Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances provide combined firewall, VPN, and intrusion prevention system (IPS) services in compact single-box devices, delivering a broad array of features to meet the security and compliance needs of companies from small and mid-size businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances allow IT security staffs to defend their network perimeter and offer secure offsite and mobile connectivity while using powerful management mechanisms based on Cisco's world-class firewall products.
Cisco’s ASA 5500 and PIX 500 firewalls have arrived at end-of-life (EOL) status but are still commonly used in small and mid-size organizations and in a few enterprise data centers. The ASA 5500-X Next-Generation Firewalls deliver substantially more value and have superseded Cisco's ASA 5500 and PIX 500 lines of firewalls for new installations. Still, Cisco's older model firewall appliances, if carefully maintained, continue to offer a high degree of security by providing a variety of features including stateful firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's purchase of Sourcefire, the entire family of Cisco ASA 5500-X devices can be configured to enable Firepower Services, built on Sourcefire's Snort product, which is the world's most deployed network intrusion protection system (IPS). Firepower services bring powerful new capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco CCIE-qualified network engineers can help you to support and troubleshoot older ASA 5500 Series and PIX firewalls and can also help you to plan and carry out a smooth migration to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to plan, integrate, tune, manage and debug new firewall ecosystems built on Cisco's current ASA 5500-X firewalls with Firepower.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive line of ASA 5500-X security appliances includes an enhanced replacement for each rack-mountable model in the older ASA 5500 generation of firewalls. Each ASA 5500-X firewall is suited for the same market as the corresponding previous models, which gives most ample room for picking a solution that meets their security requirements and IT budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and support Cisco's powerful security services. All devices in Cisco's ASA 5500-X product line provide consistent protection across any mix of physical, virtual, and cloud deployments.
For additional information about ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA 5500-X firewalls, see Firepower configuration and troubleshooting expertise
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with software or physical modules that support Cisco's Firepower Services, which offer layered protection against multi-vector attacks. Cisco's Firepower Services are based on innovative technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA security appliances include:
- Layered protection against both familiar and zero-day threats
- Cisco's Advanced Malware Protection that uses big data to discover and remediate security breaches
- A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that covers users, infrastructure, software applications, and content to detect attacks that use multiple approaches
- Fine-grained Application Visibility and Control (AVC that is aware of thousands of apps and can automatically activate both standard and customized IPS policies based on the degree of risk
Firepower Services for ASA firewalls offer multi-layered threat protection
Simpler implementations of Cisco ASA firewalls can be effectively administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool which is provided with all ASA 5500-X models. ASDM includes a convenient web dashboard for configuring, administering, and debugging ASA 5500-X firewalls and modules.
For more complex environments, ASA 5500-X firewalls with Firepower can be administered using Firepower Management Center, available as one or more physical units or virtual devices. Firepower Management Center offers unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Due to frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under various names that include Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center provides capabilities unavailable with Cisco's on-box ASDM utility. Additional features include greater context awareness, Advanced Malware Protection (AMP) with remediation for client devices, a console that provides dynamic network infrastructure visualization, automated policy optimization driven by risk assessment of attacks, advanced IPS, custom app detectors for Application Visibility and Control (AVC), customized health notifications, improved reporting features, and application interfaces for host input and databases. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed using either the on-box ASDM or the ASA command line interface.
Cisco ASA 5500 Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) Firewalls build on technology behind the PIX 500 family firewall, the IPS 4200 Series Intrusion Prevention System, and the VPN 3000 Series concentrator. These solutions enable the Cisco Adaptive Security Appliances Firewall family to offer a platform that stops the widest variety of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls provide application protection, network containment and control, and clean VPN functionality across the entire product portfolio. This breadth of protection enables defense of any network section, including the most common threat conduits such as remote locations, locally-connected internal users, and off-site access VPNs.
The scalable design of the Cisco ASA 5500 Series permits you to add security services via service modules and security service cards (SSCs). These user-installable options provide the option of adding IPS and content protection functions such as blocking virus, worms, and phishing attacks and performing data and URL screening. Beside enabling your IT staff to respond rapidly to new risk environments, the expandable architecture of the Cisco ASA 5500 Series also leverages your capital investment by increasing the useful life of your security appliances. The ASA 5500 Series also leverages your investment in administrative staff education by supporting the familiar library of PIX 500 security management tools and protocols such as the Cisco Adaptive Security Device Manager (ASDM) system, protected command-line interface availability, verbose syslog, and SNMP.
