Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewalls provide combined firewall, IPsec VPN, and IPS capabilities in compact single-box devices, delivering a broad range of features to meet the security and compliance needs of organizations from small businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X, ASA 5500, and PIX firewall appliances enable IT security teams to defend their network perimeter and offer secure remote access while utilizing advanced management mechanisms built on Cisco's industry-leading firewall products.

Cisco’s ASA 5500 Series and PIX firewall appliances have reached end-of-life but remain commonly deployed in small and mid-size businesses as well as in a few enterprise data centers. Cisco’s ASA 5500-X Series Next-Generation Firewalls deliver significantly more value and have superseded the ASA 5500 and PIX 500 lines of firewalls for new installations. However, Cisco's legacy firewall appliances, if properly maintained, can offer a high level of security by providing a variety of security functions including stateful firewall, IPsec VPN, and IPS.

Following Cisco's purchase of Sourcefire, the entire family of Cisco ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort technology, which is the market's most deployed network intrusion protection system (IPS). Firepower services provide enhanced features including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.

Progent's Cisco CCIE-certified network engineers can assist your organization to maintain and debug older ASA 5500 Series and PIX firewalls and can also help you to design and implement a smooth upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also assist you to design, deploy, optimize, administer and debug new firewall ecosystems based on Cisco's latest ASA 5500-X models with Firepower.

Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive family of ASA 5500-X firewalls includes an improved substitute for each rack-mountable model in the previous ASA 5500 line of firewalls. Each ASA 5500-X model targets the same market as the corresponding earlier models, which gives small and midsize businesses plenty of room for picking a firewall that meets their security needs and budgets. All ASA 5500-X firewalls are based on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and support Cisco's advanced protection services. All models in Cisco's ASA 5500-X family provide dependable security across any combination of physical, virtual, and cloud deployments.

Cisco ASA 5500-X Firepower Consultants

For additional information about ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for ASA 5500-X firewalls, go to Cisco Firepower integration and troubleshooting consulting

Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls accept software or physical modules that support Cisco's Firepower Services, which offer layered defense against multi-vector attacks. Firepower Services are powered by technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA security appliances include:

  • Multi-layer protection against familiar and zero-day attacks
  • Cisco's Advanced Malware Protection (AMP) that uses big data techniques to find and mitigate intrusions
  • A Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers clients, network infrastructure, apps, and content to discover threats that incorporate simultaneous vectors
  • High-resolution Application Visibility and Control (AVC that is aware of thousands of applications and can automatically activate standard and custom IPS policies based on the degree of threats
Cisco Firepower Integration Expertise

Firepower Services for Cisco ASA 5500-X firewalls offer advanced multi-layered protection

Smaller deployments of Cisco ASA firewalls can be effectively administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all ASA 5500-X models. ASDM includes a simple web dashboard for configuring, managing, and debugging ASA 5500-X firewalls and service modules.

For more complex deployments, ASA 5500-X appliances with Firepower Services can be managed using Firepower Management Center, available as one or more physical units or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names that include Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.

Firepower Management Center provides capabilities beyond those available with Cisco's on-box ASDM tool. Extra features include greater context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for user devices, a console that offers real-time infrastructure visualization, automated policy tuning based on risk evaluation of threats, advanced IPS, custom application discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting options, and application interfaces for host input and databases. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be managed using Cisco's ASA 5500-X on-device ASDM or the ASA CLI.

Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls build on engineering behind the PIX 500 Series firewall, the Cisco IPS 4200 family sensor, and the VPN 3000 Series concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to deliver a platform that stops the widest variety of attacks. Cisco ASA Firewalls deliver application protection, network containment, and safe VPN functionality throughout Cisco's product line. This broad scope of protection allows defense of any network section, including the most typical threat conduits like remote sites, locally-attached internal users, and remote connected Virtual Private Networks.

ASA 5500 Series Consulting and Troubleshooting
The scalable architecture of the ASA 5500 family permits you to add more security services via service modules and security service cards (SSCs). These user-installable options provide the ability to add IPS and content protection functions like filtering virus, spyware, and phishing attacks and performing data and URL filtering. Beside enabling you to react quickly to new risk environments, the extensible design of the Cisco ASA 5500 family also leverages your capital investment by increasing the life of your firewalls. The Cisco ASA 5500 family also leverages your investment in administrative staff education by supporting the familiar set of PIX security management utilities and protocols including the Cisco Adaptive Security Device Manager system, secure command-line interface (CLI) availability, syslog, and Simple Network Management Protocol (SNMP).

