Cisco’s ASA 5500-X Series, ASA 5500, and PIX firewalls offer integrated firewall, IPsec VPN, and intrusion prevention system capabilities in compact single-box packages, delivering a broad array of features to match the security and compliance needs of organizations ranging from small and mid-size businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances allow IT security teams to protect their network perimeter and offer secure offsite and mobile connectivity while utilizing powerful administration tools built on Cisco's industry-leading firewall products.

Cisco’s ASA 5500 Series and PIX firewall appliances have arrived at end-of-life (EOL) status but are still widely used in smaller organizations and in some larger networks. The ASA 5500-X Series Next-Generation Firewalls represent substantially more bang for the buck and have supplanted the ASA 5500 and PIX lines of firewalls for new deployments. However, Cisco's older model firewalls, if carefully managed, continue to offer a high level of protection by providing a variety of features including firewall, IPsec VPN, and IPS.

After Cisco's acquisition of Sourcefire, the entire line of Cisco ASA 5500-X firewalls can be provisioned to enable Firepower Services, based on Sourcefire's Snort product, which is the market's most deployed network intrusion protection system (IPS). Firepower services provide enhanced capabilities including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.

Progent's Cisco CCIE-certified infrastructure engineers can assist you to maintain and troubleshoot legacy ASA 5500 and PIX 500 firewall appliances and can also help you to design and implement a smooth upgrade to Cisco’s ASA 5500-X firewalls with Firepower Services. Progent can also help you to plan, integrate, tune, manage and troubleshoot new firewall ecosystems based on Cisco's latest ASA 5500-X firewalls with Firepower.

Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive family of ASA 5500-X security appliances includes an enhanced replacement for each rack-mountable model in the previous ASA 5500 line of firewalls. Each ASA 5500-X model targets the identical environment as the corresponding earlier models, which gives small and midsize businesses ample room for selecting a solution that meets their security requirements and IT budgets. All ASA 5500-X products build on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and support Cisco's advanced security services. All devices in Cisco's ASA 5500-X family provide consistent protection across any combination of physical, virtual, and cloud deployments.

>Cisco ASA 5500-X Firepower Consultants

For additional information about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's support for Cisco ASA 5500-X firewalls, visit Firepower integration and debugging consulting

Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with either software or hardware modules that support Firepower Services, which provide layered defense against advanced attacks. Cisco's Firepower Services are powered by technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA security appliances include:

  • Multi-layer defense against familiar and zero-day attacks
  • Cisco's Advanced Malware Protection that uses big data to find and remediate security breaches
  • A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that covers users, infrastructure, software applications, and content to detect attacks that incorporate simultaneous approaches
  • High-resolution Application Visibility and Control that is aware of thousands of apps and can automatically launch standard and custom IPS policies based on the severity of risk
>Cisco Firepower Configuration Consultants

Firepower Services for Cisco ASA 5500-X firewalls offer multi-layered protection

Smaller implementations of Cisco ASA 5500-X firewalls can be effectively administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool provided with all ASA 5500-X models. ASDM includes a simple web console for deploying, managing, and debugging ASA 5500-X firewalls and service modules.

For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower can be managed using Firepower Management Center, implemented as one or several physical units or virtual appliances. Firepower Management Center offers centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names that include Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.

Cisco's Firepower Management Center provides capabilities beyond those available with Cisco's on-box ASDM tool. Extra features include greater context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for user devices, a console that offers real-time network visualization, automated policy optimization based on impact assessment of threats, comprehensive IPS, custom app discovery for Application Visibility and Control (AVC), customized health notifications, improved reporting options, and application interfaces for host input and database access. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be handled using Cisco's ASA 5500-X on-box ASDM or the ASA CLI.

Cisco ASA 5500 Family of Adaptive Security Appliances
Cisco Adaptive Security Appliances Firewalls build on engineering behind the Cisco PIX 500 Series firewall, Cisco's IPS 4200 Series Intrusion Prevention System, and Cisco's VPN 3000 family concentrator. These technologies enable the Cisco Adaptive Security Appliances 5500 Series Firewall family to deliver a firewall that stops the widest variety of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver program protection, local containment and control, and clean VPN connectivity throughout Cisco's product line. This broad scope of protection allows the guarding of any network section, which includes the most common attack conduits like remote locations, LAN-connected internal users, and remote access VPNs.

