Cisco’s ASA 5500-X Series, ASA 5500, and PIX 500 firewall appliances provide combined firewall, IPsec VPN, and intrusion prevention system (IPS) capabilities in compact single-box packages, delivering a broad range of features to match the security needs of companies ranging from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500, and PIX firewalls allow IT security teams to defend their network perimeter and provide safe remote connectivity while using powerful management tools based on Cisco's industry-leading firewall products.

Cisco’s ASA 5500 and PIX firewall appliances have reached end-of-life status but are still commonly deployed in small and mid-size businesses as well as in some larger data centers. The ASA 5500-X Series Next-Generation Firewalls deliver substantially more bang for the buck and have superseded Cisco's ASA 5500 and PIX families of firewalls for new installations. However, Cisco's older model firewalls, if carefully maintained, continue to deliver a high level of protection by providing multiple security functions such as stateful firewall, VPN, and IPS.

Since Cisco's purchase of Sourcefire, the whole family of Cisco ASA 5500-X firewalls can be configured to support Firepower Services, based on Sourcefire's Snort product, which is the world's most deployed intrusion protection system. Firepower services bring powerful new capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.

Progent's Cisco-certified infrastructure engineers can assist you to support and debug older ASA 5500 and PIX firewall appliances and can also assist you to design and carry out a smooth migration to Cisco’s ASA 5500-X firewalls with Firepower Services. Progent can also assist you to design, configure, tune, manage and debug new firewall ecosystems based on Cisco's current ASA 5500-X firewalls with Firepower Services.

Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive line of ASA 5500-X firewalls features an improved replacement for every rack-mountable unit in the older ASA 5500 series of devices. Each ASA 5500-X model is suited for the identical environment as the associated earlier models, which gives small and midsize businesses plenty of room for selecting a firewall that meets their security requirements and IT budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and support Cisco's advanced protection services. All models in Cisco's ASA 5500-X family provide consistent protection across any combination of physical, virtual, and cloud deployments.

>Cisco ASA 5500-X Firepower Consultants

For more details about ASA 5500-X security appliances, Firepower services, and Progent's consulting for Cisco ASA 5500-X security appliances, see Firepower integration and debugging consulting

Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls work with software or hardware modules that support Cisco's Firepower Services, which offer layered defense against advanced threats. Firepower Services are powered by technology adopted by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X firewalls include:

  • Layered defense against both familiar and new threats
  • Advanced Malware Protection that utilizes big data techniques to find and remediate security breaches
  • Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at users, network infrastructure, software applications, and content to discover attacks that incorporate simultaneous vectors
  • High-resolution Application Visibility and Control that is familiar with thousands of apps and can automatically launch standard and custom IPS policies depending on the severity of risk
>Cisco Firepower Configuration Expertise

Firepower Services for Cisco ASA 5500-X firewalls provide advanced multi-layered security

Smaller deployments of Cisco ASA 5500-X firewalls can be efficiently administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility included with all ASA 5500-X models. ASDM provides an easy-to-use web console for configuring, administering, and debugging ASA 5500-X devices and service modules.

For more complex environments, ASA 5500-X firewalls with Firepower Services can be managed using Cisco's Firepower Management Center, available as one or several physical units or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of ongoing rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under various names that include Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.

Cisco's Firepower Management Center offers features beyond those available with Cisco's on-box ASDM tool. Extra features include greater context awareness, Advanced Malware Protection (AMP) with remediation for user devices, a dashboard that provides real-time infrastructure visualization, automated policy optimization driven by impact assessment of threats, comprehensive IPS, custom app discovery for Application Visibility and Control (AVC), customized health notifications, improved reporting features, and APIs for host input and database access. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be handled using either the on-device ASDM or the ASA 5500-X command line interface.

Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances Firewalls leverage technology developed for Cisco's PIX 500 Series firewall, the Cisco IPS 4200 sensor, and Cisco's VPN 3000 Series concentrator. These technologies enable the Cisco Adaptive Security Appliances Firewall product line to offer a platform that defends against the broadest range of threats. Cisco Adaptive Security Appliances (ASA) Firewalls deliver application protection, network containment and control, and clean VPN functionality throughout Cisco's product portfolio. This breadth of protection allows the guarding of any network section, including the most common attack vectors like remote locations, LAN-connected inside users, and remote access Virtual Private Networks.

