Data Sheet

Cisco Small Business ISA500 Series Integrated Security Appliances

An All-in-One Internet Access and Security Solution to Safeguard Your Small Business
The Cisco Small Business ISA500 Series Integrated Security Appliance is an all-in-one internet access and security solution that combines highly secure Internet, wireless, site-to-site, and remote access with a breadth of Unified Threat Management (UTM) capabilities. These capabilities include firewall, email, and web security, and application control to provide the peace of mind you need in order to know your small business is protected. Optimized specifically for small and medium businesses, the ISA500 is an affordable and easy-to-use solution that can be set up to start protecting your business in minutes. It takes full advantage of Cisco Security Intelligence Operations (SIO), which provides global threat intelligence to deliver superior threat protection. The combined power of the ISA500s comprehensive UTM security capabilities, easy-to-use design, and superior threat intelligence keeps your organization more secure, and increases both uptime and employee productivity, while minimizing operational costs and the risk of business disruption. The Cisco ISA500 Series utilizes a cloud-based approach to email and web security that minimizes management tasks and can enable responsive, agile protection against new threats. This in-depth inspection helps increase employee productivity by controlling web access, reducing spam emails, and minimizing phishing attacks, unauthorized intrusions, and other emerging threats. It also uses the 75 TB of threat telemetry from 1.6M devices per day from Cisco SIO to provide superior global threat intelligence and protection from sophisticated attacks. This comprehensive approach to threat protection helps free IT resources up from time-consuming virus eradication and system cleanup activities. In addition to the many capabilities already outlined, the Cisco ISA500 provides several other features that can help optimize business uptime. It offers WAN redundancy that supports failover, load balancing, and policy based routing (PBR) to keep businesses running when failures occur due to either a failed Internet connection or a failure within an ISP itself. Also, as part of the Cisco Small Business product portfolio, the Cisco ISA500 Series has been tested to ensure it works with other Cisco Small Business products and the uptime of the overall solution is increased. The ISA500 is also designed for todays dynamic organizations. It can enable mobile employees and business partners to more securely connect to networks over the Internet using IP Security (IPsec) or Secure Socket Layer (SSL) VPN services. With a Cisco ISA500 Series solution protecting your network, you can focus on serving customers and growing your business, instead of worrying about security issues.

Challenge
Small businesses need a simple, affordable and easy-to-deploy solution that provides Internet access in addition to all the security they need to ensure that this internet access is used safely and doesnt disrupt business productivity. They need a simple, straight forward way of providing the internet access they need and want to provide, but they dont want a solution thats so simplistic that theyre left vulnerable. As they open up their networks and applications to

20122013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 1 of 9

become more collaborative, mobile, and engaged they need to make sure this doesnt make them an open target for security threats like unauthorized access, viruses, internet threats and spyware. Here are some more detailed explanation of these challenges and the impact they can have:

Multi-box solutions for Internet access and comprehensive security can be cumbersome and drive up expenses

Unauthorized access can lead to loss of company data, unplanned downtime, unstable networks, and related liability concerns

Viruses can infect office networks, resulting in outages and lost revenue Internet threats can hamper your ability to meet regulatory and compliance requirements Email threats such as spam and phishing can make critical information available unintentionally and contribute to a loss of employee productivity

Spyware provides a view into your network and data that can lead to identity theft and business data loss Cloud technology and applications require robust security and encryption to avoid exposing sensitive business information to risks

Businesses are increasingly opening their networks to customers, partners, and public users through wireless and guest access, creating the potential for new security risks

Browsing of non-work-related and harmful websites and social media leads to lost productivity, exposure to viruses and spyware, and possible legal issues

Solution
The ISA500 Cisco Small Business ISA500 Security Appliance Series provides small businesses with an all-in-one solution for secure Internet access with comprehensive UTM security backed by Ciscos superior SIO thats easyto-deploy and provides VPN support for mobile and geographically dispersed employees. With its combined zonebased firewall, content security and highly secure access capabilities, the Cisco ISA500 Series stops threats before they enter the network and impact business operations. The Cisco ISA500 Series:

Provides an all-in-one solution for internet access and security Safeguards your business from Internet threats The Cisco ISA500 Series provides critical perimeter security services for comprehensive protection.

