Cisco’s ASA 5500-X Series, ASA 5500, and PIX firewall appliances provide combined firewall, VPN, and intrusion prevention system (IPS) capabilities in single-box packages, delivering a wide range of features to meet the security and compliance needs of companies from small businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewall appliances allow network security teams to protect their network edge and offer secure remote connectivity while using powerful administration mechanisms built on Cisco's industry-leading firewall technology.

Cisco’s ASA 5500 Series and PIX firewall appliances have reached end-of-life (EOL) but are still commonly deployed in small and mid-size businesses and in a few enterprise data centers. The ASA 5500-X Series Next-Generation Firewalls represent substantially more value and have supplanted Cisco's ASA 5500 and PIX 500 lines of firewalls for new deployments. Still, Cisco's legacy firewalls, if carefully maintained, continue to offer a high level of protection by providing multiple services including firewall, VPN tunneling, and IPS.

Since Cisco's purchase of Sourcefire, the entire line of ASA 5500-X firewalls can be provisioned to enable Firepower Services, built on Sourcefire's Snort technology, which is the market's most deployed network intrusion protection system (IPS). Firepower services provide powerful new features including advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.

Progent's Cisco CCIE-certified infrastructure consultants can help you to support and debug older ASA 5500 Series and PIX firewall appliances and can also help you to design and carry out a smooth upgrade to Cisco’s ASA 5500-X firewalls with Firepower Services. Progent can also assist you to design, deploy, tune, administer and troubleshoot new firewall solutions built on Cisco's current ASA 5500-X models with Firepower Services.

Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X security appliances features an enhanced replacement for every rack-mountable model in the older ASA 5500 series of devices. Each ASA 5500-X firewall is suited for the identical environment as the associated previous models, which gives small and midsize businesses ample choice for picking a firewall that meets their security needs and budgets. All ASA 5500-X products are based on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and support Cisco's advanced security services. All models in Cisco's ASA 5500-X family deliver consistent protection across any mix of physical, virtual, and cloud environments.

>Cisco ASA 5500-X Firepower Consultants

For more information about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's support for ASA 5500-X firewalls, see Firepower configuration and debugging consulting

Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls accept software or physical modules that enable Firepower Services, which provide layered defense against advanced threats. Firepower Services are powered by technology adopted by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA security appliances include:

  • Layered defense against both familiar and new threats
  • Cisco's Advanced Malware Protection (AMP) that utilizes big data to discover and remediate intrusions
  • Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at clients, infrastructure, software applications, and content to discover threats that incorporate simultaneous vectors
  • Fine-grained Application Visibility and Control (AVC that is aware of thousands of applications and can automatically launch standard and customized IPS policies based on the severity of threats
>Cisco Firepower Configuration Expertise

Firepower Services for ASA firewalls provide advanced multi-layered threat protection

Simpler implementations of Cisco ASA firewalls can be efficiently managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all ASA 5500-X models. ASDM includes an easy-to-use web console for deploying, administering, and troubleshooting ASA 5500-X appliances and modules.

For more complex deployments, ASA 5500-X firewalls with Firepower Services can be administered using Cisco's Firepower Management Center, available as one or several physical units or virtual devices. Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of ongoing rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under various names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.

Cisco's Firepower Management Center provides features beyond those available with Cisco's on-device Adaptive Security Device Manager utility. Additional features include greater context awareness, Advanced Malware Protection (AMP) with mitigation for client devices, a dashboard that offers real-time network visualization, automated policy optimization driven by risk evaluation of threats, comprehensive IPS, custom application discovery for Application Visibility and Control, customized health notifications, enhanced reporting features, and APIs for host input and databases. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's ASA 5500-X on-device ASDM or the ASA command line interface.

Cisco ASA 5500 Family of Adaptive Security Appliances
Cisco ASA Firewalls leverage technology developed for Cisco's PIX 500 family Security Appliance, the IPS 4200 sensor, and the VPN 3000 model concentrator. These solutions enable the Cisco Adaptive Security Appliances 5500 Series Firewall product line to deliver a platform that defends against the widest variety of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver application protection, network containment, and safe VPN functionality across Cisco's product line. This breadth of protection enables defense of any network section, which includes the most common threat vectors such as remote locations, LAN-connected inside users, and remote connected Virtual Private Networks.

