Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls provide combined firewall, VPN, and intrusion prevention system services in compact single-box packages, delivering a wide array of features to match the security and compliance requirements of organizations ranging from small and mid-size businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X Series, ASA 5500, and PIX 500 firewalls enable IT security teams to protect their network edge and provide safe offsite and mobile access while utilizing advanced management tools based on Cisco's industry-leading firewall technology.

Cisco’s ASA 5500 Series and PIX firewalls have reached end-of-life but remain widely used in small and mid-size organizations and in a few larger networks. Cisco’s ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have superseded Cisco's ASA 5500 and PIX 500 lines of firewalls for new installations. However, Cisco's older model firewalls, if properly maintained, continue to offer a high level of security by supplying multiple security functions such as stateful firewall, Virtual Private Network (VPN) connections, and IPS.

After Cisco's purchase of Sourcefire, the entire line of ASA 5500-X devices can be provisioned to enable Firepower Services, based on Sourcefire's Snort technology, which is the market's most deployed intrusion protection system (IPS). Firepower services provide powerful new features including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.

Progent's Cisco-qualified network consultants can help you to maintain and debug legacy ASA 5500 and PIX firewalls and can also help you to plan and implement a smooth upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also help you to design, integrate, optimize, administer and troubleshoot new firewall solutions built on Cisco's current ASA 5500-X models with Firepower.

Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X security appliances includes an improved replacement for each rack-mountable unit in the older ASA 5500 line of devices. Each ASA 5500-X firewall is suited for the identical environment as the corresponding earlier models, which offers small and midsize businesses ample choice for selecting a firewall that aligns with their security needs and IT budgets. All ASA 5500-X products are based on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and support Cisco's powerful security services. All devices in Cisco's ASA 5500-X family deliver dependable security across any combination of physical, virtual, and cloud environments.

>Cisco ASA 5500-X Firepower Consultants

For more details about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's consulting for Cisco ASA 5500-X security appliances, see Cisco Firepower configuration and debugging expertise

Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with software or hardware modules that enable Cisco's Firepower Services, which offer layered defense against advanced threats. Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X security appliances include:

  • Layered defense against both familiar and new attacks
  • Cisco's Advanced Malware Protection that uses big data to find and remediate intrusions
  • Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that covers users, network infrastructure, apps, and content to discover threats that use simultaneous approaches
  • High-resolution Application Visibility and Control that is familiar with thousands of apps and can automatically activate both standard and custom IPS policies depending on the degree of risk
>Cisco Firepower Integration Expertise

Firepower Services for Cisco ASA firewalls provide advanced multi-layered security

Simpler implementations of ASA firewalls can be efficiently managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool included with all ASA 5500-X versions. ASDM provides an easy-to-use web console for configuring, managing, and troubleshooting ASA 5500-X appliances and modules.

For more complex environments, ASA 5500-X appliances with Firepower can be administered using Cisco's Firepower Management Center, available as one or more physical or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names that include Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.

Cisco's Firepower Management Center provides features unavailable with Cisco's on-box ASDM utility. Extra capabilities include expanded context awareness, Advanced Malware Protection with mitigation for client devices, a console that offers real-time network visualization, automated policy tuning based on impact assessment of threats, advanced IPS, custom application detectors for Application Visibility and Control (AVC), customized health alerts, improved reporting features, and APIs for host input and database access. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be managed using either the on-device ASDM or the ASA 5500-X CLI.

Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls leverage technology behind the Cisco PIX 500 Series Security Appliance, the Cisco IPS 4200 family sensor, and Cisco's VPN 3000 model concentrator. These technologies converge on the Cisco ASA Firewall product line to deliver a firewall that stops the widest variety of attacks. Cisco Adaptive Security Appliances Firewalls provide program protection, local containment, and safe Virtual Private Network connectivity across the entire product line. This broad scope of security allows the guarding of any network area, which includes the most common attack conduits such as remote sites, LAN-connected inside users, and off-site access VPNs.

>Cisco ASA 5500 Series Consulting and Troubleshooting
The expandable design of the ASA 5500 family permits you to add features via service modules and security service cards. These user-installable options give you the option of adding Intrusion Protection and content protection functions such as blocking virus, spyware, and phishing attacks and performing data and URL screening. In addition to enabling your IT staff to respond rapidly to the latest risk environments, the expandable design of the Cisco ASA 5500 Series also leverages your hardware investment by increasing the life of your firewalls. The ASA 5500 family also leverages your investment in IT team training by supporting the familiar set of PIX 500 management utilities and protocols including the Cisco Adaptive Security Device Manager platform, protected command-line interface (CLI) availability, syslog, and SNMP.

