Cisco’s ASA 5500-X Series, ASA 5500, and PIX 500 firewall appliances provide integrated firewall, IPsec VPN, and intrusion prevention system services in compact single-box devices, delivering a broad array of features to meet the security and compliance needs of companies from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls allow IT security staffs to defend their network perimeter and offer safe remote access while using powerful administration tools based on Cisco's industry-leading firewall technology.

Cisco’s ASA 5500 and PIX 500 firewalls have arrived at end-of-life (EOL) status but are still widely used in smaller businesses as well as in a few enterprise data centers. Cisco’s ASA 5500-X Next-Generation Firewalls deliver significantly more value and have superseded Cisco's ASA 5500 and PIX lines of firewalls for new installations. Still, Cisco's legacy firewall appliances, if carefully maintained, can offer a high level of security by supplying multiple features such as firewall, VPN, and IPS.

After Cisco's purchase of Sourcefire, the whole family of ASA 5500-X firewalls can be provisioned to enable Firepower Services, built on Sourcefire's Snort technology, which is the market's most popular intrusion protection system. Firepower services bring powerful new capabilities including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.

Progent's Cisco CCIE-certified network engineers can help your organization to maintain and troubleshoot older ASA 5500 and PIX firewalls and can also assist you to plan and implement an efficient migration to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to design, configure, optimize, manage and debug new firewall ecosystems based on Cisco's latest ASA 5500-X models with Firepower Services.

Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X security appliances includes an enhanced substitute for each rack-mountable model in the previous ASA 5500 line of firewalls. Each ASA 5500-X model is suited for the same environment as the associated previous models, which offers small and midsize businesses plenty of room for selecting a firewall that meets their security requirements and budgets. All ASA 5500-X firewalls are based on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and are capable of running Cisco's advanced protection services. All devices in Cisco's ASA 5500-X product line provide consistent protection across any mix of physical, virtual, and cloud deployments.

>Cisco ASA 5500-X Firepower Consultants

For additional information about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's consulting for ASA firewalls, visit Firepower integration and debugging consulting

Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls work with software or hardware modules that enable Cisco's Firepower Services, which provide layered defense against sophisticated threats. Cisco's Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA firewalls include:

  • Multi-layer defense against both familiar and new attacks
  • Advanced Malware Protection (AMP) that utilizes big data to discover and mitigate intrusions
  • A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at clients, infrastructure, software applications, and content to discover threats that incorporate simultaneous approaches
  • High-resolution Application Visibility and Control (AVC that is aware of thousands of applications and can automatically activate both standard and custom IPS policies depending on the degree of risk
>Cisco Firepower Configuration Consultants

Firepower Services for ASA 5500-X firewalls provide multi-layered threat protection

Smaller implementations of ASA 5500-X firewalls can be efficiently managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool included with all ASA 5500-X models. ASDM includes an easy-to-use web console for deploying, administering, and debugging ASA 5500-X devices and service modules.

For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower Services can be administered with Cisco's Firepower Management Center, implemented as one or more physical units or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to ongoing rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under several names including Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.

Cisco's Firepower Management Center offers capabilities unavailable with Cisco's on-device ASDM tool. Additional features include greater context awareness, Advanced Malware Protection (AMP) with mitigation for client devices, a dashboard that offers real-time infrastructure visualization, automated policy optimization driven by risk evaluation of threats, comprehensive IPS, custom app detectors for Application Visibility and Control (AVC), customized health alerts, improved reporting features, and application interfaces for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed using Cisco's ASA 5500-X on-device ASDM or the ASA 5500-X CLI.

Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on technology developed for the PIX 500 Series firewall, the IPS 4200 sensor, and the Cisco VPN 3000 Series concentrator. These technologies enable the Cisco ASA 5500 Series Firewall family to deliver a platform that stops the widest range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver program security, local containment, and safe VPN functionality across the entire product portfolio. This broad scope of protection allows the guarding of any network segment, including the most common attack vectors such as remote sites, LAN-connected inside users, and remote connected Virtual Private Networks.