Valid business traffic flows; unwelcome visitors locked out The Cisco ISA500 Series features a zone-based firewall that lets you apply flexible, policy-based control over who can access your network. It also supports a publicly accessible network area, known as a demilitarized zone (DMZ), to safely host file, web, and other Internet-accessible servers without exposing the businesss internal LAN network to threats.

Web blocking and filtering Reputation-based web and URL filtering can be used to control employee Internet usage by blocking access to dangerous or inappropriate sites. This sophisticated control helps minimize web-based security threats, while improving employee productivity and limiting the risk of legal action by employees exposed to offensive content.

Antivirus Advanced gateway antivirus technology uses up-to-date data feeds to shield your internal network resources from the most wide spread and active virus attacks, at the most effective point in your infrastructure, the Internet gateway. Filtering your email and web traffic at the perimeter eliminates the need for costly, time-consuming infection cleanups and helps ensure business continuity.

20122013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 2 of 9

Antispyware Blocking the most wide spread and active spyware at the gateway prevents it from entering your network through Internet traffic (HTTP and FTP) and email, avoiding costly spyware removal procedures and improving employee productivity.

Spam limiting Robust reputation-based spam filtering helps restore the effectiveness of email so that communication with customers, vendors, and partners continues uninterrupted.

Antiphishing Identity theft protection guards against phishing attacks, thereby preventing employees from inadvertently disclosing company or personal details that could lead to financial loss.

Proactive prevention of intrusions and blockage of dangerous peer-to-peer communications The Cisco ISA500 Intrusion Prevention System (IPS) capabilities can identify possible intrusions into the business network and take action to stop the intrusion and prevent further risk. The Cisco ISA500 Series can also block peer-to-peer and instant messaging traffic, and perform protocol inspection to help increase network security, enhance employee productivity, and keep the network available for business traffic.

Inclusion of Cisco SIO for Unrivalled Threat Protection The Cisco ISA500 uses the 75 TB of threat telemetry per day from Cisco SIO to provide unparalleled global threat intelligence that is combined with local threat defense. This helps to protect against sophisticated attacks and to provide a comprehensive approach to threat protection.

Protection against internal threats and management of access control To help protect your business from internal threats, the Cisco ISA500 provides zone-based firewall and security services, including IPS and antivirus capabilities. It helps protect wireless environments through secure wireless LAN (WLAN) support with robust authentication options and guest access management.

WAN Redundancy The Cisco ISA500 provides WAN redundancy that supports failover, load balancing, and policy based routing (PBR) to keep businesses running when failures occur due to either a failed Internet connection or a failure within an ISP itself

Secure VPN access The Cisco ISA500 Series makes it easy for remote and mobile employees to establish secure VPN connections with IPsec or SSL encryption. A site-to-site IPsec VPN is ideal to secure communications between offices and provides complete network access. Mobile workers can use Cisco AnyConnect or Cisco VPN Client to establish SSL based VPN or IPsec based VPN connections to main offices while they are at customer sites, cafs, or the airport.

Highly secure wireless connectivity To provide untethered access to employees as they roam around the office, select models of the Cisco ISA500 Series support highly secure mobility with 802.11b, g, and n wireless connectivity with WPA encryption and 802.11x authentication. Rogue access point detection helps you reduce the risk of unauthorized wireless users and maintain control of your network infrastructure.

