Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewall appliances provide integrated firewall, IPsec VPN, and intrusion prevention system (IPS) capabilities in compact single-box devices, delivering a broad array of features to meet the security needs of organizations from small businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls enable network security staffs to protect their network edge and offer safe offsite and mobile access while utilizing advanced administration mechanisms based on Cisco's world-class firewall technology.

Cisco’s ASA 5500 and PIX 500 firewalls have arrived at end-of-life but remain commonly used in smaller organizations as well as in a few larger networks. The ASA 5500-X Next-Generation Firewalls deliver substantially more value and have superseded Cisco's ASA 5500 and PIX lines of firewalls for new installations. Still, Cisco's legacy firewall appliances, if properly managed, can deliver a high level of protection by providing a variety of security functions including stateful firewall, VPN tunneling, and IPS.

Following Cisco's acquisition of Sourcefire, the entire family of Cisco ASA 5500-X devices can be provisioned to support Firepower Services, built on Sourcefire's Snort technology, which is the market's most popular network intrusion protection system. Firepower services provide enhanced capabilities such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.

Progent's Cisco CCIE-certified network engineers can help you to maintain and debug legacy ASA 5500 Series and PIX 500 firewalls and can also assist you to design and carry out a smooth upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also help you to design, configure, tune, administer and debug new firewall ecosystems based on Cisco's current ASA 5500-X models with Firepower.

Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X security appliances includes an enhanced replacement for each rack-mountable model in the previous ASA 5500 line of devices. Each ASA 5500-X model is suited for the same market as the associated earlier models, which gives small and midsize businesses plenty of choice for selecting a solution that meets their security needs and IT budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and support Cisco's powerful protection services. All models in Cisco's ASA 5500-X family deliver consistent security across any mix of physical, virtual, and cloud environments.

>Cisco ASA 5500-X Firepower Consultants

For additional details about ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA 5500-X firewalls, visit Firepower integration and debugging consulting

Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances accept software or hardware modules that enable Firepower Services, which provide layered defense against advanced threats. Cisco's Firepower Services are based on technology adopted by Cisco from Sourcefire. Major features of Firepower Services for ASA firewalls include:

  • Layered defense against both familiar and new attacks
  • Cisco's Advanced Malware Protection that uses big data techniques to discover and remediate intrusions
  • A Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at users, network infrastructure, software applications, and content to discover attacks that use multiple approaches
  • Fine-grained Application Visibility and Control that is familiar with thousands of apps and can automatically launch standard and customized IPS policies depending on the severity of threats
>Cisco Firepower Integration Consultants

Firepower Services for Cisco ASA 5500-X firewalls offer advanced multi-layered security

Smaller deployments of Cisco ASA firewalls can be efficiently managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility provided with all ASA 5500-X versions. ASDM includes a simple web dashboard for configuring, administering, and troubleshooting ASA 5500-X appliances and service modules.

For more complex environments, ASA 5500-X firewalls with Firepower can be managed using Firepower Management Center, available as one or more physical units or virtual appliances. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under various names including Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.

Cisco's Firepower Management Center provides features unavailable with Cisco's on-box Adaptive Security Device Manager utility. Extra features include greater context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for client devices, a dashboard that offers dynamic infrastructure visualization, automated policy tuning driven by risk assessment of threats, advanced IPS, custom application discovery for Application Visibility and Control (AVC), customized health notifications, enhanced reporting features, and APIs for host input and databases. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be managed using Cisco's ASA 5500-X on-box ASDM or the ASA command line interface.

Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls build on engineering developed for the PIX 500 Series firewall, Cisco's IPS 4200 Series sensor, and the VPN 3000 family concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) Firewall product line to offer a firewall that stops the widest range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver program security, local containment, and safe VPN functionality throughout the entire product line. This broad scope of protection allows the guarding of any network area, which includes the most typical attack conduits like remote sites, LAN-attached internal users, and remote connected Virtual Private Networks.

>ASA 5500 Consulting and Troubleshooting
The scalable design of the ASA 5500 Series allows you to add more services by installing security service modules (SSMs) and security service cards. These user-installable options provide the option of adding IPS and content protection services like blocking virus, spyware, and phishing attacks and executing data and web filtering. In addition to allowing your IT staff to react quickly to new risk environments, the extensible design of the ASA 5500 family also protects your hardware investment by increasing the life of your firewalls. The Cisco ASA 5500 Series also leverages your investment in IT staff education by supporting the familiar library of PIX 500 management utilities and protocols including the Cisco Adaptive Security Device Manager (ASDM) system, protected command-line interface (CLI) access, verbose syslog, and Simple Network Management Protocol.

