Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewalls offer integrated firewall, VPN, and IPS capabilities in compact single-box packages, delivering a broad array of features to match the security and compliance needs of organizations ranging from small businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X, ASA 5500, and PIX firewall appliances allow IT security staffs to protect their network edge and provide safe remote connectivity while using powerful administration tools based on Cisco's world-class firewall technology.

Cisco’s ASA 5500 and PIX firewall appliances have reached end-of-life (EOL) but remain commonly used in small and mid-size organizations and in some larger data centers. Cisco’s ASA 5500-X Next-Generation Firewalls represent substantially more bang for the buck and have superseded Cisco's ASA 5500 and PIX families of firewalls for new deployments. However, Cisco's legacy firewalls, if carefully maintained, continue to offer a high level of protection by providing a variety of services such as stateful firewall, VPN, and IPS.

After Cisco's purchase of Sourcefire, the whole family of ASA 5500-X devices can be provisioned to support Firepower Services, built on Sourcefire's Snort technology, which is the market's most popular intrusion protection system (IPS). Firepower services bring enhanced capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.

Progent's Cisco CCIE-qualified infrastructure engineers can assist you to support and debug older ASA 5500 Series and PIX 500 firewall appliances and can also assist you to design and carry out an efficient upgrade to Cisco’s ASA 5500-X firewalls with Firepower. Progent can also assist you to design, deploy, optimize, manage and troubleshoot new firewall solutions built on Cisco's current ASA 5500-X models with Firepower Services.

Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X security appliances features an improved substitute for every rack-mountable unit in the older ASA 5500 generation of firewalls. Each ASA 5500-X firewall is suited for the identical market as the associated earlier models, which gives small and midsize businesses ample choice for picking a solution that aligns with their security requirements and budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and are capable of running Cisco's advanced security services. All models in Cisco's ASA 5500-X family deliver consistent security across any mix of physical, virtual, and cloud deployments.

>Cisco ASA 5500-X Firepower Consultants

For more details about ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for Cisco ASA 5500-X security appliances, see Cisco Firepower configuration and debugging expertise

Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls accept either software or hardware modules that enable Cisco's Firepower Services, which offer layered protection against advanced threats. Firepower Services are based on technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA security appliances include:

  • Layered protection against familiar and zero-day threats
  • Advanced Malware Protection (AMP) that uses big data to find and mitigate intrusions
  • A Next-Generation Intrusion Prevention System that performs contextual analysis that covers clients, infrastructure, apps, and content to discover threats that use multiple approaches
  • High-resolution Application Visibility and Control that is aware of thousands of apps and can automatically activate both standard and custom IPS policies depending on the severity of risk
>Cisco Firepower Configuration Consultants

Firepower Services for ASA 5500-X firewalls provide multi-layered security

Smaller deployments of ASA 5500-X firewalls can be efficiently administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility included with all ASA 5500-X versions. ASDM includes a convenient web console for deploying, managing, and troubleshooting ASA 5500-X devices and modules.

For more complex deployments, ASA 5500-X firewalls with Firepower Services can be managed with Firepower Management Center, implemented as one or more physical units or virtual appliances. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names that include Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.

Cisco's Firepower Management Center provides capabilities beyond those available with Cisco's on-box Adaptive Security Device Manager tool. Extra capabilities include greater context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for user devices, a dashboard that provides dynamic network visualization, automated policy tuning based on impact assessment of attacks, comprehensive IPS, custom application discovery for Application Visibility and Control (AVC), customized health notifications, enhanced reporting options, and APIs for host input and database access. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be managed using the on-box ASDM or the ASA command line interface.

Cisco ASA 5500 Family of Adaptive Security Appliances
Cisco Adaptive Security Appliances Firewalls build on engineering behind Cisco's PIX 500 Security Appliance, Cisco's IPS 4200 Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These solutions enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to offer a firewall that defends against the broadest variety of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide application security, local containment, and clean Virtual Private Network connectivity across the entire product line. This broad scope of protection enables the guarding of any network segment, including the most typical threat vectors such as remote sites, locally-connected internal users, and off-site connected VPNs.

