Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances provide integrated firewall, IPsec VPN, and intrusion prevention system (IPS) capabilities in compact single-box packages, delivering a broad array of features to meet the security needs of companies from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewalls enable network security staffs to protect their network perimeter and offer secure offsite and mobile access while using powerful management mechanisms built on Cisco's world-class firewall products.

Cisco’s ASA 5500 and PIX 500 firewalls have reached end-of-life (EOL) but are still commonly deployed in smaller businesses as well as in a few enterprise data centers. The ASA 5500-X Series Next-Generation Firewalls deliver substantially more bang for the buck and have supplanted Cisco's ASA 5500 and PIX 500 families of firewalls for new installations. However, Cisco's older model firewalls, if properly managed, continue to deliver a high degree of protection by providing multiple security functions such as stateful firewall, VPN tunneling, and IPS.

Since Cisco's purchase of Sourcefire, the entire family of ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort product, which is the market's most popular network intrusion protection system (IPS). Firepower services bring powerful new capabilities such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.

Progent's Cisco-certified infrastructure engineers can assist you to support and troubleshoot legacy ASA 5500 Series and PIX 500 firewalls and can also assist you to plan and implement an efficient upgrade to Cisco’s ASA 5500-X firewalls with Firepower Services. Progent can also help you to plan, integrate, tune, administer and debug new firewall solutions based on Cisco's latest ASA 5500-X models with Firepower.

Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X security appliances features an enhanced substitute for each rack-mountable unit in the older ASA 5500 line of devices. Each ASA 5500-X model targets the identical environment as the corresponding earlier models, which offers most ample choice for picking a firewall that aligns with their security needs and budgets. All ASA 5500-X products are based on Cisco's proven stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore processors and support Cisco's powerful protection services. All devices in Cisco's ASA 5500-X family deliver consistent security across any mix of physical, virtual, and cloud deployments.

Cisco ASA 5500-X Firepower Consultants

For more information about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's support for ASA security appliances, visit Cisco Firepower configuration and debugging consulting

Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls accept either software or physical modules that support Cisco's Firepower Services, which offer layered defense against sophisticated threats. Cisco's Firepower Services are powered by technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA 5500-X firewalls include:

  • Multi-layer protection against familiar and zero-day threats
  • Advanced Malware Protection (AMP) that utilizes big data to find and mitigate security breaches
  • A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at users, infrastructure, apps, and content to detect threats that use simultaneous vectors
  • Fine-grained Application Visibility and Control that is aware of thousands of applications and can automatically launch both standard and custom IPS policies based on the severity of risk
Cisco Firepower Integration Expertise

Firepower Services for ASA firewalls offer advanced multi-layered security

Smaller deployments of Cisco ASA firewalls can be effectively managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility which is provided with all ASA 5500-X versions. ASDM includes a convenient web dashboard for configuring, managing, and troubleshooting ASA 5500-X devices and service modules.

For multi-device and multi-site environments, ASA 5500-X firewalls with Firepower can be administered using Cisco's Firepower Management Center, implemented as one or several physical units or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been delivered under several names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.

Firepower Management Center offers features unavailable with Cisco's on-box ASDM tool. Extra capabilities include greater context awareness, Advanced Malware Protection with remediation for user devices, a dashboard that provides real-time network infrastructure visualization, automated policy optimization based on risk assessment of attacks, advanced IPS, custom application detectors for Application Visibility and Control, customized health notifications, enhanced reporting features, and APIs for host input and database access. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be handled using either the on-box ASDM or the ASA 5500-X CLI.

Cisco ASA 5500 Adaptive Security Appliances
Cisco ASA Firewalls leverage engineering developed for the PIX 500 Series firewall, the IPS 4200 Intrusion Prevention System, and the Cisco VPN 3000 Series concentrator. These solutions converge on the Cisco Adaptive Security Appliances 5500 Series Firewall family to offer a platform that defends against the broadest variety of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide program protection, network containment, and safe VPN functionality throughout the entire product portfolio. This broad scope of protection enables defense of any network section, which includes the most typical threat conduits such as remote locations, locally-attached inside users, and remote access VPNs.

