation, mining, manufacturing, water utilities, and more), the ISA3000 is widely used as a DMZ firewall to connect small, distributed industrial sites, enforce segmentation of large internal networks, and manage VPN connections to enable secure management of remote assets and seamless distributed operations.

The ISA3000 protects industrial processes and vulnerable control equipment. It leverages industry-leading threat detection and vulnerability exploit protection rules developed by Cisco Talos®, including thousands of industrial-focused rules. Using OpenAppID and Deep Packet Inspection (DPI) of industrial protocols, it even lets you write your own custom detectors to create alerts and block or allow traffic based on the industrial application flows you most care about. Cisco Advanced Malware Protection (AMP) is also built in to continuously track suspect file propagation.

Features and benefits

Enforce security policies in IoT/OT environment

Control industrial network traffic. Cisco ISA3000 supports OT protocols including DNP3, CIP, Modbus, IEC61850, and more.

Certified for deployment in the most demanding industries

Deploy reliable security. Cisco ISA3000 is built to support extreme temperature, vibration, shock, surge, and electrical noise.

Advanced IT and OT threat detection and protection

Cisco ISA3000 leverages industry-leading Talos threat intelligence, including thousands of ICS rules to protect unpatched OT devices.

Product Overview:

The Cisco Secure Firewall ISA3000 offers:

Controlled traffic to, from, and between manufacturing cells or industrial zones
Secured WAN connectivity for power substations and isolated industrial assets
Flexible and secure enterprise-class remote access
Critical network infrastructure services such as IP routing, NAT, DNS, DHCP, and more
Unequaled threat protection for every level of networking and computing - from the switch, router, OS, and compute infrastructure to industrial control systems
Wide support for industrial protocols for visibility and control over every level of your applications in both the industrial and enterprise space
More levels of traffic continuity safety than other offerings in the industrial space
Common Criteria for IT security certification.

Build your industrial DMZ

Secure small distributed industrial sites. The ISA3000 is the ideal DMZ firewall to connect utility substations, pipeline networks, remote control units, or street cabinets.

Secure operations with network segmentation

Prevent any threats or malicious actors from moving unchallenged laterally through the network. The ISA3000 separates the various parts of your industrial network so that business-critical processes are kept safe.

Protect vulnerable assets from malicious activities

Block threats and exploits to vulnerable industrial control equipment. The ISA3000 leverages threat intelligence from Cisco Talos to detect malicious activity or harmful traffic and protect assets that cannot be patched.

Connect machines with duplicate IP addresses

Enable communications between different machines and cells without changing IP addresses. The ISA3000 translates IP addresses and secures communications so you can easily connect prebuilt systems.

Technical Specifications:

ISA3000 Diagram

Cisco Secure Firewall ISA3000 General Capabilities
Capability	Features
Robust industrial design	Built for harsh environments and temperature ranges (-40° to 158°F; -40° to 70°C) Hardened for vibration, shock, surge, and electrical noise immunity Four Gigabit Ethernet uplink ports, providing multiple resilient design options (4 copper or 2 copper plus 2 fiber) Complies with multi-industry specifications for industrial automation, Intelligent Transport Systems (ITS), and electrical substation environments Improves uptime, performance, and safety of industrial systems and equipment Compact DIN rail unit design with industrial LED features, allowing easy monitoring Fanless and convection cooled with no moving parts for extended durability IEEE 1588v2 Precision Time Protocol (PTP) clock synchronization (default profile is supported) Alarm I/O for monitoring and signaling to external equipment.
User-friendly GUI device manager	On-device management for local awareness and immediate control using Cisco Firepower ^® Device Manager Centralized management configuration, logging, monitoring, and reporting using Cisco Firepower Management Center Cloud-based management option available with Cisco Defense Orchestrator Multidevice management that handles hundreds of devices User-specific access and control customizations
Traffic continuity and protection	Full "lights out" traffic bypass copper ports Default passive deployment learning mode Software updates without traffic loss Connection limitations to protect from denial-of-service-causing traffic Latency detection and mitigation functions Quality-of-service policies
OT and ICS protocol support	BACnet Common Industrial Protocol (CIP) (AppID for individual CIP applications available) Companion Specification for Energy Metering (COSEM) Connection Oriented Transport Protocol (COTP) Distributed Network Protocol (DNP3) EtherNet/IP Generic Object Oriented Substation Events (GOOSE) Generic Substation Events (GSE) Emission Control Protocol Fujitsu Device Control Honeywell Control Station/NIF Server Honeywell Esperion DSA Server Monitor IEC 60870-5-104 (AppID for individual commands available) IEC 61850 MMS (AppID for individual commands available) ISO Manufacturing Message Specification (MMS) Modbus Omron FINS OPC Unified Architecture (OPC-UA) Q.931 Siemens S7 SRC TPKT

