Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls provide integrated firewall, IPsec VPN, and intrusion prevention system capabilities in single-box devices, delivering a broad array of features to match the security requirements of organizations from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500, and PIX firewall appliances allow network security staffs to protect their network perimeter and offer safe remote access while using powerful administration tools based on Cisco's industry-leading firewall technology.

Cisco’s ASA 5500 and PIX firewall appliances have arrived at end-of-life status but are still commonly used in small and mid-size businesses and in some larger networks. Cisco’s ASA 5500-X Series Next-Generation Firewalls represent substantially more value and have supplanted the ASA 5500 and PIX lines of firewalls for new deployments. However, Cisco's legacy firewalls, if carefully managed, can deliver a high degree of security by supplying a variety of features such as firewall, IPsec VPN, and IPS.

Since Cisco's purchase of Sourcefire, the entire family of ASA 5500-X devices can be configured to support Firepower Services, based on Sourcefire's Snort technology, which is the world's most popular network intrusion protection system. Firepower services bring powerful new features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.

Progent's Cisco CCIE-qualified infrastructure consultants can assist your organization to maintain and troubleshoot legacy ASA 5500 Series and PIX 500 firewall appliances and can also assist you to design and implement a smooth migration to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to design, deploy, optimize, administer and debug new firewall ecosystems built on Cisco's current ASA 5500-X models with Firepower.

Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X security appliances includes an improved substitute for every rack-mountable unit in the older ASA 5500 series of firewalls. Each ASA 5500-X firewall targets the same market as the associated earlier models, which offers small and midsize businesses plenty of choice for selecting a firewall that aligns with their security requirements and IT budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful security services. All models in Cisco's ASA 5500-X family deliver consistent security across any mix of physical, virtual, and cloud deployments.

>Cisco ASA 5500-X Firepower Consultants

For additional details about ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA 5500-X firewalls, go to Firepower configuration and debugging consulting

Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances accept either software or hardware modules that enable Firepower Services, which provide layered defense against multi-vector threats. Cisco's Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA 5500-X security appliances include:

  • Multi-layer protection against both familiar and zero-day attacks
  • Cisco's Advanced Malware Protection that uses big data to find and mitigate security breaches
  • Cisco's Next-Generation Intrusion Prevention System that performs contextual analysis that looks at clients, network infrastructure, apps, and content to detect threats that incorporate multiple approaches
  • Fine-grained Application Visibility and Control that is familiar with thousands of apps and can automatically launch both standard and custom IPS policies depending on the degree of risk
>Cisco Firepower Configuration Expertise

Firepower Services for Cisco ASA firewalls provide multi-layered security

Smaller deployments of Cisco ASA 5500-X firewalls can be effectively administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool provided with all ASA 5500-X versions. ASDM provides a simple web dashboard for configuring, administering, and debugging ASA 5500-X appliances and modules.

For multi-device and multi-site environments, ASA 5500-X appliances with Firepower can be managed using Cisco's Firepower Management Center, available as one or more physical or virtual devices. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to ongoing rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under various names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.

Firepower Management Center offers features unavailable with Cisco's on-box Adaptive Security Device Manager utility. Additional capabilities include greater context awareness, Advanced Malware Protection with mitigation for user devices, a console that offers real-time network visualization, automated policy tuning driven by impact assessment of attacks, comprehensive IPS, custom app discovery for Application Visibility and Control, customized health notifications, enhanced reporting features, and application interfaces for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed via Cisco's ASA 5500-X on-box ASDM or the ASA 5500-X command line interface.

Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances Firewalls build on engineering developed for the PIX 500 family Security Appliance, the Cisco IPS 4200 Series sensor, and the Cisco VPN 3000 Series concentrator. These technologies enable the Cisco ASA 5500 Series Firewall product line to offer a firewall that defends against the widest range of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls deliver application protection, local containment and control, and clean VPN functionality across Cisco's product line. This broad scope of security allows the guarding of any network area, including the most typical threat vectors such as remote locations, locally-connected internal users, and off-site access Virtual Private Networks.

