Cisco’s ASA 5500-X, ASA 5500, and PIX 500 firewalls offer combined firewall, IPsec VPN, and intrusion prevention system services in compact single-box packages, delivering a broad array of features to meet the security and compliance needs of organizations from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500, and PIX 500 firewalls allow network security staffs to protect their network edge and offer safe remote connectivity while using advanced administration mechanisms based on Cisco's world-class firewall technology.

Cisco’s ASA 5500 and PIX 500 firewalls have arrived at end-of-life status but are still widely used in small and mid-size organizations and in some enterprise networks. The ASA 5500-X Next-Generation Firewalls represent significantly more bang for the buck and have supplanted the ASA 5500 and PIX 500 lines of firewalls for new installations. However, Cisco's older model firewall appliances, if carefully managed, can offer a high level of security by supplying multiple features including stateful firewall, VPN tunneling, and IPS.

Following Cisco's purchase of Sourcefire, the entire line of Cisco ASA 5500-X firewalls can be configured to support Firepower Services, based on Sourcefire's Snort technology, which is the world's most popular intrusion protection system (IPS). Firepower services provide powerful new features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.

Progent's Cisco-certified infrastructure consultants can help your organization to support and troubleshoot legacy ASA 5500 and PIX 500 firewall appliances and can also assist you to plan and implement a smooth upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also assist you to plan, deploy, optimize, administer and troubleshoot new firewall solutions based on Cisco's current ASA 5500-X firewalls with Firepower.

Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X firewalls includes an enhanced replacement for each rack-mountable model in the older ASA 5500 generation of devices. Each ASA 5500-X firewall is suited for the identical market as the associated previous models, which offers small and midsize businesses plenty of room for picking a firewall that aligns with their security needs and IT budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and are capable of running Cisco's advanced protection services. All models in Cisco's ASA 5500-X product line provide consistent protection across any mix of physical, virtual, and cloud environments.

>Cisco ASA 5500-X Firepower Consultants

For more information about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's consulting for ASA 5500-X security appliances, visit Firepower integration and troubleshooting consulting

Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls work with software or physical modules that support Firepower Services, which offer layered protection against sophisticated threats. Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA 5500-X firewalls include:

  • Layered defense against familiar and new attacks
  • Cisco's Advanced Malware Protection (AMP) that uses big data techniques to discover and remediate intrusions
  • Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that covers clients, infrastructure, software applications, and content to discover threats that incorporate multiple approaches
  • High-resolution Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically activate both standard and custom IPS policies based on the severity of threats
>Cisco Firepower Integration Expertise

Firepower Services for Cisco ASA 5500-X firewalls offer advanced multi-layered security

Simpler deployments of Cisco ASA firewalls can be efficiently administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool provided with all ASA 5500-X models. ASDM provides a simple web console for configuring, managing, and debugging ASA 5500-X devices and service modules.

For more complex deployments, ASA 5500-X firewalls with Firepower Services can be administered with Firepower Management Center, implemented as one or more physical or virtual appliances. Firepower Management Center offers centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under several names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.

Firepower Management Center offers features beyond those available with Cisco's on-box ASDM utility. Additional capabilities include expanded context awareness, Advanced Malware Protection (AMP) with mitigation for client devices, a dashboard that offers real-time infrastructure visualization, automated policy tuning driven by risk assessment of attacks, comprehensive IPS, custom app detectors for Application Visibility and Control (AVC), customized health notifications, enhanced reporting options, and application interfaces for host input and database access. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be handled via the on-device ASDM or the ASA 5500-X CLI.

Cisco ASA 5500 Family of Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on technology developed for the Cisco PIX 500 family Security Appliance, Cisco's IPS 4200 Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) Firewall family to deliver a firewall that stops the broadest variety of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls provide program security, network containment, and clean Virtual Private Network connectivity across the entire product portfolio. This broad scope of security enables the guarding of any network segment, including the most common threat vectors like remote sites, LAN-attached internal users, and remote access Virtual Private Networks.

