Cisco’s ASA 5500-X Series, ASA 5500, and PIX firewall appliances provide integrated firewall, IPsec VPN, and IPS services in compact single-box packages, delivering a broad range of features to meet the security and compliance needs of companies ranging from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewalls enable network security staffs to defend their network perimeter and offer safe offsite and mobile access while utilizing advanced management tools built on Cisco's world-class firewall technology.

Cisco’s ASA 5500 and PIX firewalls have reached end-of-life (EOL) but remain commonly used in smaller businesses as well as in some enterprise networks. Cisco’s ASA 5500-X Series Next-Generation Firewalls represent substantially more value and have superseded Cisco's ASA 5500 and PIX 500 families of firewalls for new deployments. However, Cisco's legacy firewalls, if carefully managed, can offer a high degree of security by providing a variety of security functions including stateful firewall, VPN tunneling, and IPS.

Since Cisco's acquisition of Sourcefire, the whole family of ASA 5500-X firewalls can be configured to support Firepower Services, built on Sourcefire's Snort product, which is the market's most deployed network intrusion protection system (IPS). Firepower services provide enhanced features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.

Progent's Cisco-qualified infrastructure consultants can assist you to support and debug legacy ASA 5500 Series and PIX 500 firewall appliances and can also help you to design and carry out an efficient upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also help you to design, configure, tune, manage and troubleshoot new firewall ecosystems built on Cisco's latest ASA 5500-X models with Firepower.

Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X security appliances features an improved replacement for every rack-mountable unit in the previous ASA 5500 line of firewalls. Each ASA 5500-X model is suited for the same environment as the corresponding previous models, which gives most ample room for picking a solution that aligns with their security requirements and budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore processors and support Cisco's advanced security services. All devices in Cisco's ASA 5500-X family deliver consistent security across any mix of physical, virtual, and cloud deployments.

>Cisco ASA 5500-X Firepower Consultants

For additional details about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA 5500-X security appliances, visit Cisco Firepower configuration and debugging consulting

Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls work with software or hardware modules that support Firepower Services, which provide layered protection against sophisticated threats. Cisco's Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X firewalls include:

  • Multi-layer protection against both familiar and new threats
  • Cisco's Advanced Malware Protection (AMP) that uses big data techniques to discover and remediate intrusions
  • A Next-Generation Intrusion Prevention System that performs contextual analysis that covers users, infrastructure, software applications, and content to detect attacks that use simultaneous vectors
  • Fine-grained Application Visibility and Control (AVC that is aware of thousands of applications and can automatically activate both standard and custom IPS policies based on the severity of risk
>Cisco Firepower Configuration Consultants

Firepower Services for Cisco ASA firewalls offer advanced multi-layered protection

Smaller implementations of ASA firewalls can be effectively administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all ASA 5500-X models. ASDM provides an easy-to-use web console for configuring, managing, and debugging ASA 5500-X firewalls and modules.

For more complex environments, ASA 5500-X firewalls with Firepower can be administered using Firepower Management Center, implemented as one or more physical or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names that include Cisco Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.

Cisco's Firepower Management Center provides capabilities beyond those available with Cisco's on-device Adaptive Security Device Manager tool. Extra capabilities include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for user devices, a console that provides dynamic network infrastructure visualization, automated policy optimization based on risk assessment of threats, comprehensive IPS, custom application detectors for Application Visibility and Control (AVC), customized health alerts, improved reporting options, and application interfaces for host input and databases. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be handled via the on-box ASDM or the ASA 5500-X CLI.

Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls leverage engineering behind the Cisco PIX 500 family firewall, Cisco's IPS 4200 Series sensor, and the Cisco VPN 3000 family concentrator. These technologies converge on the Cisco Adaptive Security Appliances 5500 Series Firewall family to offer a firewall that stops the broadest range of threats. Cisco ASA 5500 Series Firewalls provide program protection, network containment and control, and safe VPN functionality across the entire product line. This breadth of protection enables defense of any network segment, including the most typical attack vectors such as remote sites, locally-connected inside users, and off-site access Virtual Private Networks.

