Customer Reviews

Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance (2nd Edition)

5 star:		(8)
4 star:		(2)
3 star:		(2)
2 star:		(1)
1 star:		(0)

 

 

This book is written by Omar Santos and Jazib Frahim and both of them are leading Security engineers from Cisco Systems. Hence you are in extremely capable hands and the book is worth every penny. Having said that, the book is huge (over 1000 pages) and it may not be feasible to read it cover to cover but it is filled with excellent information. It is comprised of 20 chapters emphasizing five key technology areas including Cisco ASA product overview and firewall portfolio, Firewall technology, IPS, Content Security (URL Filtering, Anti-X etc) and VPNs.

The book is filled with configuration examples for both CLI and ASDM GUI. It covers ASA 8.2 code and hence the content is extremely current, fresh and relevant. The book explains firewall theory, implementation, tuning and troubleshooting in great detail, making it an excellent resource for Cisco ASA administrators and CCIE Security candidates as the lab test ASA firewall in great detail.

I bought this book to learn more about firewall virtualization and transparent firewalls. The book spends over 100 pages on these two technologies and cover them with great detail. Virtualization is configured step by step using both CLI and ASDM and then important troubleshooting commands are also covered. Transparent firewalls are clearly explained with detailed configuration examples. Also the chapter contains a table showing readers how routed mode firewalls differ from transparent firewalls and what features are not supported when ASA is running in transparent mode.

Only minor complaint I have is the book should dedicate one more chapter for a detailed case study and showcase all technologies like Site to Site VPNs, Remote Access VPNs, SSL VPNs, IPS, AntiX, Tranparent Firewalls and Virtual Firewalls at the same time by showing a enterprise network with one head office and two branch offices. This will help readers to see all technologies in action at the same time and further clarify things.

Overall I am extremely satisfied with this product and strongly endorse it for CCIE Security candidates and Cisco ASA administrators as their one stop resource for Cisco ASA firewalls.

The book is a well written introduction for the Cisco ASA 5500 series. Wish the Index was more thorough, and some sections you have to skip around to complete. This later complain though may in part be because this book covers the ASA IOS versions 8.2 and before, and some major changes came with version 8.3. (At the time of this review, the current version is 8.4.) This does not matter much for some of the basic setup operations, such as interface & logging setup, but NAT/PAT and ACE/ACL setup has changed dramatically. Since those are two fundamental areas of firewall setup, what would otherwise be 4 or 5 star book, drops to a 2 or 3 star review, especially considering that most organizations are not going to want to run old versions of IOS on their security devices.

There is some documentation on the updated version available online, but especially when it comes to examples, I think they are not real written. Would be happy to purchase an updated copy of this book to add to my bookshelf that would cover version 8.4.

The sheer weight of this book intimidates you right out of the box! However, once you open it up and start reading, you realize that you have an excellent reference for the Cisco ASA product. From the beginning where the book introduces you to the overall solution to where it spends a chapter on each of the components mentioned in the title (even better- some have much more in-depth coverage) to the end where an entire section is dedicated to configuring the Virtual Private Networks, this book provides the necessary information to securely set up and use this important appliance.

I liked many aspects of this book, but when I initially cracked it open and saw the product overview alone, I knew that this was the type of book that I needed if I wanted to maintain this type of solution. Why? Well, this particular section walked you through the different models of the ASA product line, complete with pictures of each and diagrams of where and what all the different features are. This is the type of information that you don't need every day, but when you need it you typically end up scrounging for it on the web, taking considerable time and effort away from your troubleshooting efforts.

The rest of the book is equally detailed, providing the step by step information that you need to set up the important features of this product. Throughout the sections that explain the features, you find notes about default settings and other limitations that the feature may encounter. Architecture diagrams and screen shots also help the reader to understand what they are actually doing rather than just barking out orders and having the setup be dictated.

Lastly, to clear up one mystery that puzzled me from the start: Anti-X isn't a new fangled threat that we need to worry about. It appears that description covers the anti-spam, anti-virus and anti-spyware configurations of the features that the box provides.

If you have an ASA appliance, then this book will be invaluable in your support of this device.

This is not a book about the Cisco ASA firewall, it's a tome of knowledge that covers every aspect of the ASA platform and the assorted services modules that are available for it. In addition to core topics such as NAT and firewalling there is excellent coverage of topics such as system maintenance and troubleshooting, quality of service and virtualization. Basically, if it can be done on the ASA then it's in this book. The VPN section of the book alone is more than 300 pages! I did find the IPS chapters to be a bit light on content but then again Cisco IPS is a completely different subject and this book covers everything you need to know to get IPS up and running in an ASA firewall. Overall, an impressive book, very comprehensive. I have been working with the PIX/ASA platform for over 10 years and still find this a great book to refer to.