>ASA 5500 Series Consulting Services and Troubleshooting
The scalable design of the Cisco ASA 5500 Series permits you to add more features via security service modules (SSMs) and security service cards (SSCs). These user-installable enhancements give you the ability to add Intrusion Protection and content protection functions such as filtering virus, worms, and phishing attacks and performing data and web screening. Beside allowing you to react rapidly to new threat environments, the extensible design of the ASA 5500 family also leverages your capital investment by increasing the life of your firewalls. The ASA 5500 family also leverages your investment in administrative staff education by supporting the familiar library of PIX 500 management utilities and protocols such as the Cisco Adaptive Security Device Manager platform, protected command-line interface (CLI) availability, syslog, and Simple Network Management Protocol.

Cisco ASA 5500 Series firewalls provide robust application security through smart, application-sensitive inspection engines that examine traffic at Layers 4-7. The result is a more secure environment including Web, voice, and mobile wireless connectivity. To defend networks against application-layer attacks and to provide better control over the applications and protocols utilized in their networks, these inspection engines integrate broad application and protocol knowledge and rely on protection enforcement technologies such as protocol anomaly detection and application and protocol state tracking. Also incorporated are attack sensing and remediation technology such as application and protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver management of IM and tunneling applications, enabling organizations to enforce usage policies and recover bandwidth for crucial business processes.

For additional details about Progent's consulting services for Cisco's ASA 5500 security appliances, see Cisco ASA 5500 series firewalls integration and troubleshooting consulting.

PIX Security Appliance Series
Built upon a tested, purpose-built OS that offers rich security features, PIX firewall appliances provide excellent security and have received EAL 4 status and ICSA Labs Firewall and IPSec qualification. Cisco PIX firewall appliances offer security for a broad array of VoIP and additional mixed-media conventions including H.323 Version 4, SIP, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol, helping organizations to safeguard installations of a wide array of current and upcoming VoIP and video applications.

PIX Security Help
Cisco PIX firewall appliances feature a wealth of configuration, monitoring, and troubleshooting options, giving IT managers the versatility to use the techniques that best meet their requirements. Management options include common, policy-based administration utilities, integrated web-accessible administration, and support for remote-tracking standards like Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a powerful Web-accessible control solution that significantly simplifies the deployment, in-place configuration, and tracking of a single PIX security appliance without requiring any extra software other than a standard Web browser and Java applet to be running on a manager's PC.

Administrators can also remotely configure, monitor, and troubleshoot Cisco PIX firewalls via a command-line interface (CLI). Secure CLI interface communication is available using several methods such as Secure Shell Protocol, Telnet over IP Security (IPSec), and out-of-band through a console port. PIX firewalls also include dependable automatic-update features, a collection of advanced secure remote-management services that make sure that firewall configurations and software images are kept up to date.

For additional information about Progent's support services for Cisco PIX firewalls, visit Cisco PIX firewalls configuration and debugging consulting.

Progent's PIX to ASA Migration Consulting Services
Because Cisco has discontinued selling the PIX family of firewalls, many companies are concerned about relying on a key security component that may no longer be supported. ASA 5500 security appliances have the advantage of being current products and also offer several functions and financial advantages in comparison to PIX firewalls. These advantages include substantially better performance, optional SSL VPN capability, and an expandable architecture that protects your investment by enabling you to self-install new security services when and if you require them. Progent's Cisco experts can help you to determine the strategic value of for migrating from PIX to ASA 5500 firewalls, create a migration process that allows for a quick and seamless upgrade, help you to configure new ASA 5500 Series appliances, and offer remote training, consulting, and troubleshooting services.

Additional Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco ASA Series adaptive security appliances and PIX security appliances incorporate an array of configuration, monitoring, and analysis features that offer you the ability to deploy these security appliances to align optimally with your company's needs. Progent's CCIE certified network consultants can assist you to and support an efficient infrastructure that includes Cisco ASA and/or PIX firewall technology and that provides advanced protection, fault tolerance, throughput, and recoverability. Progent's GISA and CISSP-ISSP-qualified IS security experts can help your business to develop a security strategy appropriate for your business and can set up your PIX or ASA firewall to support your security strategy. Progent's security evaluation engineers can assess the effectiveness of your current firewall deployment and audit the overall security of your entire IS environment. Progent’s Technical Response Center (TRC) can provide emergency online troubleshooting for Cisco technology and can give you fast access to a Cisco expert.

For additional information about Progent's consulting assistance for Cisco solutions, choose a subject:

To learn more information about Progent's professional support for Cisco technology, choose a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To get in touch with Progent about engineering help for Cisco networking, call 1-800-993-9400 or see Contact Progent.

© 2002- 2017 Progent Corporation. All rights reserved.