>ASA 5500 Consulting and Troubleshooting
The expandable design of the ASA 5500 Series enables you to add features via security service modules and security service cards (SSCs). These easy-to-install enhancements give you the ability to add IPS and content protection services such as blocking virus, spyware, and phishing attacks and performing file and URL filtering. Beside enabling you to react rapidly to the latest risk vectors, the extensible design of the ASA 5500 family also protects your capital investment by increasing the life of your security appliances. The ASA 5500 Series also protects your investment in IT staff education by supporting the rich library of PIX management tools and protocols including the Cisco Adaptive Security Device Manager (ASDM) system, protected command-line interface access, syslog, and Simple Network Management Protocol (SNMP).

Cisco ASA firewalls provide robust application security via smart, application-aware inspection engines that analyze traffic at Layers 4-7. The result is a safer environment covering Web, voice, and 3G-mobile wireless services. To defend against application-layer attacks and to provide stronger control over the applications and protocols used in their environments, these inspection engines integrate extensive application and protocol knowledgebases and rely on security enforcement technologies such as anomaly detection and application and protocol state monitoring. Also included are assault detection and remediation technology including application and protocol command filters and content verification. Cisco ASA firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, allowing organizations to police usage policies and free up bandwidth for important business processes.

For more information about Progent's consulting services for Cisco's ASA 5500 firewalls, visit ASA 5500 firewalls integration and debugging services.

PIX Security Appliance Series
Based upon a hardened, specialized software platform that offers a wealth of protection features, Cisco PIX security appliances provide excellent protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security certification. Cisco PIX security appliances offer security for a broad range of Voice over IP and other multimedia standards including H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and MGCP, enabling organizations to safeguard deployments of a broad array of contemporary and upcoming Voice over IP and multimedia applications.

PIX Firewalls Experts
PIX firewall appliances feature a wealth of setup, monitoring, and troubleshooting options, providing businesses the flexibility to use the techniques that most closely match their requirements. Administrative solutions include common, policy-based management utilities, integrated web-based administration, and support for remote-tracking standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager system provides a powerful Web-based management platform that significantly streamlines the deployment, in-place modification, and tracking of a specific PIX firewall appliance without requiring any additional utility beyond an ordinary browser and Java plug-in to be installed on a manager's computer.

IT managers can also remotely set up, monitor, and analyze Cisco PIX firewalls using a command-line interface (CLI). Secure command-line interface (CLI) access is available through several methods such as SSHv2 Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewall appliances also have dependable auto-update capabilities, a collection of revolutionary protected remote-management services that ensure firewall settings and software images are kept current.

For additional details about Progent's consulting services for Cisco PIX firewalls, see Cisco PIX 500 firewalls configuration and troubleshooting support.

Progent's PIX to ASA Migration Support
Since Cisco has discontinued selling the PIX 500 family of firewalls, many businesses are concerned about depending on a key security mechanism that might no longer be supported by Cisco. Cisco ASA 5500 security appliances offer the benefit of being new products and also bring several functions and budgetary benefits in comparison to PIX firewalls. These advantages include substantially better performance, optional SSL tunneling capability, and an expandable architecture that protects your investment by allowing you to add new security services whenever you need them. Progent's CCIE-certified network engineers can assist you to assess the business value of for migrating from PIX to ASA 5500 firewalls, create a migration plan that allows for a quick and seamless upgrade, help you to configure new ASA 5500 firewalls, and provide remote training, consulting, and troubleshooting services.

Additional Ways Progent Can Assist Your Business with Cisco ASA and PIX Firewalls
Cisco Cisco ASA Series firewalls and PIX family security appliances provide a wealth of configuration, tracking, and troubleshooting features that give you the flexibility to deploy these security appliances to match your company's requirements. Progent's CCIE certified network experts can show you how to and support a cost-effective network infrastructure that incorporates Cisco ASA and/or PIX firewall technology and that offers advanced protection, fault tolerance, performance, and recoverability. Progent's GISA and CISSP-ISSP-qualified IS security engineers can assist your business to develop a security strategy that makes sense for your business and can set up your firewall to support your security policies. Progent's risk evaluation experts can evaluate the effectiveness of your current firewall deployment and audit the security of your entire IT network. Progent’s Technical Response Center (TRC) can deliver urgent remote technical support for Cisco products and offer fast access to a Cisco expert.

To find out more details about Progent's consulting support for Cisco solutions, select a subject:

To learn additional information about Progent's consulting assistance for Cisco products, select a subject:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

In order to ask Progent about consulting support for Cisco networking, call 1-800-993-9400 or go to Contact Progent.

© 2002- 2018 Progent Corporation. All rights reserved.