Cisco Adaptive Security Appliances (ASA) firewalls deliver robust application security through intelligent, application-sensitive inspection processes that analyze network flows at Layers 4-7. The result is a more secure network covering Web, voice, and 3G-mobile wireless services. To protect against application-layer assaults and to provide better policing of the applications and protocols utilized in their environments, Cisco's inspection engines integrate extensive application and protocol knowledge and employ security enforcement technologies such as anomaly detection and application and protocol state monitoring. Also included are attack detection and remediation techniques including application/protocol command filtering and URL deobfuscation. Cisco ASA firewall inspection engines also deliver control over IM and peer-to-peer file sharing, enabling organizations to police usage policies and conserve bandwidth for vital business processes.
For additional details about Progent's support services for Cisco's ASA 5500 security appliances, visit Cisco ASA 5500 firewalls configuration and debugging consulting.
PIX Security Appliance Series
Built around a hardened, purpose-built OS that delivers a wealth of protection features, PIX security appliances offer a high level of protection and have been awarded EAL 4 status and ICSA Labs Firewall and IP Security (IPSec) certification. Cisco PIX firewalls offer protection for a wide array of VoIP and additional mixed-media standards including H.323 v. 4, SIP, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, enabling organizations to protect deployments of a wide range of contemporary and upcoming Voice over IP and multimedia applications.
PIX firewall appliances feature a wealth of configuration, tracking, and troubleshooting features, giving IT managers the flexibility to utilize the techniques that most closely meet their requirements. Administrative solutions include common, policy-based management tools, integrated web-based management, and compatibility with remote-monitoring standards such as SNMP and syslog. The integrated Adaptive Security Device Manager interface provides a powerful Web-based management solution that greatly streamlines the installation, in-place configuration, and tracking of a specific Cisco PIX firewall appliance without requiring any extra utility beyond a standard browser and Java plug-in to be running on an administrator's computer.
IT managers can also remotely configure, track, and troubleshoot Cisco PIX firewalls via a CLI interface. Secure command-line interface access is available using several methods such as SSHv2 Protocol, Telnet through IP Security (IPSec), and out-of-band through a console port. Cisco PIX firewalls also have dependable auto-update features, a collection of revolutionary secure remote-administration services that make sure that firewall settings and software images are always up to date.
For additional information about Progent's consulting services for Cisco PIX firewalls, see PIX firewalls integration and debugging consulting.
Progent's PIX to ASA Migration Support Services
Because Cisco has ceased selling the PIX 500 product line, many businesses are uncomfortable with relying on a key security component that may stop being supported by Cisco. ASA 5500 firewalls have the benefit of being current products and also offer a number of functions and economic advantages in comparison to PIX 500 devices. These advantages include substantially higher throughput, optional Secure Sockets Layer tunneling capability, and a modular design that protects your investment by allowing you to self-install new security features whenever you require them. Progent's CCIE-certified network engineers can assist your company to assess the business case for upgrading from PIX 500 to Cisco ASA 5500 security appliances, design a migration plan that permits a quick and seamless changeover, assist you to deploy new ASA 5500 Series firewalls, and offer remote training, consulting, and troubleshooting services.
Additional Ways Progent Can Assist You with Cisco ASA and PIX Security Appliances
Cisco ASA 5500 Series firewalls and PIX family security appliances provide a wealth of setup, monitoring, and analysis options which give you the ability to set up these security appliances to match your business requirements. Progent's CCIE certified network experts can help you to and support an efficient infrastructure that incorporates Cisco ASA and/or PIX firewall technology and that offers world-class security, resilience, performance, and manageability. Progent's GISA and CISM-certified information security professionals can assist your business to create a security policy appropriate for your environment and can set up your PIX or ASA firewall to enforce your security strategy. Progent's risk assessment engineers can assess the effectiveness of your current firewall deployment and help determine the overall security of your whole information system network. Progent’s Help Desk Call Center can deliver urgent online technical support for Cisco products and can give you fast access to a Cisco CCIE expert.
To learn more details about Progent's consulting support for Cisco products, choose a topic:
To find out additional details about Progent's engineering expertise for Cisco networking products, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to get in touch with Progent about engineering support for Cisco networking, call 1-800-993-9400 or visit Contact Progent.