Cisco ASA 5500 Series firewalls provide robust application protection via smart, application-aware inspection engines that analyze traffic at Layers 4-7. This produces a better protected network covering Web, voice, and mobile wireless services. To protect networks against application-layer attacks and to provide stronger control over the applications and protocols used in their environments, these inspection engines incorporate extensive application and protocol knowledge and employ protection enforcement technologies such as anomaly detection and state monitoring. Also incorporated are assault detection and remediation techniques including application and protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver control over IM and tunneling applications, allowing organizations to police usage policies and recover bandwidth for crucial business applications.

For more details about Progent's support services for Cisco's ASA 5500 firewalls, see Cisco ASA 5500 firewalls integration and troubleshooting consulting.

Cisco PIX Firewalls
Built around a tested, specialized software platform that offers rich protection services, Cisco PIX firewall appliances provide a high level of protection and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IPsec certification. Cisco PIX firewall appliances offer protection for a wide array of VoIP and additional mixed-media conventions such as H.323 v. 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), enabling organizations to protect installations of a wide array of contemporary and next-generation IP voice and multimedia applications.

Cisco PIX Security Consultants
Cisco PIX security appliances feature a wealth of setup, monitoring, and analysis options, giving IT managers the versatility to utilize the methods that most closely match their requirements. Administrative options include centralized, policy-based management tools, integrated web-accessible management, and compatibility with remote-tracking standards like Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface offers a powerful Web-based control solution that significantly simplifies the deployment, ongoing modification, and monitoring of a single PIX firewall appliance without requiring any extra software beyond an ordinary browser and Java plug-in to be running on a manager's computer.

IT managers can also remotely configure, monitor, and troubleshoot Cisco PIX firewalls via a command-line interface (CLI). Safe CLI interface access is possible through a number of methods including SSHv2 Protocol, Telnet through IP Security, and out-of-band via a console port. PIX security appliances also have robust auto-update capabilities, a collection of advanced protected remote-administration options that ensure security settings and software images are always current.

For more information about Progent's consulting services for PIX 500 firewalls, visit PIX firewalls configuration and debugging support.

Progent's PIX to ASA Migration Support Services
Since Cisco has stopped offering the PIX product line, many businesses are concerned about depending on a critical security mechanism that might no longer be supported by Cisco. Cisco ASA 5500 firewalls offer the benefit of being new devices and also offer a number of technical and economic advantages in comparison to PIX devices. These benefits include substantially higher performance, optional SSL VPN support, and an expandable design that protects your investment by allowing you to add new security services when and if you require them. Progent's Cisco certified network engineers can assist you to determine the strategic case for moving from PIX 500 to ASA 5500 security appliances, design a migration process that allows for a fast and seamless upgrade, help your IT staff to install new ASA 5500 firewalls, and offer remote training, consulting, and technical support services.

Additional Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco's ASA 5500 Series firewalls and PIX firewalls provide a wealth of configuration, tracking, and analysis options that give you the ability to deploy these security appliances to align optimally with your company's needs. Progent's CCIE certified network consultants can help you to install a cost-effective infrastructure that incorporates Cisco ASA or PIX firewall technology and that provides advanced protection, resilience, performance, and manageability. Progent's CISA and CISSP-ISSP-qualified IS security professionals can assist your business to develop a security policy appropriate for your environment and can set up your security appliance to support your security strategy. Progent's security assessment engineers can assess the effectiveness of your current firewall solution and help determine the security of your whole IT environment. Progent’s Help Desk support team can deliver emergency online troubleshooting for Cisco technology and offer quick access to a Cisco network engineer.

To find out more details about Progent's consulting expertise for Cisco technology, select a subject:

To see more details about Progent's consulting help for Cisco technology, choose a subject:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

In order to ask Progent about engineering assistance for Cisco networking, call 1-800-993-9400 or see Contact Progent.

© 2002- 2019 Progent Corporation. All rights reserved.