>Cisco ASA 5500 Consulting and Troubleshooting
The expandable design of the Cisco ASA 5500 family enables you to add more security services via security service modules and cards. These user-installable enhancements provide the option of adding Intrusion Protection and content protection functions like filtering virus, spyware, and phishing attacks and executing data and web filtering. Beside enabling your IT staff to respond rapidly to new risk vectors, the expandable design of the Cisco ASA 5500 family also protects your hardware investment by increasing the life of your firewalls. The Cisco ASA 5500 Series also leverages your investment in administrative team training by supporting the familiar library of PIX 500 management tools and protocols such as the Cisco ASDM system, secure command-line interface availability, syslog, and SNMP.

Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver robust application protection via intelligent, application-sensitive inspection processes that examine network flows at Layers 4-7. This produces a safer network covering Web, voice, and 3G-mobile wireless access. To protect networks against application-layer attacks and to offer stronger policing of the applications and protocols utilized in their environments, Cisco's inspection engines integrate extensive application and protocol knowledgebases and employ security enforcement technologies such as protocol anomaly sensing and state tracking. Also incorporated are assault detection and remediation techniques including application and protocol command filters and content verification. Cisco ASA firewall inspection engines also deliver control over IM and tunneling applications, allowing organizations to enforce usage policies and recover network bandwidth for crucial business applications.

For additional information about Progent's support services for ASA 5500 security appliances, visit ASA 5500 firewalls configuration and debugging consulting.

PIX Firewalls
Based around a tested, specialized operating system that delivers rich protection services, PIX security appliances provide excellent security and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security qualification. Cisco PIX security appliances provide protection for a broad array of Voice over IP and additional mixed-media conventions such as H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol, enabling businesses to safeguard installations of a wide array of current and upcoming IP voice and multimedia applications.

PIX Firewalls Consulting
Cisco PIX firewalls feature a wealth of configuration, tracking, and analysis options, providing IT managers the versatility to utilize the techniques that best meet their requirements. Management options include common, policy-based management utilities, integrated web-accessible administration, and support for remote-monitoring protocols like SNMP and syslog. The integrated Adaptive Security Device Manager interface offers a powerful Web-based control solution that greatly streamlines the installation, ongoing modification, and tracking of a specific PIX firewall appliance without requiring any extra software beyond an ordinary browser and Java applet to be installed on an administrator's computer.

Administrators can also remotely set up, track, and analyze Cisco PIX firewalls using a CLI interface. Safe command-line interface (CLI) access is available using several techniques including SSHv2 Protocol, Telnet through IP Security, and out-of-band via a console port. Cisco PIX firewalls also include dependable automatic-update capabilities, a set of revolutionary secure remote-management services that make sure that security settings and software images are always current.

For additional information about Progent's consulting services for PIX firewalls, go to PIX firewalls integration and debugging services.

Progent's PIX to ASA Migration Support
Because Cisco has discontinued offering the PIX family of firewalls, many businesses are uncomfortable with relying on a critical infrastructure component that may no longer be supported. ASA 5500 firewalls have the advantage of being current devices and also bring a number of functions and budgetary advantages in comparison to PIX devices. These benefits include substantially higher throughput, optional Secure Sockets Layer tunneling support, and an expandable architecture that guards your investment by enabling you to self-install new security services whenever you need them. Progent's Cisco network engineers can assist your company to determine the strategic case for moving from PIX 500 to ASA 5500 security appliances, create a migration plan that permits a quick and seamless upgrade, help you to install new ASA 5500 appliances, and provide online, consulting, and technical support services.

Other Ways Progent Can Help Your Business with Cisco Firewalls
Cisco's Cisco ASA 5500 Series firewalls and PIX family firewalls provide a wealth of configuration, monitoring, and troubleshooting options that offer you the ability to set up these security appliances to match your business needs. Progent's CCIE certified network experts can help you to and support a cost-effective network infrastructure that incorporates Cisco ASA or PIX firewall technology and that provides world-class security, resilience, throughput, and recoverability. Progent's GISA and CISM-certified information security engineers can assist you to develop a security strategy that makes sense for your environment and can set up your firewall to enforce your security strategy. Progent's security assessment experts can evaluate the effectiveness of your current firewall deployment and validate the security of your whole information system network. Progent’s Technical Response Center (TRC) can deliver emergency online troubleshooting for Cisco products and can give you quick access to a Cisco CCIE network engineer.

To find out additional details about Progent's consulting support for Cisco solutions, select a topic:

To see more details about Progent's consulting help for Cisco solutions, pick a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

If you wish to ask Progent about engineering expertise for Cisco products, call 1-800-993-9400 or see Contact Progent.

© 2002- 2017 Progent Corporation. All rights reserved.