My company is a big Cisco shop and we extensively use 10+ Cisco ASAs for firewall and VPN purposes. I had bought the 1st edition of this book a few years back and it helped me a lot in doing my daily job of managing the devices.
We are now in the process of deploying AnyConnect clients and wanted to get some guidance around it. I bought this book last week and I already feel very comfortable about deploying AnyConnect in our environment.
Each chapter starts off with an in-depth architectural overview of the features to be discussed. It then provides full step-by-step configuration examples using both ASDM and CLI. There are a number of deployment scenarios in each chapter. It even covers many troubleshooting and monitoring examples that helped me a lot when I started deploying it in my lab network
A must have if you have a Cisco ASA or if you are planning to deploy a new ASA in your environment !!!!

Even though I have a CCNA from a few years back, my Cisco skills are somewhat rusty. So I just started a new job where they had boxes of switches and a ASA 5510 all partially configured but not yet deployed. The switches were no problem but this ASA 5510 is a beast for someone use to ISA server and Sonicwall. So I purchased this book to help me get past the entry stage of setup and better understand all of the features and use the ASDM GUI software. Having just updated the ASA 5510 software to the most current at the time 8.4.xx, I searched the available books and this one caught my eye partially from the positive reviews and partially because it was current through the version 8.3 release of OS. After reading through the book, and making meticulous notes for a design plan of attack, I found out after about a week and ½ of struggling that the version release from Cisco of 8.4 had major changes to the OS, the NAT configurations, and even the ASDM. The Cisco help desk tech that finally explained this to me said he and his colleagues had to spend 5 weeks in training to be able to support all the changes in this new release. So many of the CLI configurations and several of the ASDM screen shots to not line up with the actual current version. If you are running version 8.3 or earlier, then this book will be helpful to you. I would also like more reference to best practices as well as the default settings. There are so many options in regards to the setup of the ASA firewall that it would be nice to know which way would meet the preferred methods. Also there are not as many real life examples as I was hoping for. This book is good but unfortunately did not help me as much as I thought it would.

It is a good book, nice examples, but Mr. 3 star is right -- if you have lots of different configuration questions or concerns, the book may not go as deep as you wish. On the other hand, a vast majority of the usual concerns and examples ARE covered and so that gets you 70% done, if not moreso.

Decent writing, good organization, and some good tips and examples make this a good book. Would have loved more in depth on ACL's, protocols and such with examples, say in an Appendix to be a true 5 star, and all around great reference. This purchase was for an additional 2 5520's at my enterprise, having vetted the first 5520 a few years ago, as a good workhorse.

This is by far one of the most complete collections of information and guidance for the ASA product line. From the beginning of the book covering not-quite-basic networking and security to the screen by screen configuration of client VPNs in the last chapter. This thing is huge at over 1100 pages but wow is it thorough. I can't imagine needing any other ASA book.

The document is broken up into 20 chapters and weighs in at 1100 pages. Fortunately the book is laid out nicely to give you half a chance of finding what you're looking for in this massive dead tree production. There are Product Overview, Firewall Technology, IPS, Content Security, and VPN sections.

Each section is then subdivided into working groups of data. I won't go into all the subdivisions here but for example...
The Firewall Technology section has chapters on Controlling Network Access, IP Routing, AAA, Application Inspection, Virtualization, Transparent Firewalls, Failover and Redundancy (there's 56 pages on this topic alone), and QoS. Each topic discusses the topic and then provides excellent step by step walkthroughs of how to implement the concept in the real world. Even the final paragraph summaries of each chapter are great to pull together everything you just read (or skimmed...) in that chapter.

I work with hundreds of clients in a year and most of them have some sort of cisco security gear in place. This has been and will continue to be a very valuable resource for my sanity checking of their designs. It would clearly also be of great use to any networker that has a few inches of space on their shelf.

This books give you good cookie cutter instructions on how to implement some of the features of the ASA. However if you do not want or can't have all your cookies look like Christmas trees then this may not be the right book for you. It almost seems as if this book is a collection of all the articles on Cisco's configuration guides.

I purchased this book to prepare for my CISCO 642-617 exam on my way towards my CCNP-Security. I used this along with CBT Nuggets to prepare (with hands-on as well) and this book certainly complimented my studies. I am now using it to supplement for the IPS exam and then VPN to complete the four. This is a MUST READ for all those who make security their profession!