Cisco ASA 5500 Series Consulting Services and Technical Support
The expandable architecture of the ASA 5500 Series enables you to add security services by installing security service modules and security service cards. These user-installable enhancements give you the ability to add IPS and content protection services such as filtering virus, spyware, and phishing assaults and executing data and web screening. Beside allowing you to react rapidly to new risk environments, the extensible architecture of the ASA 5500 Series also protects your capital investment by increasing the life of your security appliances. The ASA 5500 Series also leverages your investment in IT team training by utilizing the familiar set of PIX management utilities and protocols including the Cisco Adaptive Security Device Manager system, protected command-line interface (CLI) availability, verbose syslog, and SNMP.

Cisco ASA 5500 Series firewalls deliver a high-level of application protection through smart, application-aware inspection engines that analyze traffic at Layers 4-7. This results in a safer environment covering Web, voice, and 3G-mobile wireless services. To defend networks against application-layer assaults and to provide better policing of the applications and protocols used in their environments, Cisco's inspection engines integrate broad application and protocol knowledge and rely on security enforcement technologies that include protocol anomaly sensing and application and protocol state tracking. Also included are assault sensing and mitigation technology including application and protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide control over IM and peer-to-peer file sharing, allowing organizations to police usage policies and free up bandwidth for vital business processes.

For additional information about Progent's consulting services for ASA 5500 security appliances, see ASA 5500 series firewalls integration and troubleshooting consulting.

PIX Security Appliance Series
Based around a hardened, purpose-built operating system that offers rich protection services, PIX firewalls offer a high level of security and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security certification. Cisco PIX firewall appliances provide protection for a wide range of VoIP and additional mixed-media conventions such as H.323 v. 4, SIP, SCCP, Real-Time Streaming Protocol, and MGCP, enabling organizations to safeguard deployments of a broad range of contemporary and next-generation VoIP and multimedia applications.

Cisco PIX Firewalls Support
PIX firewall appliances feature a wealth of configuration, tracking, and troubleshooting features, giving businesses the flexibility to utilize the methods that best match their needs. Management solutions include common, policy-based administration utilities, integrated web-accessible management, and support for remote-tracking protocols such as SNMP and syslog. The integrated ASDM interface offers a powerful Web-based control solution that greatly simplifies the installation, ongoing modification, and monitoring of a specific PIX firewall without the need of any additional software beyond a standard browser and Java plug-in to be installed on a manager's PC.

Administrators can also remotely configure, track, and analyze Cisco PIX firewall appliances via a command-line interface. Safe command-line interface (CLI) communication is available using a number of techniques such as Secure Shell (SSHv2) Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewalls also have dependable auto-update capabilities, a set of revolutionary secure remote-management options that ensure firewall settings and software images are always current.

For more information about Progent's support services for PIX 500 firewalls, visit Cisco PIX firewalls configuration and troubleshooting consulting.

Progent's PIX to ASA Migration Support Services
Because Cisco has discontinued selling the PIX 500 product line, many businesses are uncomfortable with depending on a critical infrastructure component that may stop being supported. Cisco ASA 5500 firewalls offer the benefit of being current products and also bring a number of functions and financial advantages in comparison to PIX 500 firewalls. These advantages include significantly higher performance, optional SSL VPN capability, and an expandable architecture that guards your investment by enabling you to add new security services when and if you need them. Progent's CCIE-certified experts can assist you to determine the strategic case for migrating from PIX to Cisco ASA 5500 security appliances, create a migration plan that permits a fast and seamless changeover, help you to configure new ASA 5500 appliances, and offer remote training, consulting, and technical support services.

Additional Ways Progent Can Assist Your Business with Cisco ASA and PIX Firewalls
Cisco's ASA Series adaptive security appliances and PIX family firewalls provide a wealth of configuration, monitoring, and analysis features which give you the flexibility to set up these security appliances to align optimally with your company's needs. Progent's CCIE certified network experts can show you how to install an efficient network infrastructure that includes Cisco ASA or PIX firewalls and that offers advanced protection, fault tolerance, performance, and recoverability. Progent's CISA and CISM-certified information security professionals can assist you to develop a security policy that makes sense for your business and can configure your security appliance to support your security strategy. Progent's risk evaluation experts can evaluate the strength of your current firewall deployment and validate the security of your whole information system environment. Progent’s Help Desk support team can deliver urgent online troubleshooting for Cisco products and can give you quick access to a Cisco expert.

To see additional details about Progent's professional help for Cisco solutions, select a subject:

For more details about Progent's engineering expertise for Cisco products, pick a subject:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To get in touch with Progent about professional help for Cisco products, call 1-800-993-9400 or visit Contact Progent.

© 2002- 2019 Progent Corporation. All rights reserved.