Cisco’s ASA 5500-X, ASA 5500, and PIX firewalls provide integrated firewall, VPN, and IPS capabilities in compact single-box devices, delivering a broad range of features to match the security and compliance requirements of organizations from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewalls allow IT security teams to protect their network perimeter and offer secure remote connectivity while utilizing powerful administration mechanisms built on Cisco's industry-leading firewall technology.

Cisco’s ASA 5500 Series and PIX firewalls have arrived at end-of-life (EOL) status but remain widely deployed in small and mid-size organizations and in a few enterprise networks. The ASA 5500-X Next-Generation Firewalls deliver substantially more value and have supplanted Cisco's ASA 5500 and PIX 500 families of firewalls for new deployments. However, Cisco's older model firewalls, if carefully managed, continue to deliver a high level of protection by supplying multiple features including firewall, VPN, and IPS.

Following Cisco's purchase of Sourcefire, the entire line of Cisco ASA 5500-X firewalls can be provisioned to enable Firepower Services, built on Sourcefire's Snort technology, which is the market's most popular network intrusion protection system. Firepower services provide enhanced capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.

Progent's Cisco CCIE-qualified network engineers can help you to maintain and debug legacy ASA 5500 and PIX firewall appliances and can also help you to design and implement an efficient migration to Cisco’s ASA 5500-X firewalls with Firepower Services. Progent can also assist you to design, integrate, tune, manage and debug new firewall solutions built on Cisco's current ASA 5500-X models with Firepower.

Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive family of ASA 5500-X firewalls includes an enhanced replacement for every rack-mountable model in the older ASA 5500 generation of devices. Each ASA 5500-X model targets the same market as the corresponding previous models, which offers most ample choice for selecting a solution that meets their security needs and budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and support Cisco's powerful security services. All models in Cisco's ASA 5500-X family deliver consistent security across any mix of physical, virtual, and cloud deployments.

>Cisco ASA 5500-X Firepower Consultants

For additional information about ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA 5500-X firewalls, go to Cisco Firepower configuration and troubleshooting expertise

Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with either software or hardware modules that support Cisco's Firepower Services, which offer layered defense against multi-vector threats. Cisco's Firepower Services are based on technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA 5500-X security appliances include:

  • Multi-layer protection against both familiar and new threats
  • Advanced Malware Protection that uses big data techniques to find and remediate security breaches
  • Cisco's Next-Generation Intrusion Prevention System that performs contextual analysis that looks at clients, infrastructure, software applications, and content to detect attacks that use multiple vectors
  • High-resolution Application Visibility and Control that is aware of thousands of applications and can automatically activate both standard and customized IPS policies depending on the severity of risk
>Cisco Firepower Configuration Consultants

Firepower Services for ASA firewalls offer advanced multi-layered threat protection

Simpler deployments of Cisco ASA firewalls can be efficiently administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility included with all ASA 5500-X versions. ASDM provides a simple web dashboard for deploying, administering, and troubleshooting ASA 5500-X appliances and service modules.

For multi-device and multi-site deployments, ASA 5500-X appliances with Firepower can be managed using Firepower Management Center, implemented as one or several physical or virtual appliances. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection. Because of ongoing rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under various names including Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.

Cisco's Firepower Management Center offers capabilities unavailable with Cisco's on-box ASDM tool. Additional capabilities include expanded context awareness, Advanced Malware Protection (AMP) with remediation for client devices, a dashboard that provides dynamic network visualization, automated policy optimization based on risk evaluation of threats, comprehensive IPS, custom app detectors for Application Visibility and Control (AVC), customized health notifications, enhanced reporting features, and APIs for host input and database access. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be managed via Cisco's ASA 5500-X on-box ASDM or the ASA command line interface.

Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances 5500 Series Firewalls build on engineering behind the Cisco PIX 500 Series Security Appliance, the Cisco IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 Series concentrator. These technologies enable the Cisco Adaptive Security Appliances Firewall family to deliver a firewall that stops the broadest variety of threats. Cisco Adaptive Security Appliances Firewalls deliver application protection, network containment, and safe Virtual Private Network connectivity across Cisco's product portfolio. This broad scope of security allows the guarding of any network segment, which includes the most common attack conduits such as remote sites, LAN-attached inside users, and remote access Virtual Private Networks.

