Cisco ASA firewall Virtualization is a concept where ASA is divided into multiple virtual standalone firewalls and each virtual standalone firewall acts and behaves as an independent firewall with its own configuration, interfaces, Security Policies, routing table and etc. Virtual ASA is also known as “Security Context”. Cisco ASA firewall virtualization is one of the most used technology to provide security services in networking world.
eg. Two virtual firewall (Security Context)- Apple and Orange are created in Physical firewall.
Overview of security context and includes the following topics.
- Scenarios in which security context are useful in network deployment.
- Single mode VS Multiple mode.
- Types of Security context in multiple mode.
- How packets are forwarded in Security Context.
- Configuring Security context in ASA firewall.
- Troubleshooting Security Context.
Scenarios in which security context are useful in network deployment
You might want to use multiple security contexts in the following situations:
- You are a service provider and you want to provide firewall services to customer. Implementing firewall for each client will be expensive so you choose firewall virtualization and creates separate security context for each customers which is a cost-effective, space-saving solution that keeps all customer traffic separate and secure, and also eases configuration.
- To keep multiple departments separate from each other. Let’s say you manage a large enterprise and you want to keep HR department completely separate from Technical Network for improve security by creating security context for each department in single firewall.
- Your organisation has taken over small entity and you have overlapping network with your current organisation and you want to provide firewall services without changing the IP address scheme.
- You have any network that requires more than one ASA.
Single mode is set by default in Cisco ASA firewall. To create security context in ASA, we need to enable muliptle-context mode globally. Changing mode in cisco ASA from single to mulitple also brings some Benefits and limitation of using Cisco ASA multiple context mode.
You can check the mode for Firewall by using below Command
ciscoasa# show mode Security context mode: single |
To change from Single mode to multiple mode
ciscoasa# ciscoasa# config t ciscoasa(config)# mode multiple WARNING: This command will change the behavior of the device WARNING: This command will initiate a Reboot Proceed with change mode? [confirm] Convert the system configuration? [confirm] |
Once you enter mode multiple, ASA will ask for the confirmation and initiate for reboot.