Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances provide integrated firewall, VPN, and intrusion prevention system (IPS) capabilities in single-box packages, delivering a broad array of features to meet the security requirements of organizations from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewalls allow network security staffs to protect their network perimeter and offer safe offsite and mobile access while utilizing advanced management tools built on Cisco's world-class firewall technology.
Cisco’s ASA 5500 and PIX 500 firewalls have reached end-of-life (EOL) status but are still widely deployed in small and mid-size organizations as well as in a few larger data centers. The ASA 5500-X Series Next-Generation Firewalls deliver significantly more bang for the buck and have superseded Cisco's ASA 5500 and PIX lines of firewalls for new installations. However, Cisco's older model firewall appliances, if properly maintained, can deliver a high level of protection by supplying multiple features such as stateful firewall, VPN, and IPS.
After Cisco's purchase of Sourcefire, the entire line of ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort technology, which is the market's most deployed intrusion protection system. Firepower services provide enhanced features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco-certified infrastructure engineers can assist you to maintain and troubleshoot legacy ASA 5500 and PIX 500 firewall appliances and can also help you to plan and implement a smooth migration to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also help you to plan, deploy, optimize, administer and troubleshoot new firewall solutions built on Cisco's latest ASA 5500-X models with Firepower Services.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X firewalls includes an enhanced replacement for every rack-mountable unit in the previous ASA 5500 line of devices. Each ASA 5500-X firewall is suited for the same environment as the associated previous models, which gives most ample room for selecting a solution that meets their security needs and IT budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and support Cisco's advanced protection services. All models in Cisco's ASA 5500-X product line deliver dependable protection across any combination of physical, virtual, and cloud environments.
For additional information about ASA 5500-X firewalls, Firepower services, and Progent's support for Cisco ASA 5500-X security appliances, see Cisco Firepower configuration and troubleshooting consulting
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls accept either software or physical modules that enable Firepower Services, which offer layered protection against sophisticated attacks. Cisco's Firepower Services are based on technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X firewalls include:
- Layered protection against familiar and zero-day attacks
- Cisco's Advanced Malware Protection (AMP) that uses big data techniques to discover and mitigate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at clients, network infrastructure, software applications, and content to detect attacks that incorporate simultaneous approaches
- High-resolution Application Visibility and Control that is aware of thousands of apps and can automatically launch standard and customized IPS policies based on the degree of risk
Firepower Services for Cisco ASA firewalls offer multi-layered protection
Smaller deployments of Cisco ASA 5500-X firewalls can be efficiently administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool which is provided with all ASA 5500-X versions. ASDM provides a convenient web console for deploying, managing, and debugging ASA 5500-X devices and modules.
For more complex deployments, ASA 5500-X firewalls with Firepower Services can be administered with Firepower Management Center, available as one or several physical units or virtual devices. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection. Because of ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Cisco's Firepower Management Center provides capabilities beyond those available with Cisco's on-box ASDM utility. Additional features include greater context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for user devices, a console that provides real-time network visualization, automated policy tuning based on impact assessment of threats, advanced IPS, custom application discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting features, and APIs for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be handled using the on-device ASDM or the ASA CLI.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances Firewalls leverage technology behind Cisco's PIX 500 firewall, the Cisco IPS 4200 Series sensor, and the VPN 3000 model concentrator. These technologies enable the Cisco ASA 5500 Series Firewall product line to deliver a platform that stops the widest range of threats. Cisco ASA Firewalls provide application security, network containment and control, and safe Virtual Private Network functionality across Cisco's product portfolio. This broad scope of security allows defense of any network section, which includes the most common threat conduits like remote locations, LAN-attached inside users, and remote access VPNs.