>ASA 5500 Series Consulting Services and Technical Support
The expandable architecture of the Cisco ASA 5500 Series enables you to add more security services by installing service modules and cards. These user-installable enhancements provide the option of adding IPS and content protection services such as filtering virus, worms, and phishing attacks and performing data and URL screening. Beside allowing your IT staff to react rapidly to the latest risk vectors, the expandable design of the ASA 5500 Series also protects your capital investment by increasing the life of your firewalls. The Cisco ASA 5500 Series also leverages your investment in administrative staff training by utilizing the rich set of PIX management tools and protocols including the Cisco ASDM platform, secure command-line interface availability, syslog, and Simple Network Management Protocol.

Cisco ASA firewalls deliver a high-level of application protection through intelligent, application-sensitive inspection processes that examine network flows at Layers 4-7. This results in a safer network covering Web, voice, and mobile wireless connectivity. To defend networks against application-layer assaults and to provide better control over the applications and protocols utilized in their networks, Cisco's inspection engines integrate broad application and protocol knowledge and employ security enforcement technologies such as protocol anomaly sensing and application and protocol state tracking. Also included are attack detection and mitigation technology including application/protocol command filtering and URL deobfuscation. Cisco ASA 5500 Series firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, enabling organizations to enforce usage policies and free up bandwidth for crucial business processes.

For additional information about Progent's support services for ASA 5500 security appliances, go to Cisco ASA 5500 firewalls integration and debugging support.

PIX Firewalls
Based around a tested, specialized software platform that offers a wealth of security features, Cisco PIX firewalls offer excellent security and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. PIX firewall appliances provide security for a broad array of Voice over IP and other multimedia conventions such as H.323 Version 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping businesses to protect deployments of a wide array of current and upcoming VoIP and video applications.

Cisco PIX Security Support
PIX security appliances offer a wealth of configuration, tracking, and troubleshooting options, giving IT managers the versatility to use the methods that most closely match their needs. Administrative solutions include common, policy-based administration utilities, integrated web-based administration, and support for remote-tracking standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system offers a powerful Web-based control platform that significantly simplifies the installation, in-place modification, and monitoring of a specific PIX security appliance without the need of any additional utility beyond an ordinary Web browser and Java applet to be running on an administrator's computer.

Administrators can furthermore remotely set up, track, and troubleshoot PIX firewall appliances using a command-line interface. Secure command-line interface (CLI) communication is available through a number of methods including Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewall appliances also have robust auto-update capabilities, a set of revolutionary protected remote-administration services that make sure that firewall settings and software images are kept current.

For additional details about Progent's support services for Cisco PIX security appliances, see PIX 500 firewalls configuration and troubleshooting support.

Progent's PIX to ASA Migration Consulting Support
Because Cisco has ceased offering the PIX family of firewalls, many businesses are concerned about depending on a critical infrastructure mechanism that may stop being supported by Cisco. ASA 5500 firewalls offer the advantage of being new products and also offer several technical and budgetary advantages in comparison to PIX 500 firewalls. These benefits include substantially better performance, optional SSL tunneling support, and a modular architecture that protects your investment by enabling you to self-install new security features when and if you require them. Progent's Cisco network engineers can help your company to determine the strategic case for upgrading from PIX to Cisco ASA 5500 firewalls, create a migration plan that allows for a quick and non-disruptive changeover, help you to set up new ASA 5500 firewalls, and offer online, consulting, and technical support services.

Additional Ways Progent Can Help Your Business with Cisco ASA and PIX Security Appliances
Cisco's Cisco ASA Series adaptive security appliances and PIX family firewalls provide an array of setup, monitoring, and troubleshooting options which give you the ability to deploy these security appliances to match your company's needs. Progent's CCIE certified network experts can assist you to install a cost-effective infrastructure that incorporates Cisco ASA or PIX firewalls and that provides advanced security, resilience, performance, and manageability. Progent's CISA and CISM-certified information security experts can help your business to develop a security policy appropriate for your business and can configure your security appliance to enforce your security policies. Progent's security assessment consultants can evaluate the effectiveness of your existing firewall solution and validate the security of your whole information system network. Progent’s Help Desk support team can provide urgent online troubleshooting for Cisco technology and can give you fast access to a Cisco CCIE expert.

To see more details concerning Progent's consulting support for Cisco solutions, select a topic:

To find out additional details concerning Progent's consulting assistance for Cisco technology, select a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

If you wish to get in touch with Progent about consulting expertise for Cisco networking, call 1-800-993-9400 or see Contact Progent.
















© 2002- 2017 Progent Corporation. All rights reserved.