Cisco Network Consulting Firm

Cisco’s ASA 5500 and PIX line of multi-function firewalls offer integrated firewall, Virtual Private Network, and IPS capability in economical single-cabinet packages with a broad spectrum of optional capabilities that meet the requirements of businesses ranging from small and mid-size businesses to ISPs. Cisco’s ASA 5500 and PIX line of products enable IT organizations to defend their network perimeter and achieve safe remote connectivity while utilizing familiar administration utilities based on a shared software architecture.

Because the ASA 5500 family of security appliances are based on the same software design as the discontinued PIX security appliances, network administrators responsible for migrating from PIX to ASA 5500 firewalls can get up to speed rapidly as they install, manage, and support the new versions of Cisco security appliances. Progent's Cisco-qualified CCIE network experts can assist you to manage your existing PIX firewalls, migrate to Cisco ASA 5500 platforms, and support any combination of ASA 5500 and PIX products through ultra-efficient online consulting and troubleshooting support services.

Cisco ASA 5500 Series Adaptive Security Appliances
Cisco ASA Firewalls build on engineering behind the Cisco PIX 500 firewall, the Cisco IPS 4200 Series sensor, and the VPN 3000 model concentrator. These solutions enable the Cisco Adaptive Security Appliances (ASA) Firewall family to deliver a firewall that stops the widest range of threats. Cisco Adaptive Security Appliances Firewalls provide program security, network containment and control, and clean Virtual Private Network functionality throughout Cisco's product line. This breadth of security allows defense of any network area, including the most typical attack conduits such as remote sites, LAN-attached inside users, and off-site connected VPNs.

Cisco Adaptive Security Appliances 5500 Series firewalls deliver a high-level of application protection through smart, application-aware inspection processes that analyze network flows at Layers 4-7. The result is a safer environment including Web, voice, and mobile wireless services. To defend networks against application-layer attacks and to offer stronger policing of the applications and protocols used in their networks, these inspection engines integrate broad application and protocol knowledge and employ security enforcement technologies such as protocol anomaly detection and application and protocol state monitoring. Also included are attack sensing and mitigation technology such as application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide management of instant messaging and peer-to-peer file sharing, allowing organizations to enforce usage policies and preserve network bandwidth for crucial business processes.

ASA 5505 Security Appliances
Cisco's ASA 5505 firewall is intended for small organizations, branch offices, and teleworkers. ASA 5505 firewalls offer maximum firewall throughput of 150 Mbps and accommodate as many as 25 Secure Sockets Layer VPN sessions plus 10k connections in the standard version and as many as 25,000 connections in the Security Plus version. The ASA 5505 features 256 MB of RAM and can handle three VLANs with trunking disabled. Advanced security features like GTP/GPRS inspection are not offered in this low-cost security appliance. High availability is an option with the Security Plus version.

The Cisco ASA 5505 firewall contains a single expansion slot for a Security Services Card that supports IPS. Maximum IPS performance with this card installed is 75 Mbps.

ASA 5510, 5520, and 5540 Security Appliances
The ASA 5510 firewall is designed for small and mid-sized businesses (SMBs) and small enterprises. The 5510 supports top firewall throughput of 300 Mbps and can handle up to 250 Secure Sockets Layer VPN sessions. In the Base version, the ASA 5510 firewall supports 50,000 connections and 130k in the Security Plus version. The ASA 5510 includes 256 MB of memory and can support 50 VLANs with the base version and 100 VLANs with the Security Plus model. Load balancing, tunnel clustering, and high availability support are optional only with the Security Plus model.

Cisco's ASA 5520 firewall is intended for small enterprises. Cisco's 5520 offers top firewall throughput of 450 Mbps and can handle up to 750 Secure Sockets Layer VPN sessions and 280k connections. The ASA 5520 firewall includes 512 MB of memory and can support 150 VLANs. GTP/GPRS inspection, VPN clustering, network load balancing, and high availability support are standard.

Cisco's ASA 5540 firewall is intended for mid-sized enterprises, supports top firewall speed of 650 Mbps, and accommodates as many as 2,500 Secure Sockets Layer tunneling sessions along with 400,000 connections. The ASA 5540 includes 1 gigabyte of memory and supports 200 virtual interfaces. GTP/GPRS inspection, tunnel clustering, load balancing, and high availability support are included.