Easy cloud-based or onbox management with Cisco OnPlus and the ISA500 embedded management utility The Cisco ISA500 Series can be managed using the embedded Security Appliance Configuration Utility, a powerful yet easy-to-use browser-based management and monitoring interface. In addition to supporting management and monitoring, the Configuration Utility provides security and network usage reports so administrators can quickly and easily review security activities and network operation status. Your partner can also manage the Cisco ISA500 for you through the Cisco OnPlus Service. This cloud-based platform provides discovery and monitoring of the entire small business network. It also lets you offload network management tasks to your trusted partner, so youre free to focus on your core business instead of network management. Cisco OnPlus also provides reporting services via its Advanced Security Services capabilities. With Advanced Security Services, partners can generate security, network

20122013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 3 of 9

usage, and system status reports such as intrusion attack events and WAN bandwidth utilization at a scheduled interval and time. These reports can be stored in a PDF file format and shared via email. All combined, the Cisco ISA500 provides a variety of management capabilities and options that support proactive network service and support that can help increase your network availability and give you peace of mind.

Business Benefits
The Cisco ISA500 Series provides security and connectivity that helps you:

Support your business with security, increase uptime Apply comprehensive security to protect your most important business processes, such as company storefronts, websites, services, and customer communication. Broad security helps keep your critical network resources accessible, resilient against attacks, and with increased uptime.

Increase employee productivity Improve employee productivity by limiting spam and spyware and controlling inappropriate web browsing. Advanced application control lets you minimize the use of distracting non-business applications.

Improve business resiliency Prevent disruption of business-critical applications and services due to security breaches by implementing a comprehensive, all-in-one security solution.

Decrease liability risks Reduce your companys exposure to liability related to compromised data or inadequate corporate controls by applying comprehensive access control and unrivaled threat protection provided by services that take full advantage of Cisco SIO. Advanced risk mitigation and monitoring help you comply more effectively with government and industry regulations, protect customer data, and safeguard human resources and other sensitive business data.

Reduce IT costs Free up IT support resources and avoid the costly process of cleaning up infections due to spyware, viruses, sophisticated attacks and other malware by preventing them from occurring.

Stay productive with safe remote access Enable employees and partners to more securely access the network from home, on the road, or at branch offices with flexible, easy-to-use built-in VPN support. With highly secure remote access and robust content protection, your employees can reach the tools and people they need anytime, anywhere, to work more effectively and respond to customers and colleagues faster. Mobile employees can use the Cisco AnyConnect client to enjoy always-on intelligent VPN access with consistent, context-aware security, using a laptop or smartphone.

Improve operational efficiency Simplify installation and reduce ongoing monitoring and management costs with an intuitive browser-based interface and sophisticated configuration wizards.

Enjoy peace of mind Get maximum value from your Cisco solution through an affordable, subscriptionbased service offering. The Cisco Small Business Support Service extends device level support for three years, protecting your investment with software upgrades and updates, access to the Cisco Small Business Support Center and support community, and next-business-day hardware replacement.

These benefits make the Cisco ISA500 Series the right choice to address your security needs and enable your network and employees to deliver maximum value to your business.

20122013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 4 of 9

Product Specifications
Table 1.
Features Firewall Stateful Packet Inspection 1 Throughput Zone-Based Firewall Maximum Connections Maximum Rules Sessions Per Second (cps) Schedules Denial-of-Service Attack Protection IPS Throughput AV Throughput
1 1 1

Cisco Small Business ISA500 Series Security Appliance Models and Specifications
ISA550 ISA550W ISA570 ISA570W