The expandable design of the ASA 5500 Series allows you to add security services via security service modules and security service cards (SSCs). These user-installable options give you the option of adding IPS and content protection functions such as blocking virus, worms, and phishing attacks and executing data and web filtering. Beside enabling you to respond rapidly to the latest threat vectors, the extensible design of the Cisco ASA 5500 Series also leverages your capital investment by prolonging the life of your security appliances. The Cisco ASA 5500 Series also leverages your investment in administrative staff training by utilizing the familiar library of PIX 500 management utilities and protocols including the Cisco ASDM system, secure command-line interface (CLI) availability, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco ASA 5500 Series firewalls provide robust application protection via intelligent, application-sensitive inspection engines that analyze network flows at Layers 4-7. This results in a better protected network covering Web, voice, and mobile wireless access. To protect against application-layer attacks and to offer stronger control over the programs and protocols used in their environments, these inspection engines integrate broad application and protocol knowledgebases and rely on protection enforcement solutions that include anomaly sensing and state tracking. Also incorporated are assault sensing and remediation techniques such as application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver control over instant messaging and peer-to-peer file sharing, allowing businesses to police usage policies and recover bandwidth for vital business applications.
For more details about Progent's support services for ASA 5500 security appliances, visit Cisco ASA 5500 firewalls integration and troubleshooting services.
Built upon a tested, specialized software platform that delivers rich protection services, PIX firewalls provide a high level of protection and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IPsec qualification. Cisco PIX firewalls provide protection for a wide array of VoIP and other mixed-media conventions including H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol (MGCP), enabling businesses to protect deployments of a broad array of contemporary and next-generation IP voice and mixed-media applications.
PIX firewall appliances feature a variety of configuration, tracking, and troubleshooting options, providing IT managers the versatility to use the techniques that most closely meet their requirements. Administrative solutions include centralized, policy-based management tools, integrated web-based administration, and compatibility with remote-tracking protocols such as Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager interface provides a world-class Web-accessible control platform that greatly simplifies the deployment, in-place configuration, and tracking of a specific PIX security appliance without requiring any additional utility beyond a standard Web browser and Java plug-in to be running on an administrator's computer.
IT managers can also remotely configure, track, and analyze PIX security appliances via a CLI interface. Secure CLI interface access is possible using a number of techniques such as SSHv2 Protocol, Telnet through IP Security, and out-of-band via a console port. PIX security appliances also have robust auto-update features, a set of revolutionary secure remote-administration options that make sure that firewall settings and software images are always up to date.
For more information about Progent's consulting services for PIX firewalls, visit PIX firewalls configuration and troubleshooting services.
Progent's PIX to ASA Migration Support
Because Cisco has discontinued offering the PIX family of firewalls, many companies are concerned about depending on a critical security mechanism that might stop being supported. Cisco ASA 5500 security appliances have the advantage of being current devices and also offer several functions and economic benefits in comparison to PIX 500 devices. These advantages include significantly better throughput, optional SSL VPN capability, and an expandable design that guards your investment by enabling you to add more security features when and if you require them. Progent's CCIE-certified experts can help your company to determine the strategic value of for migrating from PIX to ASA 5500 security appliances, design a migration process that permits a quick and seamless changeover, help your IT staff to install new ASA 5500 Series firewalls, and offer remote training, consulting, and troubleshooting services.
Additional Ways Progent Can Assist Your Business with Cisco ASA and PIX Firewalls
Cisco's ASA Series adaptive security appliances and PIX firewalls provide an array of configuration, monitoring, and troubleshooting options that offer you the flexibility to set up these security appliances to match your business requirements. Progent's CCIE authorized network professionals can assist you to design a cost-effective network infrastructure that includes Cisco ASA and/or PIX security appliances and that offers world-class security, fault tolerance, throughput, and manageability. Progent's CISA and CISM-certified information security engineers can assist your business to develop a security strategy that makes sense for your environment and can configure your security appliance to enforce your security strategy. Progent's security evaluation professionals can assess the strength of your existing firewall solution and help determine the security of your entire IT environment. Progent’s Help Desk Call Center can deliver urgent online troubleshooting for Cisco products and offer fast access to a Cisco CCIE network engineer.
To see more information about Progent's professional support for Cisco networking products, pick a topic:
To find out more details concerning Progent's engineering assistance for Cisco networking products, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to get in touch with Progent about consulting expertise for Cisco technology, call 1-800-993-9400 or refer to Contact Progent.