Access control capabilities
Capability	Features
Proven, extensible access control	Enforces ISA99/IEC 62443 segmentation needs Stateful inspection (Layers 2 through 7) Transparent and routed firewall operation modes Provides features to enable electronic security perimeter (ESP) for NERC-CIP compliance Next-Generation Intrusion Prevention System (NGIPS) Identity-based access control policies (users, devices, SGTs, etc.) VPN: Remote Access, site-to-site
Application control	Visibility and control of all DMZ infrastructure Visibility and control of industrial applications Visibility and control of individual protocol commands and values ICS/OT protocol visibility and/or control
Remote access enablement and control	Network access control via Cisco AnyConnect ^® Cisco ISE support Site-to-site VPN Remote Access VPN Cisco Secure Desktop Support for Citrix and VMware clientless connections
Multilevel access controls	Global block lists - automated or manual Global allow lists Third-party intelligence feed utilization File allow lists File block lists Application-level access control 802.1X support
Cisco TrustSec^® controls	In-band and out-of-band identity Active Directory integration Policy based on SGTs 802.1X support MACsec and MAC Authentication Bypass (MAB) support Enforces endpoint security state for remote access

Networking capabilities
Capability	Features
DMZ infrastructure	DNS services Dynamic Host Configuration Protocol (DHCP) services Authentication, authorization, and accounting (AAA) support IP routing (v4 and v6)
Layer 3 routing	IPv4 static routing Dynamic routing (Routing Information Protocol [RIP], Enhanced Internet Gateway Routing Protocol [EIGRP], Intermediate System to Intermediate System [IS-IS], Open Shortest Path First [OSPF], and Border Gateway Protocol [BGP])
Network Address Translation (NAT)	Static NAT With port translation, one-to-many, nonstandard ports Dynamic NAT Dynamic Port Address Translation (PAT) Identity NAT
Layer 2 IPv6	IPv6 host support, HTTP over IPv6, Simple Network Management Protocol (SNMP) over IPv6
Trunking	802.1q trunks supported
Logging	Local logs, syslog, Security Analytics and Logging (SAL), eStreamer, and Log in the management application Proven integration with leading security information and event management (SIEM) systems (QRadar, Splunk, etc.)
Clock synchronization	IEEE 1588 (hardware-enabled PTP)

Performance specifications
Feature	Performance
Throughput: NGIPS (1024B)	500 Mbps
Throughput: Firewall (FW) + Application Visibility and Control (AVC) (1024B)	375 Mbps
Throughput: FW + AVC + Intrusion Prevention System (IPS) (1024B)	350 Mbps
Maximum concurrent sessions, with AVC	50,000
Maximum new connections per second, with AVC	2700
IPsec VPN throughput (1024B TCP with Fastpath)	50 Mbps
Maximum VPN peers	25
Application Visibility and Control (AVC)	Standard, supporting more than 4000 applications as well as geo locations, users, and websites
URL filtering	More than 80 categories More than 280 million URLs categorized
Defined interfaces	200, 400 (with SecPlus license on ASA), 400 (FTD)
VLAN counts	5, 100 (with SecPlus license on ASA), 100 (FTD)
IPv4 MACsec Access Control Entries (ACEs)	1000 with default TCAM template
NAT	Bidirectional, 128 unique subnet NAT entries, which can expand to tens of thousands of translated entries if designed properly

Security feature specifications
Feature	Support information
Transport Layer Security (TLS) decryption	Yes
AVC: OpenAppID support for custom, open-source application detectors	Standard
Cisco security intelligence	Standard, with IP, URL, and DNS threat intelligence
Cisco Firepower NGIPS	Available; can passively detect endpoints and infrastructure for threat correlation and IoC intelligence
Cisco Secure Firewall (formerly Cisco AMP for Networks)	Available; enables detection, blocking, tracking, analysis, and containment of targeted and persistent malware, addressing the attack continuum both during and after attacks. Integrated threat correlation with Cisco Secure Endpoint (formerly Cisco AMP for Endpoints) is also optionally available
Cisco Secure Malware Analytics (formerly Cisco Threat Grid) sandboxing	Available
Automated threat feed and IPS signature updates	Yes: class-leading Collective Security Intelligence (CSI) from the Cisco Talos group (https://www.cisco.co.il/c/en/us/products/security/talos.html)
Third-party and open-source ecosystem	Open API for integrations with third-party products; Snort^® and OpenAppID community resources for new and specific threats
High availability and clustering	Active/standby failover
Cisco Trust Anchor technologies	Includes Trust Anchor technologies for supply chain and software image assurance

Physical specifications
Description	Specification
Hardware	4-core Intel Atom processor (industrial temp.) 8-GB DRAM (soldered down) 16-GB onboard flash memory mSATA 64 GB 1-GB removable SD flash memory card (industrial temp.) Mini-USB connector for console RJ-45 traditional console connector Dedicated 10/100/1000 management port Hardware-based anti-counterfeit, anti-tamper chip Factory reset option
Alarm I/O	Two alarm inputs to detect dry contact open or closed One Form C alarm output relay
Dimensions (WxHxD)	11.2 x 13 x 16 cm (4.41 x 5.12 x 6.30 in.)
Weight	1.9 kg (4.2 lb)
Power supply and ranges	Dual internal DC Nominal: ± 12V DC, 24V DC, or 48V DC Maximum range: 9.6V DC to 60V DC Power consumption: 24W
Mean time between failures (MTBF)	ISA-3000-4C: 398,130 hours ISA-3000-2C2F: 376,580 hours

Documentation:

Download the Cisco Secure Firewall ISA300 Datasheet (PDF).

הערות תמחור:

מחירי המוצרים וזמינותם כפופים לשינויים ללא הודעה מוקדמת.