>ASA 5500 Consulting Services and Technical Support
The scalable architecture of the Cisco ASA 5500 Series permits you to add more services via security service modules and security service cards. These easy-to-install enhancements give you the ability to add IPS and content protection functions like blocking virus, spyware, and phishing assaults and performing data and URL filtering. Beside allowing your IT staff to respond quickly to new threat environments, the extensible architecture of the ASA 5500 Series also protects your hardware investment by increasing the useful life of your firewalls. The Cisco ASA 5500 Series also protects your investment in administrative team education by supporting the rich set of PIX 500 management tools and protocols including the Cisco ASDM system, protected command-line interface availability, syslog, and SNMP.

Cisco Adaptive Security Appliances firewalls provide a high-level of application protection through intelligent, application-sensitive inspection engines that examine network flows at Layers 4-7. This results in a more secure environment including Web, voice, and 3G-mobile wireless connectivity. To defend against application-layer assaults and to provide better policing of the programs and protocols utilized in their networks, these inspection engines incorporate extensive application and protocol knowledgebases and employ security enforcement technologies that include anomaly detection and state tracking. Also included are attack sensing and mitigation technology including application/protocol command filters and URL deobfuscation. Cisco ASA 5500 Series firewall inspection engines also provide management of instant messaging and tunneling applications, allowing businesses to enforce usage policies and recover bandwidth for important business applications.

For more details about Progent's consulting services for ASA 5500 security appliances, see Cisco ASA 5500 series firewalls configuration and troubleshooting support.

PIX Firewalls
Based upon a hardened, specialized OS that offers rich security services, PIX security appliances provide a high level of security and have been awarded EAL 4 status and ICSA Labs Firewall and IPsec certification. PIX security appliances offer security for a broad range of Voice over IP and additional multimedia conventions such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), enabling businesses to safeguard deployments of a broad range of current and upcoming VoIP and mixed-media applications.

PIX Security Consultants
Cisco PIX security appliances offer a wealth of configuration, tracking, and analysis features, giving IT managers the flexibility to use the methods that most closely meet their needs. Management solutions include common, policy-based management utilities, integrated web-based administration, and support for remote-tracking protocols like Simple Network Management Protocol and syslog. The integrated ASDM interface provides a powerful Web-based control platform that greatly streamlines the deployment, ongoing modification, and monitoring of a specific Cisco PIX security appliance without requiring any extra software beyond an ordinary browser and Java plug-in to be installed on a manager's PC.

Administrators can also remotely configure, track, and troubleshoot PIX security appliances via a command-line interface (CLI). Secure CLI interface communication is available using several techniques including SSHv2 Protocol, Telnet over IP Security, and out-of-band via a console port. Cisco PIX firewall appliances also have robust auto-update capabilities, a collection of revolutionary protected remote-administration services that make sure that firewall configurations and software images are always current.

For additional information about Progent's support services for PIX security appliances, see PIX firewalls configuration and troubleshooting services.

Progent's PIX to ASA Migration Support Services
Since Cisco has ceased offering the PIX family of firewalls, many companies are concerned about relying on a key security mechanism that might stop being supported by Cisco. ASA 5500 firewalls have the benefit of being current devices and also bring a number of technical and budgetary advantages in comparison to PIX firewalls. These advantages include substantially higher throughput, optional Secure Sockets Layer VPN support, and a modular design that protects your investment by enabling you to add new security features whenever you need them. Progent's CCIE-certified experts can help your company to assess the business case for moving from PIX to Cisco ASA 5500 security appliances, create a migration process that allows for a quick and non-disruptive upgrade, help you to configure new ASA 5500 Series firewalls, and provide remote training, consulting, and troubleshooting services.

Other Ways Progent Can Assist Your Business with Cisco Firewalls
Cisco's ASA 5500 Series firewalls and PIX family security appliances provide a wealth of configuration, tracking, and troubleshooting options that offer you the ability to deploy these security appliances to match your company's needs. Progent's CCIE certified network consultants can help you to and support a cost-effective infrastructure that incorporates Cisco ASA and/or PIX firewall technology and that provides world-class protection, resilience, throughput, and manageability. Progent's CISA and CISSP-ISSP-certified IS security professionals can help your business to develop a security policy that makes sense for your situation and can set up your security appliance to support your security policies. Progent's security evaluation experts can assess the effectiveness of your existing firewall deployment and validate the security of your whole information system network. Progent’s Help Desk Call Center can provide urgent online technical support for Cisco technology and can give you fast access to a Cisco CCIE expert.

To see more information concerning Progent's consulting help for Cisco networking products, choose a topic:

To learn additional information concerning Progent's consulting assistance for Cisco networking products, pick a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To ask Progent about engineering support for Cisco products, call 1-800-993-9400 or see Contact Progent.

© 2002- 2017 Progent Corporation. All rights reserved.