>ASA 5500 Series Consulting and Troubleshooting
The scalable design of the ASA 5500 family enables you to add more services via security service modules and cards. These user-installable options provide the option of adding Intrusion Protection and content protection functions like filtering virus, spyware, and phishing attacks and executing data and web filtering. In addition to enabling you to react quickly to new threat vectors, the expandable design of the Cisco ASA 5500 family also leverages your capital investment by increasing the useful life of your firewalls. The Cisco ASA 5500 family also protects your investment in IT team education by utilizing the familiar set of PIX 500 security management utilities and protocols such as the Cisco Adaptive Security Device Manager platform, secure command-line interface (CLI) access, syslog, and Simple Network Management Protocol.

Cisco Adaptive Security Appliances (ASA) firewalls provide a high-level of application protection through smart, application-sensitive inspection engines that examine traffic at Layers 4-7. This produces a better protected network including Web, voice, and 3G-mobile wireless connectivity. To protect against application-layer assaults and to provide better control over the applications and protocols utilized in their networks, Cisco's inspection engines incorporate broad application and protocol knowledgebases and rely on security enforcement solutions such as anomaly sensing and application and protocol state monitoring. Also incorporated are assault sensing and mitigation techniques including application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide control over IM and peer-to-peer file sharing, allowing organizations to police usage policies and conserve bandwidth for vital business processes.

For additional details about Progent's support services for Cisco's ASA 5500 security appliances, go to Cisco ASA 5500 firewalls integration and troubleshooting support.

Cisco PIX Firewalls
Based upon a hardened, specialized OS that offers rich security services, Cisco PIX firewall appliances provide excellent security and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. PIX security appliances provide protection for a broad range of Voice over IP and additional multimedia standards such as H.323 Version 4, Session Initiation Protocol (SIP), SCCP, RTSP, and Media Gateway Control Protocol, helping organizations to protect deployments of a broad array of contemporary and upcoming IP voice and video applications.

Cisco PIX Firewalls Support
PIX firewalls feature a variety of setup, monitoring, and analysis options, providing IT managers the versatility to utilize the techniques that most closely match their requirements. Management options include common, policy-based management utilities, integrated web-based management, and compatibility with remote-tracking protocols like Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a world-class Web-based control platform that greatly simplifies the deployment, in-place configuration, and monitoring of a single Cisco PIX firewall appliance without requiring any extra utility beyond an ordinary browser and Java plug-in to be running on an administrator's PC.

IT managers can furthermore remotely set up, monitor, and analyze PIX firewall appliances via a command-line interface. Safe command-line interface access is available using several techniques including Secure Shell (SSHv2) Protocol, Telnet over IP Security, and out-of-band through a console port. Cisco PIX firewalls also include dependable automatic-update capabilities, a set of revolutionary secure remote-management services that ensure firewall settings and software images are kept up to date.

For more information about Progent's support services for PIX security appliances, go to Cisco PIX 500 firewalls integration and troubleshooting consulting.

Progent's PIX to ASA Migration Consulting Services
Because Cisco has discontinued offering the PIX family of firewalls, many companies are uncomfortable with depending on a critical infrastructure mechanism that might no longer be supported by Cisco. ASA 5500 firewalls have the advantage of being new devices and also bring several functions and economic benefits in comparison to PIX devices. These advantages include significantly higher throughput, optional Secure Sockets Layer VPN capability, and a modular design that protects your investment by enabling you to self-install more security services whenever you need them. Progent's Cisco experts can assist your company to assess the strategic value of for migrating from PIX 500 to Cisco ASA 5500 security appliances, create a migration process that allows for a fast and non-disruptive upgrade, help you to set up new ASA 5500 Series firewalls, and offer online, consulting, and troubleshooting services.

Other Ways Progent Can Assist You with Cisco ASA and PIX Security Appliances
Cisco ASA 5500 Series adaptive security appliances and PIX security appliances incorporate a wealth of setup, tracking, and analysis features which offer you the flexibility to deploy these firewalls to align optimally with your company's requirements. Progent's CCIE authorized network consultants can assist you to and support a cost-effective infrastructure that includes Cisco ASA and/or PIX firewall technology and that provides world-class security, fault tolerance, performance, and recoverability. Progent's GISA and CISM-qualified IS security experts can help your business to create a security strategy that makes sense for your environment and can configure your PIX or ASA firewall to enforce your security strategy. Progent's risk evaluation experts can assess the strength of your existing firewall solution and help determine the overall security of your whole IS network. Progent’s Technical Response Center (TRC) can provide urgent remote technical support for Cisco technology and can give you quick access to a Cisco expert.

To see additional details concerning Progent's engineering expertise for Cisco networking products, choose a subject:

To see more information about Progent's professional assistance for Cisco solutions, choose a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

If you wish to ask Progent about consulting support for Cisco products, call 1-800-993-9400 or see Contact Progent.

© 2002- 2018 Progent Corporation. All rights reserved.