Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances provide integrated firewall, VPN, and intrusion prevention system (IPS) services in compact single-box packages, delivering a broad range of features to meet the security and compliance needs of companies ranging from small businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewalls allow IT security staffs to protect their network edge and offer safe offsite and mobile access while using powerful management tools built on Cisco's world-class firewall technology.

Cisco’s ASA 5500 Series and PIX firewall appliances have arrived at end-of-life (EOL) status but are still widely used in smaller businesses as well as in some enterprise networks. The ASA 5500-X Series Next-Generation Firewalls represent substantially more bang for the buck and have supplanted the ASA 5500 and PIX families of firewalls for new installations. Still, Cisco's legacy firewall appliances, if carefully maintained, can deliver a high level of protection by supplying a variety of services such as firewall, VPN tunneling, and IPS.

Since Cisco's acquisition of Sourcefire, the whole line of Cisco ASA 5500-X firewalls can be configured to support Firepower Services, based on Sourcefire's Snort product, which is the world's most popular network intrusion protection system. Firepower services provide powerful new features including advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.

Progent's Cisco-certified network consultants can assist your organization to maintain and troubleshoot legacy ASA 5500 and PIX firewalls and can also help you to plan and carry out a smooth upgrade to Cisco’s ASA 5500-X firewalls with Firepower. Progent can also help you to design, integrate, tune, manage and troubleshoot new firewall ecosystems built on Cisco's current ASA 5500-X models with Firepower.

Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X security appliances includes an enhanced replacement for every rack-mountable unit in the previous ASA 5500 line of firewalls. Each ASA 5500-X model is suited for the same environment as the associated earlier models, which gives small and midsize businesses ample room for picking a solution that aligns with their security needs and IT budgets. All ASA 5500-X products build on Cisco's tested stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore processors and are capable of running Cisco's powerful protection services. All devices in Cisco's ASA 5500-X product line deliver consistent protection across any combination of physical, virtual, and cloud deployments.

>Cisco ASA 5500-X Firepower Consultants

For additional details about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's support for ASA 5500-X firewalls, visit Cisco Firepower configuration and debugging consulting

Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with either software or hardware modules that support Firepower Services, which provide layered protection against sophisticated attacks. Cisco's Firepower Services are based on technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA security appliances include:

  • Layered protection against both familiar and new threats
  • Advanced Malware Protection that utilizes big data techniques to find and remediate intrusions
  • Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at users, network infrastructure, apps, and content to discover attacks that incorporate multiple approaches
  • High-resolution Application Visibility and Control that is familiar with thousands of applications and can automatically launch both standard and customized IPS policies based on the severity of risk
>Cisco Firepower Integration Consultants

Firepower Services for ASA 5500-X firewalls offer multi-layered protection

Simpler implementations of ASA 5500-X firewalls can be effectively administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool provided with all ASA 5500-X models. ASDM provides a simple web console for deploying, managing, and debugging ASA 5500-X appliances and modules.

For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower can be administered using Cisco's Firepower Management Center, implemented as one or more physical units or virtual devices. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection. Due to frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names including Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.

Firepower Management Center provides features beyond those available with Cisco's on-box Adaptive Security Device Manager tool. Extra features include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for user devices, a dashboard that offers dynamic infrastructure visualization, automated policy tuning driven by impact assessment of threats, comprehensive IPS, custom application discovery for Application Visibility and Control, customized health notifications, enhanced reporting features, and APIs for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be handled using Cisco's ASA 5500-X on-box ASDM or the ASA 5500-X command line interface.

Cisco ASA 5500 Adaptive Security Appliances
Cisco ASA Firewalls leverage technology developed for the Cisco PIX 500 Series Security Appliance, Cisco's IPS 4200 Series Intrusion Prevention System, and the VPN 3000 Series concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to deliver a platform that defends against the widest range of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls provide program security, local containment and control, and clean Virtual Private Network connectivity across the entire product portfolio. This broad scope of protection allows defense of any network area, which includes the most typical attack conduits like remote sites, locally-connected internal users, and remote connected Virtual Private Networks.

>Cisco ASA 5500 Consulting and Troubleshooting
The expandable design of the ASA 5500 family allows you to add more services by installing security service modules and security service cards (SSCs). These easy-to-install options give you the option of adding IPS and content protection functions such as blocking virus, spyware, and phishing attacks and performing file and URL screening. Beside enabling you to respond quickly to the latest risk environments, the extensible design of the ASA 5500 Series also leverages your hardware investment by prolonging the life of your firewalls. The ASA 5500 family also protects your investment in IT team training by supporting the familiar set of PIX security management tools and protocols including the Cisco ASDM platform, protected command-line interface (CLI) access, verbose syslog, and SNMP.

Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide a high-level of application protection via intelligent, application-sensitive inspection processes that analyze traffic at Layers 4-7. The result is a better protected environment including Web, voice, and mobile wireless connectivity. To defend networks against application-layer assaults and to offer stronger control over the applications and protocols used in their environments, these inspection engines incorporate broad application and protocol knowledge and rely on security enforcement solutions that include protocol anomaly detection and application and protocol state monitoring. Also incorporated are assault detection and mitigation techniques including application/protocol command filtering and content verification. Cisco ASA firewall inspection engines also provide management of instant messaging and tunneling applications, allowing businesses to police usage policies and preserve bandwidth for crucial business applications.

For more information about Progent's consulting services for Cisco's ASA 5500 firewalls, visit Cisco ASA 5500 firewalls configuration and debugging consulting.

PIX Firewalls
Based around a tested, specialized operating system that delivers rich security features, Cisco PIX security appliances provide excellent protection and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. PIX security appliances provide protection for a wide range of Voice over IP and additional mixed-media conventions including H.323 Version 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and MGCP, helping businesses to safeguard installations of a wide array of contemporary and upcoming Voice over IP and mixed-media applications.

Cisco PIX Firewalls Support
PIX firewalls feature a wealth of configuration, tracking, and analysis options, providing businesses the versatility to use the techniques that best match their needs. Management options include common, policy-based administration utilities, integrated web-accessible management, and support for remote-monitoring protocols like Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager interface provides a powerful Web-based control solution that significantly streamlines the deployment, ongoing configuration, and monitoring of a specific PIX firewall appliance without requiring any additional software other than an ordinary Web browser and Java plug-in to be running on an administrator's PC.

IT managers can furthermore remotely configure, track, and analyze PIX firewall appliances via a command-line interface (CLI). Secure command-line interface (CLI) access is possible through a number of methods such as Secure Shell Protocol, Telnet through IPsec, and out-of-band via a console port. PIX firewall appliances also have robust auto-update features, a set of advanced protected remote-management services that make sure that firewall configurations and software images are always current.

For more information about Progent's support services for Cisco PIX firewalls, see Cisco PIX firewalls configuration and troubleshooting services.

Progent's PIX to ASA Migration Support Services
Because Cisco has discontinued selling the PIX family of firewalls, many businesses are concerned about relying on a key infrastructure component that might no longer be supported. ASA 5500 firewalls offer the benefit of being new products and also offer several functions and budgetary advantages in comparison to PIX firewalls. These benefits include substantially higher throughput, optional SSL VPN support, and a modular architecture that guards your investment by enabling you to add more security services whenever you require them. Progent's CCIE-certified network engineers can help your company to assess the business value of for migrating from PIX to ASA 5500 security appliances, design a migration plan that allows for a fast and non-disruptive changeover, assist you to install new ASA 5500 Series firewalls, and provide remote training, consulting, and troubleshooting services.

Other Ways Progent Can Assist Your Business with Cisco Firewalls
Cisco's ASA Series adaptive security appliances and PIX family firewalls incorporate an array of setup, tracking, and troubleshooting options which give you the flexibility to configure these security appliances to match your company's needs. Progent's CCIE certified network consultants can show you how to install an efficient network infrastructure that includes Cisco ASA or PIX firewalls and that provides world-class security, resilience, performance, and recoverability. Progent's GISA and CISSP-ISSP-qualified IS security professionals can help you to develop a security policy appropriate for your environment and can set up your PIX or ASA firewall to support your security strategy. Progent's risk evaluation consultants can assess the effectiveness of your existing firewall deployment and audit the overall security of your entire information system network. Progent’s Technical Response Center (TRC) can deliver urgent remote troubleshooting for Cisco products and can give you fast access to a Cisco CCIE expert.

To see additional information concerning Progent's professional assistance for Cisco products, select a subject:

To learn additional details concerning Progent's consulting help for Cisco solutions, pick a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

In order to ask Progent about technical assistance for Cisco networking, phone 1-800-993-9400 or refer to Contact Progent.

© 2002- 2018 Progent Corporation. All rights reserved.