Cisco ASA 5510, 5520, and 5540 firewalls can each accept a single SSM module that can enable Content Security and Control Security, Advanced Inspection and Prevention, or 4 GB Ethernet security. Maximum Advanced Inspection and Prevention bandwidth, based on the AIP SSM module used, can reach 350, 450, and 650 Mbps with the respective models.

Cisco ASA 5550 Firewalls
Cisco's 5500 firewall is targeted at large enterprises and offers top firewall throughput of 1.2Gbps. The ASA 5550 security appliance supports up to 5,000 Secure Sockets Layer tunneling sessions and 650,000 connections. Cisco's 5500 firewall includes 4 gigabytes of memory and supports 250 VLANs. GTP/GPRS inspection, tunnel clustering, and network load balancing support is standard, and high availability features are available as an option.

Cisco's 5550 does not have card slots but includes four built-in SFP fiber optic Ethernet ports.

ASA 5580 Security Appliances
Cisco's ASA 5580-20 and 5580-40 firewalls are designed for enterprise data centers. The Cisco ASA 5580-20 features firewall throughput of 5 Gbps, handles one million connections, and has 8 GB of RAM. The 5580-40 has firewall throughput of 10 Gbps, supports 2 million connections, and has 12 gigabytes of RAM.

Both models can handle as many as 10k SSL tunnel sessions and up to 250 VLANs. Both models support GTP/GPRS inspection, VPN clustering, network load balancing, and high availability, and both include six card slots for Interface Expansion Cards (IECs) that accommodate various Ethernet connections.

PIX Security Appliance Series
Built around a tested, purpose-built operating system that delivers rich protection features, Cisco PIX security appliances provide a high level of protection and have received EAL 4 status and ICSA Firewall and IP Security (IPSec) certification. Cisco PIX firewalls offer protection for a wide array of VoIP and additional multimedia conventions including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol (MGCP), helping businesses to safeguard deployments of a broad array of contemporary and upcoming Voice over IP and mixed-media applications.

Administrators can also remotely configure, monitor, and troubleshoot PIX security appliances via a command-line interface. Secure command-line interface access is available using a number of techniques such as SSHv2 Protocol, Telnet over IP Security (IPSec), and out-of-band through a console port. Cisco PIX firewall appliances also include robust auto-update capabilities, a collection of advanced protected remote-administration options that make sure that security configurations and software images are kept current.

Progent's PIX to ASA Migration Consulting Support
Because Cisco has ceased offering the PIX 500 product line, many companies are concerned about depending on a key security mechanism that might stop being supported by Cisco. ASA 5500 security appliances have the advantage of being new devices and also bring a number of technical and economic advantages in comparison to PIX devices. These advantages include significantly better performance, optional Secure Sockets Layer tunneling capability, and an expandable design that protects your investment by allowing you to self-install new security features whenever you need them. Progent's CCIE-certified network engineers can assist your company to assess the business case for upgrading from PIX to Cisco ASA 5500 firewalls, create a migration process that permits a fast and seamless upgrade, help your IT staff to deploy new ASA 5500 Series firewalls, and provide remote training, consulting, and technical support services.

Other Ways Progent Can Help Your Business with Cisco Firewalls
Cisco ASA Series firewalls and PIX family firewalls incorporate a wealth of configuration, monitoring, and analysis features that give you the ability to deploy these firewalls to match your business needs. Progent's CCIE certified network professionals can show you how to and support an efficient network infrastructure that includes Cisco ASA and/or PIX firewall technology and that offers advanced protection, fault tolerance, throughput, and manageability. Progent's GISA and CISM-qualified IS security professionals can help you to create a security policy that makes sense for your environment and can set up your PIX or ASA firewall to enforce your security policies. Progent's security evaluation engineers can evaluate the effectiveness of your current firewall solution and help determine the overall security of your entire information system network. Progent’s Technical Response Center can provide urgent online troubleshooting for Cisco products and offer quick access to a Cisco expert.

To learn more information about Progent's engineering support for Cisco technology, select a topic:

Symantec Raptor Consulting

To ask Progent about professional support for Cisco products, call 1-800-993-9400 or email cisco-help@progent.com.

---

© 2002-2010 Progent Corporation. All rights reserved.

---