Cisco’s ASA 5500-X, ASA 5500, and PIX 500 firewalls provide combined firewall, IPsec VPN, and intrusion prevention system capabilities in single-box packages, delivering a wide array of features to meet the security and compliance needs of organizations ranging from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances enable IT security staffs to protect their network edge and provide secure offsite and mobile connectivity while utilizing advanced administration mechanisms based on Cisco's industry-leading firewall products.

Cisco’s ASA 5500 Series and PIX 500 firewall appliances have arrived at end-of-life (EOL) status but remain commonly used in smaller businesses as well as in some enterprise data centers. The ASA 5500-X Series Next-Generation Firewalls deliver substantially more bang for the buck and have superseded the ASA 5500 and PIX lines of firewalls for new installations. However, Cisco's legacy firewalls, if properly managed, can deliver a high degree of security by providing a variety of security functions including stateful firewall, IPsec VPN, and IPS.

Since Cisco's acquisition of Sourcefire, the entire family of ASA 5500-X devices can be configured to support Firepower Services, built on Sourcefire's Snort technology, which is the world's most deployed network intrusion protection system (IPS). Firepower services bring powerful new features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.

Progent's Cisco CCIE-qualified infrastructure engineers can assist you to maintain and troubleshoot legacy ASA 5500 and PIX firewalls and can also assist you to plan and carry out an efficient migration to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also assist you to design, configure, tune, manage and troubleshoot new firewall solutions built on Cisco's current ASA 5500-X models with Firepower.

Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive family of ASA 5500-X firewalls includes an improved substitute for each rack-mountable unit in the older ASA 5500 generation of devices. Each ASA 5500-X firewall targets the identical environment as the associated previous models, which gives most ample room for selecting a firewall that meets their security needs and budgets. All ASA 5500-X products are based on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and support Cisco's advanced security services. All devices in Cisco's ASA 5500-X family provide consistent security across any mix of physical, virtual, and cloud environments.

Cisco ASA 5500-X Firepower Consultants

For more information about ASA 5500-X firewalls, Firepower services, and Progent's support for Cisco ASA 5500-X security appliances, go to Firepower configuration and troubleshooting expertise

Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances accept software or physical modules that enable Cisco's Firepower Services, which offer layered protection against advanced threats. Cisco's Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA firewalls include:

  • Layered defense against both familiar and zero-day attacks
  • Advanced Malware Protection that uses big data techniques to find and remediate security breaches
  • Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at clients, network infrastructure, apps, and content to detect threats that incorporate multiple approaches
  • High-resolution Application Visibility and Control that is aware of thousands of applications and can automatically launch both standard and custom IPS policies depending on the degree of threats
Cisco Firepower Integration Expertise

Firepower Services for ASA firewalls provide multi-layered security

Smaller implementations of ASA 5500-X firewalls can be effectively managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool provided with all ASA 5500-X models. ASDM provides a convenient web dashboard for configuring, managing, and debugging ASA 5500-X firewalls and modules.

For multi-device and multi-site environments, ASA 5500-X firewalls with Firepower Services can be administered with Cisco's Firepower Management Center, available as one or several physical or virtual devices. Firepower Management Center provides centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under various names that include Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.

Cisco's Firepower Management Center provides features beyond those available with Cisco's on-device Adaptive Security Device Manager utility. Extra features include greater context awareness, Advanced Malware Protection with remediation for user devices, a dashboard that provides dynamic network infrastructure visualization, automated policy optimization driven by impact evaluation of threats, comprehensive IPS, custom application discovery for Application Visibility and Control, customized health alerts, enhanced reporting options, and APIs for host input and databases. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be handled using either Cisco's ASA 5500-X on-device ASDM or the ASA 5500-X CLI.

Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage engineering behind Cisco's PIX 500 Security Appliance, the IPS 4200 Series sensor, and Cisco's VPN 3000 family concentrator. These solutions enable the Cisco Adaptive Security Appliances (ASA) Firewall product line to offer a platform that stops the broadest variety of attacks. Cisco Adaptive Security Appliances Firewalls provide application security, network containment and control, and safe VPN connectivity across Cisco's product line. This broad scope of protection allows the guarding of any network section, including the most typical threat vectors like remote locations, LAN-connected internal users, and remote access VPNs.

