Cisco’s ASA 5500-X Series, ASA 5500, and PIX firewalls offer integrated firewall, VPN, and IPS services in compact single-box devices, delivering a wide range of features to match the security needs of organizations from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500, and PIX 500 firewall appliances allow IT security teams to defend their network perimeter and offer secure remote connectivity while using advanced management mechanisms built on Cisco's world-class firewall products.
Cisco’s ASA 5500 Series and PIX firewall appliances have reached end-of-life (EOL) status but are still widely deployed in smaller businesses as well as in some larger data centers. Cisco’s ASA 5500-X Next-Generation Firewalls deliver substantially more value and have supplanted Cisco's ASA 5500 and PIX 500 families of firewalls for new deployments. Still, Cisco's older model firewalls, if properly managed, continue to offer a high degree of protection by providing multiple services including firewall, IPsec VPN, and IPS.
After Cisco's purchase of Sourcefire, the whole family of ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort product, which is the world's most popular network intrusion protection system. Firepower services bring enhanced features including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco CCIE-qualified infrastructure engineers can help your organization to support and troubleshoot older ASA 5500 Series and PIX 500 firewalls and can also help you to design and carry out an efficient upgrade to Cisco’s ASA 5500-X firewalls with Firepower Services. Progent can also assist you to design, deploy, optimize, administer and troubleshoot new firewall ecosystems built on Cisco's latest ASA 5500-X firewalls with Firepower Services.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X firewalls features an enhanced substitute for every rack-mountable unit in the older ASA 5500 line of firewalls. Each ASA 5500-X firewall is suited for the same environment as the associated previous models, which offers most plenty of room for picking a solution that aligns with their security needs and IT budgets. All ASA 5500-X products build on Cisco's proven stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore processors and are capable of running Cisco's advanced protection services. All models in Cisco's ASA 5500-X family provide dependable protection across any mix of physical, virtual, and cloud environments.
For more information about ASA 5500-X firewalls, Firepower services, and Progent's support for Cisco ASA 5500-X firewalls, visit Firepower configuration and troubleshooting expertise
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls work with software or physical modules that support Firepower Services, which offer layered protection against advanced threats. Cisco's Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X firewalls include:
- Multi-layer protection against familiar and zero-day threats
- Advanced Malware Protection (AMP) that uses big data to discover and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that covers clients, network infrastructure, software applications, and content to discover threats that incorporate simultaneous approaches
- High-resolution Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically launch standard and custom IPS policies based on the degree of risk
Firepower Services for ASA firewalls provide multi-layered protection
Simpler deployments of Cisco ASA firewalls can be effectively administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility included with all ASA 5500-X models. ASDM provides a simple web dashboard for configuring, managing, and troubleshooting ASA 5500-X appliances and service modules.
For multi-device and multi-site environments, ASA 5500-X appliances with Firepower Services can be managed using Cisco's Firepower Management Center, implemented as one or several physical or virtual devices. Firepower Management Center offers centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection. Because of ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names including Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center provides features beyond those available with Cisco's on-device ASDM utility. Extra features include expanded context awareness, Advanced Malware Protection with mitigation for client devices, a dashboard that offers real-time network infrastructure visualization, automated policy tuning driven by impact assessment of attacks, advanced IPS, custom app discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting features, and APIs for host input and database access. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be managed using either the on-device ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on engineering developed for Cisco's PIX 500 family firewall, Cisco's IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 Series concentrator. These solutions enable the Cisco ASA Firewall family to deliver a firewall that stops the widest range of threats. Cisco ASA 5500 Series Firewalls provide program protection, network containment and control, and safe VPN connectivity across Cisco's product line. This broad scope of security allows defense of any network section, including the most typical threat conduits such as remote locations, locally-attached inside users, and off-site connected VPNs.
The scalable architecture of the Cisco ASA 5500 Series permits you to add more features via security service modules (SSMs) and security service cards (SSCs). These user-installable options provide the ability to add Intrusion Protection and content protection services like blocking virus, spyware, and phishing attacks and performing file and web screening. Beside allowing you to respond rapidly to the latest risk environments, the expandable design of the ASA 5500 Series also leverages your capital investment by increasing the useful life of your security appliances. The ASA 5500 family also leverages your investment in IT team training by utilizing the rich set of PIX management tools and protocols such as the Cisco Adaptive Security Device Manager platform, secure command-line interface availability, syslog, and Simple Network Management Protocol.