200 Mbps Yes 15,000 100 2500 Yes Yes 60 Mbps 50 Mbps 45 Mbps

200 Mbps Yes 15,000 100 2500 Yes Yes 60 Mbps 50 Mbps 45 Mbps

500 Mbps Yes 40,000 100 3000 Yes Yes 90 Mbps 80 Mbps 75 Mbps

500 Mbps Yes 40,000 100 3000 Yes Yes 90 Mbps 80 Mbps 75 Mbps

UTM Throughput VPN

IPsec VPN Throughput (Data 75 Mbps Encryption Standard [DES] / Triple DES [3DES] / Advanced 1 Encryption Standard [AES]) IPsec VPN Site-to-Site Tunnels IPsec VPN Remote Access Tunnels SSL VPN Tunnels Encryption Authentication IPsec Dead Peer Detection IPsec Network Address Translation (NAT) Traversal IPsec NetBIOS Broadcast over VPN VPN Pass-Through 25 10 10 DES/3DES/AES (128,192,256 bit) MD5, SHA-1, SHA2 (256,384,512 bit) Yes Yes Yes IPsec/Point-to-Point Tunneling Protocol (PPTP)/Layer 2 Tunneling Protocol (L2TP) Yes Yes Yes Yes Yes Yes Yes Yes Yes

75 Mbps

130 Mbps

130 Mbps

25 10 10 DES/3DES/AES (128,192,256 bit) MD5, SHA-1, SHA2 (256,384,512 bit) Yes Yes Yes IPsec/PPTP/L2TP

100 75 50 DES/3DES/AES (128,192,256 bit) MD5, SHA-1, SHA2 (256,384,512 bit) Yes Yes Yes IPsec/PPTP/L2TP

100 75 50 DES/3DES/AES (128,192,256 bit) MD5, SHA-1, SHA2 (256,384,512 bit) Yes Yes Yes IPsec/PPTP/L2TP

Cisco VPN client Support Cisco VPN Client Mode Support Cisco VPN Network Extension Mode Support Cisco VPN Split Tunneling Support Cisco AnyConnect SSL VPN Client Support SSL VPN Split Tunneling Support SSL VPN Certificates Teleworker VPN Client (Cisco Hardware VPN Client) L2TP Server

Yes Yes Yes Yes Yes Yes Yes Yes Yes

Yes Yes Yes Yes Yes Yes Yes Yes Yes

Yes Yes Yes Yes Yes Yes Yes Yes Yes

20122013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 5 of 9

Features Security Services Intrusion Prevention System (IPS) Application Control Web URL filtering Web Threat Protection Anti-Phishing Anti-Virus Anti-Spyware Spam Filter Network Reputation Filter Networking IP Address Assignment

ISA550

ISA550W

ISA570

ISA570W

Yes Yes Yes Yes Yes Yes Yes Yes Yes

Yes Yes Yes Yes Yes Yes Yes Yes Yes

Yes Yes Yes Yes Yes Yes Yes Yes Yes

Yes Yes Yes Yes Yes Yes Yes Yes Yes

Static, Dynamic Host Configuration Protocol (DHCP), Point-to-Point Protocol over Ethernet (PPPoE), L2TP, and PPTP Server and relay 16 Yes Yes Yes Yes Static, Routing Information Protocol (RIP) v1, v2 Yes Yes Symmetric Yes

Static, DHCP, PPPoE, L2Tp, PPTP

Static, DHCP, PPPoE, L2Tp, PPTP

Static, DHCP, PPPoE, L2Tp, PPTP

DHCP VLANs Trunking (802.1Q) Network Address Translation (NAT) Port Forwarding Port Triggering Routing

Server and relay 16 Yes Yes Yes Yes Static, RIP v1, v2

Server and relay 16 Yes Yes Yes Yes Static, RIP v1, v2

Server and relay 16 Yes Yes Yes Yes Static, RIP v1, v2

DMZ Dual WAN Load Balancing Policy-Based Routing (Protocol Binding)

Yes Yes Symmetric Yes Yes Yes Yes SIP, H.323, compatible with most VoIP gateway and communication devices Yes Yes Yes Yes Yes Yes Yes Yes Yes

Yes Yes Symmetric Yes Yes Yes Yes SIP, H.323, compatible with most VoIP gateway and communication devices Yes Yes Yes Yes Yes Yes Yes Yes Yes

Yes Yes Symmetric Yes Yes Yes Yes SIP, H.323, compatible with most VoIP gateway and communication devices Yes Yes Yes Yes Yes Yes Yes Yes Yes