Cisco ASA 5500 Consulting Services and Troubleshooting
The expandable design of the Cisco ASA 5500 Series enables you to add more features by installing service modules and security service cards. These user-installable options provide the ability to add IPS and content protection services such as filtering virus, spyware, and phishing attacks and performing file and URL filtering. In addition to enabling your IT staff to respond rapidly to the latest risk environments, the extensible architecture of the ASA 5500 family also protects your hardware investment by prolonging the useful life of your security appliances. The ASA 5500 Series also leverages your investment in administrative team education by utilizing the rich library of PIX 500 management utilities and protocols including the Cisco ASDM platform, protected command-line interface availability, verbose syslog, and SNMP.

Cisco Adaptive Security Appliances firewalls provide a high-level of application protection through intelligent, application-aware inspection engines that analyze network flows at Layers 4-7. This produces a safer network including Web, voice, and 3G-mobile wireless connectivity. To protect against application-layer attacks and to provide better control over the programs and protocols utilized in their networks, these inspection engines incorporate broad application and protocol knowledgebases and rely on security enforcement technologies that include protocol anomaly detection and application and protocol state monitoring. Also incorporated are attack sensing and remediation technology including application and protocol command filtering and content verification. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide management of instant messaging and tunneling applications, enabling organizations to enforce usage policies and free up network bandwidth for critical business applications.

For more information about Progent's consulting services for ASA 5500 security appliances, go to Cisco ASA 5500 series firewalls integration and debugging services.

PIX Firewalls
Built around a hardened, specialized software platform that delivers a wealth of protection features, Cisco PIX firewall appliances offer excellent protection and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security qualification. Cisco PIX security appliances provide protection for a broad array of Voice over IP and other mixed-media conventions such as H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), enabling businesses to protect deployments of a broad range of current and next-generation VoIP and video applications.

PIX Security Support
PIX security appliances offer a wealth of setup, monitoring, and analysis features, giving IT managers the versatility to utilize the methods that best match their needs. Administrative solutions include common, policy-based administration tools, integrated web-based management, and compatibility with remote-tracking standards like Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM system offers a world-class Web-based control platform that greatly simplifies the installation, in-place modification, and tracking of a specific PIX firewall appliance without the need of any additional utility beyond an ordinary Web browser and Java applet to be running on a manager's PC.

Administrators can also remotely set up, monitor, and analyze Cisco PIX firewall appliances using a command-line interface. Secure command-line interface (CLI) communication is possible using a number of techniques including Secure Shell Protocol, Telnet over IP Security, and out-of-band through a console port. Cisco PIX firewall appliances also include robust auto-update capabilities, a collection of advanced protected remote-management options that ensure firewall configurations and software images are kept up to date.

For additional details about Progent's consulting services for PIX 500 security appliances, visit Cisco PIX 500 firewalls integration and debugging services.

Progent's PIX to ASA Migration Consulting
Because Cisco has discontinued offering the PIX 500 family of firewalls, many businesses are uncomfortable with depending on a key security mechanism that may no longer be supported. ASA 5500 firewalls offer the advantage of being new products and also bring a number of technical and economic advantages in comparison to PIX firewalls. These advantages include substantially better throughput, optional Secure Sockets Layer VPN capability, and a modular architecture that guards your investment by allowing you to self-install more security services whenever you require them. Progent's Cisco certified network engineers can assist you to determine the business case for moving from PIX 500 to ASA 5500 firewalls, create a migration process that permits a fast and seamless changeover, help you to deploy new ASA 5500 Series firewalls, and provide remote training, consulting, and technical support services.

Other Ways Progent Can Assist You with Cisco ASA and PIX Firewalls
Cisco Cisco ASA 5500 Series firewalls and PIX family security appliances provide a wealth of configuration, tracking, and troubleshooting options that give you the ability to set up these firewalls to match your company's requirements. Progent's CCIE certified network experts can help you to and support an efficient infrastructure that incorporates Cisco ASA or PIX firewalls and that provides advanced protection, fault tolerance, performance, and recoverability. Progent's CISA and CISSP-ISSP-certified IS security consultants can help you to develop a security policy that makes sense for your business and can configure your firewall to support your security policies. Progent's security assessment engineers can assess the strength of your current firewall deployment and help determine the security of your whole IT network. Progent’s Technical Response Center (TRC) can provide emergency remote troubleshooting for Cisco products and offer quick access to a Cisco network engineer.

For additional details concerning Progent's consulting support for Cisco products, pick a topic:

To learn additional details about Progent's engineering support for Cisco technology, pick a subject:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

In order to contact Progent about technical expertise for Cisco networking, call 1-800-993-9400 or see Contact Progent.

© 2002- 2019 Progent Corporation. All rights reserved.