>Cisco ASA 5500 Consulting and Technical Support
The scalable design of the ASA 5500 Series enables you to add security services via service modules and security service cards (SSCs). These user-installable options provide the ability to add Intrusion Protection and content protection services like blocking virus, spyware, and phishing attacks and executing data and web filtering. Beside allowing your IT staff to react rapidly to the latest threat environments, the expandable architecture of the Cisco ASA 5500 family also leverages your capital investment by prolonging the useful life of your security appliances. The Cisco ASA 5500 Series also protects your investment in administrative staff education by supporting the familiar library of PIX 500 management utilities and protocols such as the Cisco Adaptive Security Device Manager (ASDM) platform, protected command-line interface access, syslog, and Simple Network Management Protocol (SNMP).

Cisco Adaptive Security Appliances (ASA) firewalls deliver a high-level of application security via smart, application-aware inspection processes that analyze network flows at Layers 4-7. This produces a better protected network covering Web, voice, and 3G-mobile wireless connectivity. To defend against application-layer attacks and to offer stronger policing of the programs and protocols used in their environments, Cisco's inspection engines integrate extensive application and protocol knowledge and employ protection enforcement solutions such as protocol anomaly sensing and state tracking. Also incorporated are assault sensing and mitigation technology including application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide management of IM and tunneling applications, allowing businesses to police usage policies and recover bandwidth for important business processes.

For more details about Progent's support services for ASA 5500 firewalls, visit Cisco ASA 5500 series firewalls configuration and troubleshooting consulting.

PIX Firewalls
Based around a tested, specialized OS that offers rich security features, Cisco PIX security appliances provide excellent security and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec qualification. Cisco PIX security appliances offer security for a broad range of Voice over IP and other multimedia standards such as H.323 v. 4, Session Initiation Protocol, SCCP, RTSP, and MGCP, enabling businesses to protect deployments of a wide range of current and next-generation IP voice and mixed-media applications.

PIX Security Help
PIX firewalls offer a wealth of setup, tracking, and troubleshooting features, giving IT managers the flexibility to utilize the methods that best meet their needs. Management options include common, policy-based management tools, integrated web-accessible administration, and support for remote-monitoring standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager system provides a world-class Web-accessible control platform that greatly streamlines the deployment, ongoing configuration, and tracking of a single Cisco PIX firewall appliance without requiring any extra software beyond an ordinary Web browser and Java applet to be running on a manager's computer.

IT managers can furthermore remotely set up, monitor, and analyze PIX security appliances via a CLI interface. Secure CLI interface access is available through a number of techniques including Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band via a console port. PIX firewall appliances also have dependable automatic-update capabilities, a collection of revolutionary protected remote-administration options that ensure firewall settings and software images are kept current.

For additional information about Progent's support services for Cisco PIX 500 firewalls, see PIX 500 firewalls configuration and debugging consulting.

Progent's PIX to ASA Migration Support Services
Because Cisco has ceased offering the PIX 500 family of firewalls, many businesses are uncomfortable with depending on a key infrastructure mechanism that may no longer be supported. ASA 5500 firewalls offer the advantage of being current devices and also offer a number of functions and economic benefits in comparison to PIX firewalls. These benefits include substantially better performance, optional Secure Sockets Layer VPN capability, and an expandable design that guards your investment by allowing you to self-install more security features whenever you require them. Progent's Cisco network engineers can help your company to determine the strategic case for upgrading from PIX to Cisco ASA 5500 firewalls, design a migration process that permits a fast and seamless upgrade, help you to install new ASA 5500 Series firewalls, and offer remote training, consulting, and troubleshooting services.

Other Ways Progent Can Assist Your Business with Cisco ASA and PIX Firewalls
Cisco's ASA Series adaptive security appliances and PIX family security appliances incorporate a wealth of setup, monitoring, and analysis features that offer you the ability to deploy these security appliances to match your business needs. Progent's CCIE authorized network consultants can show you how to install a cost-effective infrastructure that incorporates Cisco ASA or PIX firewall technology and that provides world-class security, fault tolerance, performance, and manageability. Progent's GISA and CISSP-ISSP-certified IS security engineers can help your business to develop a security policy that makes sense for your business and can set up your PIX or ASA firewall to support your security policies. Progent's security evaluation professionals can assess the strength of your current firewall solution and help determine the overall security of your entire IT network. Progent’s Help Desk Call Center can provide urgent online technical support for Cisco technology and can give you fast access to a Cisco CCIE network engineer.

To find out more details concerning Progent's engineering support for Cisco products, select a topic:

To learn additional information about Progent's professional help for Cisco networking products, pick a subject:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

If you wish to get in touch with Progent about engineering assistance for Cisco networking, phone 1-800-993-9400 or go to Contact Progent.

© 2002- 2017 Progent Corporation. All rights reserved.