>ASA 5500 Consulting Services and Troubleshooting
The scalable architecture of the ASA 5500 family allows you to add more features by installing security service modules (SSMs) and cards. These easy-to-install enhancements provide the ability to add Intrusion Protection and content protection services such as filtering virus, spyware, and phishing assaults and performing file and web screening. In addition to allowing your IT staff to respond quickly to the latest threat environments, the extensible design of the Cisco ASA 5500 Series also protects your hardware investment by prolonging the useful life of your firewalls. The Cisco ASA 5500 Series also protects your investment in administrative staff training by utilizing the familiar library of PIX security management utilities and protocols including the Cisco ASDM platform, secure command-line interface availability, verbose syslog, and Simple Network Management Protocol.

Cisco Adaptive Security Appliances firewalls deliver a high-level of application protection through smart, application-aware inspection engines that analyze network flows at Layers 4-7. The result is a safer network covering Web, voice, and 3G-mobile wireless connectivity. To protect networks against application-layer assaults and to offer stronger control over the applications and protocols utilized in their networks, Cisco's inspection engines integrate extensive application and protocol knowledge and employ security enforcement technologies such as anomaly sensing and application and protocol state monitoring. Also included are assault sensing and mitigation techniques including application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide management of instant messaging and tunneling applications, allowing organizations to police usage policies and preserve bandwidth for important business processes.

For more information about Progent's consulting services for Cisco's ASA 5500 firewalls, go to Cisco ASA 5500 series firewalls configuration and troubleshooting consulting.

PIX Firewall Appliances
Based upon a hardened, specialized software platform that delivers a wealth of security services, Cisco PIX firewalls offer excellent protection and have received EAL 4 status and ICSA Labs Firewall and IPsec certification. PIX firewall appliances provide protection for a wide array of Voice over IP and additional mixed-media standards including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol (MGCP), enabling businesses to safeguard installations of a wide array of contemporary and upcoming Voice over IP and mixed-media applications.

Cisco PIX Security Consulting
Cisco PIX firewall appliances feature a wealth of configuration, monitoring, and troubleshooting features, giving businesses the versatility to use the techniques that most closely match their needs. Management solutions include centralized, policy-based management utilities, integrated web-based management, and support for remote-tracking protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager system provides a world-class Web-accessible control platform that greatly simplifies the installation, in-place configuration, and monitoring of a specific PIX firewall without requiring any extra software beyond a standard Web browser and Java plug-in to be running on a manager's computer.

Administrators can furthermore remotely set up, monitor, and analyze PIX firewall appliances using a CLI interface. Secure command-line interface communication is possible using several methods such as Secure Shell (SSHv2) Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. Cisco PIX firewall appliances also include dependable automatic-update features, a set of advanced protected remote-management options that make sure that security configurations and software images are kept current.

For additional information about Progent's consulting services for Cisco PIX firewalls, go to PIX 500 firewalls configuration and debugging support.

Progent's PIX to ASA Migration Consulting
Since Cisco has ceased offering the PIX family of firewalls, many companies are concerned about depending on a critical infrastructure component that might stop being supported. Cisco ASA 5500 firewalls offer the benefit of being current devices and also offer a number of functions and financial benefits in comparison to PIX 500 devices. These advantages include substantially better throughput, optional SSL VPN capability, and a modular architecture that guards your investment by allowing you to self-install more security services when and if you need them. Progent's Cisco network engineers can help you to assess the business value of for upgrading from PIX to Cisco ASA 5500 firewalls, create a migration plan that permits a fast and non-disruptive upgrade, help your IT staff to deploy new ASA 5500 Series appliances, and provide online, consulting, and technical support services.

Additional Ways Progent Can Help Your Business with Cisco Firewalls
Cisco Cisco ASA Series firewalls and PIX security appliances provide a wealth of configuration, monitoring, and analysis features that give you the ability to set up these firewalls to match your company's needs. Progent's CCIE authorized network consultants can help you to design a cost-effective infrastructure that incorporates Cisco ASA or PIX firewalls and that offers advanced protection, resilience, throughput, and recoverability. Progent's CISA and CISM-certified IS security consultants can assist your business to create a security strategy that makes sense for your business and can configure your PIX or ASA firewall to enforce your security policies. Progent's security assessment consultants can evaluate the strength of your existing firewall solution and audit the security of your whole IS environment. Progent’s Help Desk support team can deliver urgent online troubleshooting for Cisco technology and can give you fast access to a Cisco CCIE network engineer.

To find out more details about Progent's engineering support for Cisco networking products, pick a topic:

To find out more information concerning Progent's professional expertise for Cisco technology, choose a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

In order to ask Progent about technical assistance for Cisco technology, call 1-800-993-9400 or see Contact Progent.

© 2002- 2017 Progent Corporation. All rights reserved.