Integrated and Automated Failover Yes and Failback Weighted Load Balancing Dynamic DNS (DDNS) Voice over IP Support Yes Yes SIP, H.323, compatible with most VoIP gateway and communication devices Yes Yes Yes Yes Yes Yes Yes Yes Yes

SIP ALG Support H.323 ALGP Support QoS Strict Priority Queuing Weighted Round Robbin Queuing Low Latency Queuing DSCP Marking Rate-Limiting Virtual Router Redundancy Protocol (VRRP)

20122013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 6 of 9

Features Internet Group Management Protocol (IGMP) Proxy IGMP Snooping Wireless 802.11b/g/n, 2.4 GHz, 2 x 2 Multiple Input Multiple Output (MIMO) Multiple SSIDs Wi-Fi Multimedia (WMM) Quality of Service (QoS) Unscheduled Automatic Power Save Delivery (U-APSD) (WMM Power Save [WMM-PS]) MAC Filtering

ISA550 Yes Yes

ISA550W Yes Yes

ISA570 Yes Yes

ISA570W Yes Yes

No

Yes

No

Yes

No No No

4 Yes Yes

No No No

4 Yes Yes

No

Yes Yes

No No

Yes Yes

Wired Equivalent Privacy (WEP), No Wi-Fi Protected Access (WPA), WiFi Protected Access Pre-Shared Key (WPA2-PSK), WPA2-ENT Basic Service Set Identifier (BSSID) or Virtual Access Points Dynamically and Manually Adjustable Transmit Power Wi-Fi Protected Setup (WPS) Guest Access Captive Portal Rogue Access Point Detection Administration Automatic Firmware Check to See if a New Version is Available Local User Database Authentication Yes 100 Local, RADIUS, Active Directory, Lightweight Directory Access Protocol (LDAP) No No No No No No

Yes Yes Yes Yes Yes Yes

No No No No No No

Yes Yes Yes Yes Yes Yes

Yes 100 Local, RADIUS, Active Directory, LDAP

Yes 100 Local, RADIUS, Active Directory, LDAP

Yes 100 Local, RADIUS, Active Directory, LDAP

Diagnostics Discovery Protocols

Ping, DNS lookup, Packet Ping, DNS lookup, Packet Ping, DNS lookup, Packet Ping, DNS lookup, Packet Capture Capture Capture Capture Cisco Discovery Protocol (CDP), Bonjour, universal plug and play (uPnP) Local log, syslog Network usage status, security service status, network operation status Cisco Discovery Protocol (CDP), Bonjour, uPnP Local log, syslog Network usage status, security service status, network operation status Cisco Discovery Protocol (CDP), Bonjour, uPnP Local log, syslog Network usage status, security service status, network operation status Cisco Discovery Protocol (CDP), Bonjour, uPnP Local log, syslog Network usage status, security service status, network operation status

Logging and Monitoring Status Reporting

Hardware Specifications Total Interface LAN Ports (10/100/1000) WAN Ports (10/100/1000) DMZ Port (10/100/1000) USB 2.0 Ports Form Factor 7 GE up to 6 up to 2 up to 4 1 1 RU, 19-in. rack mountable, wall mountable 7 GE up to 6 up to 2 up to 4 1 1 RU, 19-in. rack mountable, wall mountable 10 GE up to 9 up to 2 up to 4 1 1 RU, 19-in. rack mountable, wall mountable 10 GE up to 9 up to 2 up to 4 1 1 RU, 19-in. rack mountable, wall mountable

20122013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 7 of 9

Features Dimensions (W x D x H)

ISA550 308mm x 180mm x 49mm or 12.1 in. x 7.1 in. x 1.9 in. (with rubber pads) 1.2 Kg Yes None 32 to 104F (0 to 40C) 4 to 158 F (20 to 70 C) 100240 VAC 5060 Hz 11.4 V ~ 12.6 V MAX 1.667 A

