Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls offer integrated firewall, VPN, and intrusion prevention system services in compact single-box packages, delivering a wide range of features to match the security requirements of companies from small and mid-size businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances allow IT security staffs to protect their network edge and provide safe offsite and mobile connectivity while using advanced management tools built on Cisco's industry-leading firewall technology.

Cisco’s ASA 5500 Series and PIX 500 firewalls have reached end-of-life but are still widely deployed in small and mid-size organizations as well as in some enterprise data centers. Cisco’s ASA 5500-X Series Next-Generation Firewalls represent substantially more bang for the buck and have supplanted the ASA 5500 and PIX 500 lines of firewalls for new deployments. However, Cisco's older model firewall appliances, if carefully managed, continue to deliver a high level of protection by supplying multiple services including stateful firewall, VPN, and IPS.

After Cisco's purchase of Sourcefire, the entire line of Cisco ASA 5500-X devices can be configured to enable Firepower Services, built on Sourcefire's Snort technology, which is the market's most popular network intrusion protection system. Firepower services bring enhanced features including advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.

Progent's Cisco CCIE-qualified network consultants can help your organization to maintain and debug legacy ASA 5500 and PIX firewalls and can also help you to design and implement a smooth migration to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also help you to design, deploy, optimize, manage and debug new firewall solutions based on Cisco's latest ASA 5500-X models with Firepower.

Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive line of ASA 5500-X firewalls features an improved replacement for each rack-mountable model in the older ASA 5500 generation of firewalls. Each ASA 5500-X model targets the identical market as the corresponding earlier models, which offers most plenty of choice for picking a solution that meets their security requirements and IT budgets. All ASA 5500-X products are based on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and support Cisco's powerful security services. All devices in Cisco's ASA 5500-X family deliver consistent security across any combination of physical, virtual, and cloud environments.

>Cisco ASA 5500-X Firepower Consultants

For additional details about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA 5500-X security appliances, see Cisco Firepower configuration and troubleshooting consulting

Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls work with software or hardware modules that enable Cisco's Firepower Services, which provide layered defense against multi-vector threats. Cisco's Firepower Services are based on technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA security appliances include:

  • Multi-layer defense against both familiar and zero-day threats
  • Advanced Malware Protection (AMP) that uses big data techniques to find and mitigate intrusions
  • A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that covers clients, infrastructure, software applications, and content to discover attacks that incorporate simultaneous vectors
  • Fine-grained Application Visibility and Control that is aware of thousands of applications and can automatically launch both standard and customized IPS policies depending on the severity of threats
>Cisco Firepower Integration Consultants

Firepower Services for ASA 5500-X firewalls provide advanced multi-layered security

Simpler implementations of Cisco ASA firewalls can be effectively managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool included with all ASA 5500-X models. ASDM provides an easy-to-use web console for configuring, managing, and troubleshooting ASA 5500-X firewalls and modules.

For more complex deployments, ASA 5500-X firewalls with Firepower Services can be managed using Cisco's Firepower Management Center, implemented as one or more physical units or virtual devices. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names that include Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.

Cisco's Firepower Management Center offers features beyond those available with Cisco's on-box ASDM utility. Extra capabilities include greater context awareness, Cisco's Advanced Malware Protection with mitigation for user devices, a console that offers dynamic network infrastructure visualization, automated policy tuning based on risk assessment of attacks, comprehensive IPS, custom app discovery for Application Visibility and Control (AVC), customized health alerts, improved reporting options, and application interfaces for host input and database access. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be handled using either the on-device ASDM or the ASA 5500-X CLI.

Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage technology developed for the PIX 500 Series firewall, the Cisco IPS 4200 Series Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These solutions enable the Cisco Adaptive Security Appliances 5500 Series Firewall product line to deliver a platform that stops the widest variety of attacks. Cisco ASA 5500 Series Firewalls provide application security, network containment, and safe Virtual Private Network functionality throughout Cisco's product portfolio. This broad scope of protection allows the guarding of any network area, which includes the most typical attack conduits such as remote sites, locally-attached internal users, and off-site connected VPNs.

>Cisco ASA 5500 Series Consulting and Troubleshooting
The expandable design of the ASA 5500 Series enables you to add more security services via security service modules (SSMs) and cards. These easy-to-install enhancements provide the option of adding IPS and content protection services like blocking virus, worms, and phishing attacks and executing data and web screening. Beside allowing your IT staff to respond rapidly to the latest risk vectors, the expandable design of the ASA 5500 Series also leverages your capital investment by increasing the useful life of your firewalls. The ASA 5500 family also protects your investment in administrative staff training by utilizing the rich library of PIX security management tools and protocols including the Cisco Adaptive Security Device Manager (ASDM) system, protected command-line interface availability, verbose syslog, and SNMP.

Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver a high-level of application security through intelligent, application-aware inspection processes that examine traffic at Layers 4-7. This produces a safer environment including Web, voice, and 3G-mobile wireless services. To protect networks against application-layer assaults and to offer better control over the applications and protocols used in their networks, Cisco's inspection engines integrate extensive application and protocol knowledge and employ security enforcement technologies that include anomaly sensing and application and protocol state monitoring. Also incorporated are attack detection and remediation techniques such as application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide control over IM and peer-to-peer file sharing, enabling businesses to enforce usage policies and preserve network bandwidth for critical business processes.

For more details about Progent's support services for ASA 5500 security appliances, see ASA 5500 series firewalls integration and troubleshooting services.

Cisco PIX Firewall Appliances
Built around a hardened, purpose-built software platform that delivers a wealth of protection services, Cisco PIX firewall appliances provide a high level of protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec qualification. Cisco PIX firewall appliances provide protection for a wide array of Voice over IP and additional multimedia conventions including H.323 v. 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol, and MGCP, enabling organizations to protect installations of a wide range of contemporary and next-generation Voice over IP and multimedia applications.

Cisco PIX Firewalls Support
PIX security appliances offer a variety of configuration, monitoring, and analysis options, providing businesses the versatility to use the methods that most closely match their requirements. Management solutions include centralized, policy-based administration utilities, integrated web-accessible management, and support for remote-monitoring protocols such as Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager interface provides a world-class Web-accessible control platform that greatly simplifies the deployment, in-place configuration, and tracking of a specific PIX firewall without the need of any extra utility beyond an ordinary browser and Java applet to be running on a manager's PC.

IT managers can also remotely set up, track, and analyze PIX firewalls via a command-line interface. Secure command-line interface (CLI) communication is available using several methods such as SSHv2 Protocol, Telnet over IPsec, and out-of-band through a console port. PIX firewall appliances also have dependable automatic-update capabilities, a set of advanced protected remote-management options that ensure security configurations and software images are always up to date.

For additional details about Progent's support services for Cisco PIX firewalls, visit PIX firewalls configuration and troubleshooting consulting.

Progent's PIX to ASA Migration Consulting Support
Because Cisco has discontinued offering the PIX 500 product line, many companies are uncomfortable with depending on a key infrastructure mechanism that may no longer be supported. ASA 5500 security appliances offer the benefit of being new devices and also bring several functions and budgetary benefits in comparison to PIX 500 firewalls. These benefits include substantially higher throughput, optional SSL VPN support, and an expandable design that guards your investment by enabling you to self-install new security services when and if you require them. Progent's Cisco certified network engineers can assist you to determine the business case for upgrading from PIX 500 to Cisco ASA 5500 firewalls, create a migration plan that allows for a quick and non-disruptive changeover, assist your IT staff to configure new ASA 5500 Series firewalls, and offer online, consulting, and troubleshooting services.

Other Ways Progent Can Help You with Cisco ASA and PIX Firewalls
Cisco Cisco ASA Series adaptive security appliances and PIX family firewalls incorporate a wealth of configuration, monitoring, and troubleshooting options that give you the ability to deploy these firewalls to align optimally with your company's needs. Progent's CCIE authorized network professionals can show you how to and support an efficient network infrastructure that incorporates Cisco ASA and/or PIX firewalls and that offers advanced protection, resilience, performance, and manageability. Progent's GISA and CISM-qualified information security experts can assist you to create a security policy appropriate for your environment and can set up your PIX or ASA firewall to support your security strategy. Progent's security assessment consultants can assess the effectiveness of your existing firewall solution and validate the overall security of your whole IT network. Progent’s Help Desk Call Center can provide emergency remote technical support for Cisco technology and offer fast access to a Cisco CCIE expert.

To see more information about Progent's professional expertise for Cisco products, choose a subject:

To find out additional details concerning Progent's professional expertise for Cisco products, select a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

In order to get in touch with Progent about professional assistance for Cisco products, phone 1-800-993-9400 or go to Contact Progent.

© 2002- 2018 Progent Corporation. All rights reserved.