Cisco ASA 5500 Series firewalls provide robust application security via intelligent, application-aware inspection engines that examine network flows at Layers 4-7. This produces a better protected network covering Web, voice, and mobile wireless services. To protect networks against application-layer attacks and to provide better control over the programs and protocols used in their networks, Cisco's inspection engines incorporate extensive application and protocol knowledgebases and employ protection enforcement technologies such as protocol anomaly sensing and state monitoring. Also incorporated are attack sensing and mitigation technology including application/protocol command filters and content verification. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, allowing businesses to police usage policies and conserve network bandwidth for crucial business applications.

For more information about Progent's support services for ASA 5500 security appliances, visit Cisco ASA 5500 firewalls integration and troubleshooting support.

Cisco PIX Firewalls
Based upon a hardened, purpose-built operating system that delivers rich security features, Cisco PIX firewall appliances offer a high level of security and have earned EAL 4 status and ICSA Firewall and IP Security certification. Cisco PIX firewalls provide protection for a wide range of Voice over IP and other mixed-media conventions such as H.323 v. 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, helping businesses to safeguard deployments of a wide range of current and upcoming IP voice and multimedia applications.

Cisco PIX Firewalls Consulting
Cisco PIX firewall appliances feature a variety of configuration, tracking, and analysis features, giving IT managers the flexibility to utilize the methods that most closely meet their needs. Management options include common, policy-based administration utilities, integrated web-accessible management, and compatibility with remote-tracking standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system offers a world-class Web-based management platform that significantly simplifies the deployment, ongoing configuration, and monitoring of a specific Cisco PIX firewall without requiring any additional software other than a standard Web browser and Java applet to be running on a manager's PC.

Administrators can also remotely configure, monitor, and analyze PIX security appliances via a command-line interface (CLI). Secure command-line interface access is available using several methods including Secure Shell (SSHv2) Protocol, Telnet through IPsec, and out-of-band through a console port. PIX firewall appliances also include robust automatic-update features, a collection of revolutionary secure remote-management options that ensure security configurations and software images are always current.

For additional details about Progent's support services for Cisco PIX firewalls, visit PIX firewalls integration and troubleshooting support.

Progent's PIX to ASA Migration Support Services
Because Cisco has stopped offering the PIX product line, many businesses are concerned about depending on a critical infrastructure component that may stop being supported. ASA 5500 security appliances offer the advantage of being current products and also bring several technical and financial benefits in comparison to PIX firewalls. These advantages include significantly higher throughput, optional SSL tunneling support, and a modular design that protects your investment by enabling you to self-install more security features when and if you need them. Progent's Cisco certified network engineers can help your company to assess the strategic case for moving from PIX to ASA 5500 security appliances, create a migration process that permits a fast and seamless changeover, assist your IT staff to set up new ASA 5500 Series appliances, and provide remote training, consulting, and troubleshooting services.

Additional Ways Progent Can Help You with Cisco Firewalls
Cisco's Cisco ASA Series adaptive security appliances and PIX firewalls incorporate an array of configuration, tracking, and analysis options that offer you the flexibility to set up these security appliances to align optimally with your business needs. Progent's CCIE authorized network experts can help you to and support an efficient network infrastructure that incorporates Cisco ASA and/or PIX security appliances and that provides advanced protection, fault tolerance, throughput, and manageability. Progent's CISA and CISM-certified IS security professionals can help your business to create a security policy that makes sense for your business and can configure your security appliance to support your security policies. Progent's risk assessment consultants can evaluate the effectiveness of your existing firewall deployment and validate the overall security of your whole IS network. Progent’s Help Desk Call Center can deliver emergency remote troubleshooting for Cisco products and can give you fast access to a Cisco CCIE network engineer.

For additional details concerning Progent's engineering expertise for Cisco products, pick a subject:

For more information about Progent's consulting expertise for Cisco networking products, pick a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

If you wish to contact Progent about technical assistance for Cisco networking, phone 1-800-993-9400 or visit Contact Progent.

© 2002- 2017 Progent Corporation. All rights reserved.