Cisco ASA 5500 Series firewalls provide robust application security via intelligent, application-sensitive inspection engines that examine traffic at Layers 4-7. This produces a better protected network covering Web, voice, and 3G-mobile wireless services. To defend networks against application-layer attacks and to offer stronger control over the applications and protocols used in their environments, Cisco's inspection engines incorporate broad application and protocol knowledge and rely on security enforcement technologies such as protocol anomaly detection and state monitoring. Also included are attack sensing and remediation techniques including application and protocol command filters and content verification. Cisco ASA firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, enabling businesses to enforce usage policies and recover bandwidth for important business processes.
For additional details about Progent's support services for Cisco's ASA 5500 security appliances, see ASA 5500 firewalls configuration and debugging services.
Cisco PIX Firewalls
Built upon a hardened, specialized operating system that offers a wealth of protection services, PIX firewall appliances offer a high level of security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security qualification. Cisco PIX security appliances provide security for a broad array of VoIP and additional multimedia conventions such as H.323 Version 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping businesses to protect deployments of a wide range of contemporary and upcoming VoIP and video applications.
PIX firewalls feature a variety of configuration, tracking, and analysis options, giving IT managers the versatility to use the methods that best match their requirements. Administrative solutions include centralized, policy-based management tools, integrated web-accessible administration, and compatibility with remote-monitoring standards such as Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a world-class Web-accessible management solution that greatly simplifies the deployment, ongoing modification, and monitoring of a single PIX firewall without the need of any extra utility other than an ordinary browser and Java plug-in to be installed on an administrator's computer.
IT managers can furthermore remotely set up, track, and analyze PIX firewalls via a command-line interface (CLI). Safe CLI interface access is available through a number of techniques including Secure Shell (SSHv2) Protocol, Telnet through IPsec, and out-of-band via a console port. Cisco PIX firewall appliances also have robust automatic-update capabilities, a collection of advanced protected remote-management services that ensure security settings and software images are always current.
For more details about Progent's support services for PIX firewalls, see Cisco PIX 500 firewalls integration and troubleshooting services.
Progent's PIX to ASA Migration Consulting
Since Cisco has ceased offering the PIX family of firewalls, many businesses are uncomfortable with relying on a critical infrastructure component that may no longer be supported. Cisco ASA 5500 firewalls offer the advantage of being current devices and also bring a number of technical and financial advantages in comparison to PIX firewalls. These benefits include significantly better throughput, optional Secure Sockets Layer tunneling support, and an expandable architecture that protects your investment by allowing you to self-install more security services when and if you need them. Progent's Cisco network engineers can assist you to determine the business case for moving from PIX to Cisco ASA 5500 firewalls, design a migration plan that permits a quick and seamless changeover, assist your IT staff to configure new ASA 5500 Series firewalls, and offer remote training, consulting, and technical support services.
Other Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco ASA 5500 Series adaptive security appliances and PIX family firewalls incorporate a wealth of configuration, monitoring, and troubleshooting features that offer you the ability to deploy these security appliances to match your business requirements. Progent's CCIE authorized network professionals can help you to install a cost-effective network infrastructure that incorporates Cisco ASA and/or PIX firewall technology and that offers world-class protection, fault tolerance, performance, and recoverability. Progent's GISA and CISSP-ISSP-qualified information security engineers can help your business to develop a security policy that makes sense for your situation and can configure your security appliance to enforce your security policies. Progent's risk evaluation engineers can evaluate the strength of your current firewall deployment and validate the overall security of your whole IT environment. Progent’s Help Desk support team can deliver emergency remote troubleshooting for Cisco products and can give you fast access to a Cisco network engineer.
For additional information about Progent's professional help for Cisco solutions, choose a subject:
To find out additional information concerning Progent's consulting help for Cisco products, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To ask Progent about technical expertise for Cisco products, phone 1-800-993-9400 or see Contact Progent.