ISA550W 308mm x 180mm x 49mm or 12.1 in. x 7.1 in. x 1.9 in. (with rubber pads) 1.3 Kg Yes 2 32 to 104F (0 to 40C) 4 to 158 F (20 to 70 C) 100240 VAC 5060 Hz 11.4 V ~ 12.6 V MAX 1.667 A

ISA570 308mm x 180mm x 49mm or 12.1 in. x 7.1 in. x 1.9 in. (with rubber pads) 1.3 Kg Yes None 32 to 104F (0 to 40C) 4 to 158 F (20 to 70 C) 100240 VAC 5060 Hz 11.4 V ~ 12.6 V MAX 2.5 A

ISA570W 308mm x 180mm x 49mm or 12.1 in. x 7.1 in. x 1.9 in. (with rubber pads) 1.4 Kg Yes 2 32 to 104F (0 to 40C) 4 to 158 F (20 to 70 C) 100240 VAC 5060 Hz 11.4 V ~ 12.6 V MAX 2.5 A

Weight Power On/Off Switch Antennas Environmental Operating Temperature Storage Temperature Voltage Range Input Frequency Output Voltage Output Current
1

Performance test methodology: Maximum performance based on RFC 2544. All results are aggregate bidirectional. Actual performance may vary depending upon network environment and configurations.

Ordering
Table 2.
Product Cisco Integrated Security Appliance 550 with one year comprehensive security subscription Cisco Integrated Security Appliance 550 with wireless and one year comprehensive security subscription Cisco Integrated Security Appliance 570 with one year comprehensive security subscription Cisco Integrated Security Appliance 570 with wireless and one year comprehensive security subscription Cisco Integrated Security Appliance 550 with three years comprehensive security subscription Cisco Integrated Security Appliance 550 with wireless and three years comprehensive security subscription Cisco Integrated Security Appliance 570 with three years comprehensive security subscription Cisco Integrated Security Appliance 570 with wireless and three years comprehensive security subscription

Cisco Small Business ISA500 Integrated Security Appliance Product and License Part Numbers
SKU ISA550-BUN1-K9 ISA550W-BUN1-K9 ISA570-BUN1-K9 ISA570W-BUN1-K9 ISA550-BUN3-K9 ISA550W-BUN3-K9 ISA570-BUN3-K9 ISA570W-BUN3-K9

License Cisco Comprehensive Security Subscription for ISA550 Series 1 Year Cisco Comprehensive Security Subscription for ISA570 Series 1 Year Cisco Comprehensive Security Subscription for ISA550 Series 3 Year Cisco Comprehensive Security Subscription for ISA570 Series 3 Year

SKU L-ISA550-CS-1YR= L-ISA570-CS-1YR= L-ISA550-CS-3YR= L-ISA570-CS-3YR=

Service and Support

The Cisco Small Business ISA500 Integrated Security Appliance Series is backed by the Cisco Small Business Support Service, which provides affordable coverage that offers peace of mind. This affordable, subscriptionbased service includes software upgrades and updates, extended access to the Cisco Small Business Support Center, and next-business-day hardware replacement as necessary. It provides community-based support to enable you to share knowledge and collaborate with peers using online forums and wikis. The Cisco Small Business Support Service helps you reduce risks, deliver better service to colleagues and customers, and enjoy peace of mind.

20122013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 8 of 9

For More Information

For more information about the Cisco Small Business ISA500 Series Integrated Security Appliances, visit www.cisco.com/go/isa500resources or contact your local Cisco provider. For more information about Cisco OnPlus, visit www.cisco.com/en/US/products/ps11792/index.html or contact your local Cisco provider. For more information about the Cisco Small Business Support Service, visit www.cisco.com/cisco/web/solutions/small_business/services/index.html.

Printed in USA

C78-717565-00

2/13

20122013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 9 of 9