Cisco ASA 5500 Series firewalls deliver robust application protection via smart, application-aware inspection engines that examine traffic at Layers 4-7. This produces a better protected network including Web, voice, and mobile wireless services. To protect networks against application-layer attacks and to provide stronger control over the applications and protocols utilized in their networks, Cisco's inspection engines incorporate broad application and protocol knowledge and employ security enforcement solutions such as protocol anomaly detection and application and protocol state tracking. Also incorporated are attack detection and mitigation techniques including application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also deliver management of IM and peer-to-peer file sharing, allowing businesses to enforce usage policies and preserve network bandwidth for vital business processes.

For more information about Progent's consulting services for Cisco's ASA 5500 security appliances, visit ASA 5500 firewalls configuration and troubleshooting support.

Cisco PIX Firewalls
Based around a hardened, specialized software platform that offers a wealth of security features, PIX firewalls offer excellent protection and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IPsec qualification. Cisco PIX firewall appliances offer security for a wide range of Voice over IP and other mixed-media standards including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and MGCP, enabling businesses to protect installations of a broad array of current and upcoming IP voice and video applications.

Cisco PIX Firewalls Consulting Firm
PIX security appliances offer a variety of setup, tracking, and analysis features, giving businesses the flexibility to utilize the techniques that most closely meet their needs. Management solutions include centralized, policy-based management utilities, integrated web-accessible management, and support for remote-monitoring protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a world-class Web-based management solution that greatly streamlines the deployment, in-place configuration, and tracking of a single PIX firewall without requiring any additional software beyond an ordinary browser and Java applet to be running on an administrator's computer.

IT managers can also remotely set up, monitor, and analyze PIX security appliances via a command-line interface (CLI). Safe CLI interface communication is possible using several techniques including Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band through a console port. Cisco PIX firewall appliances also have robust auto-update features, a collection of revolutionary secure remote-management options that make sure that security settings and software images are always current.

For additional details about Progent's consulting services for Cisco PIX firewalls, visit PIX 500 firewalls configuration and debugging services.

Progent's PIX to ASA Migration Consulting Support
Since Cisco has ceased selling the PIX 500 product line, many businesses are concerned about relying on a key security mechanism that may stop being supported by Cisco. Cisco ASA 5500 firewalls have the advantage of being new devices and also offer a number of functions and financial benefits in comparison to PIX 500 devices. These benefits include significantly higher throughput, optional Secure Sockets Layer VPN support, and a modular architecture that protects your investment by enabling you to add more security features whenever you need them. Progent's Cisco experts can assist your company to determine the business case for migrating from PIX to ASA 5500 firewalls, design a migration plan that permits a fast and non-disruptive changeover, help you to deploy new ASA 5500 Series appliances, and offer online, consulting, and troubleshooting services.

Additional Ways Progent Can Assist Your Business with Cisco ASA and PIX Security Appliances
Cisco Cisco ASA Series firewalls and PIX family firewalls incorporate an array of setup, monitoring, and troubleshooting options that offer you the ability to set up these firewalls to match your business requirements. Progent's CCIE certified network professionals can assist you to and support a cost-effective infrastructure that includes Cisco ASA and/or PIX security appliances and that provides advanced protection, fault tolerance, throughput, and manageability. Progent's GISA and CISSP-ISSP-qualified information security engineers can help you to create a security policy that makes sense for your situation and can configure your PIX or ASA firewall to enforce your security strategy. Progent's risk assessment consultants can assess the effectiveness of your current firewall deployment and help determine the security of your whole information system network. Progent’s Technical Response Center can deliver urgent online technical support for Cisco technology and offer quick access to a Cisco CCIE expert.

To learn more information concerning Progent's consulting assistance for Cisco solutions, pick a topic:

To find out more information about Progent's engineering assistance for Cisco products, pick a subject:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To get in touch with Progent about professional support for Cisco products, phone 1-800-993-9400 or visit Contact Progent.

© 2002- 2017 Progent Corporation. All rights reserved.