>ASA 5500 Consulting and Technical Support
The expandable architecture of the Cisco ASA 5500 Series enables you to add services via security service modules (SSMs) and security service cards (SSCs). These user-installable enhancements give you the ability to add Intrusion Protection and content protection services such as filtering virus, worms, and phishing attacks and performing data and URL screening. In addition to enabling your IT staff to react quickly to new threat vectors, the extensible architecture of the ASA 5500 Series also protects your capital investment by prolonging the useful life of your firewalls. The ASA 5500 Series also protects your investment in IT staff education by utilizing the familiar set of PIX 500 security management utilities and protocols including the Cisco Adaptive Security Device Manager system, protected command-line interface (CLI) access, verbose syslog, and SNMP.

Cisco ASA firewalls provide robust application protection through intelligent, application-aware inspection engines that analyze traffic at Layers 4-7. This results in a more secure environment covering Web, voice, and mobile wireless services. To protect against application-layer assaults and to provide better control over the applications and protocols used in their networks, Cisco's inspection engines integrate broad application and protocol knowledge and employ protection enforcement solutions that include anomaly sensing and application and protocol state monitoring. Also included are attack detection and remediation techniques including application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also deliver control over IM and tunneling applications, allowing organizations to police usage policies and free up network bandwidth for critical business processes.

For more information about Progent's support services for Cisco's ASA 5500 security appliances, visit ASA 5500 firewalls integration and troubleshooting services.

PIX Security Appliance Series
Built upon a hardened, purpose-built operating system that offers a wealth of protection features, Cisco PIX security appliances offer excellent security and have earned EAL 4 status and ICSA Firewall and IP Security certification. PIX firewalls offer protection for a broad array of Voice over IP and other mixed-media conventions including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, helping businesses to protect deployments of a broad array of contemporary and next-generation Voice over IP and mixed-media applications.

PIX Security Consulting Firm
PIX firewalls offer a variety of setup, monitoring, and analysis options, providing businesses the versatility to use the methods that most closely match their requirements. Administrative solutions include centralized, policy-based management tools, integrated web-based management, and support for remote-tracking standards like SNMP and syslog. The integrated Adaptive Security Device Manager interface offers a world-class Web-based management solution that significantly simplifies the deployment, in-place modification, and monitoring of a single Cisco PIX security appliance without the need of any extra software beyond an ordinary browser and Java plug-in to be installed on an administrator's PC.

Administrators can also remotely set up, monitor, and analyze PIX security appliances using a CLI interface. Secure command-line interface (CLI) communication is possible using several techniques such as Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. Cisco PIX security appliances also have robust automatic-update features, a collection of advanced secure remote-administration services that ensure firewall configurations and software images are always up to date.

For more information about Progent's consulting services for Cisco PIX firewalls, see PIX 500 firewalls integration and troubleshooting consulting.

Progent's PIX to ASA Migration Consulting Support
Because Cisco has ceased offering the PIX 500 product line, many companies are concerned about relying on a key security mechanism that may stop being supported by Cisco. Cisco ASA 5500 firewalls offer the benefit of being new devices and also offer several functions and economic advantages in comparison to PIX firewalls. These advantages include substantially higher throughput, optional SSL tunneling support, and a modular architecture that protects your investment by enabling you to self-install new security services whenever you need them. Progent's CCIE-certified experts can assist your company to assess the business case for migrating from PIX to ASA 5500 firewalls, create a migration process that permits a fast and non-disruptive upgrade, assist you to install new ASA 5500 firewalls, and offer remote training, consulting, and troubleshooting services.

Other Ways Progent Can Help You with Cisco ASA and PIX Firewalls
Cisco's ASA Series adaptive security appliances and PIX firewalls incorporate a wealth of setup, monitoring, and analysis options which give you the ability to deploy these security appliances to match your company's needs. Progent's CCIE certified network consultants can show you how to and support a cost-effective network infrastructure that includes Cisco ASA or PIX security appliances and that offers advanced security, fault tolerance, throughput, and manageability. Progent's GISA and CISM-certified information security engineers can help you to create a security policy appropriate for your environment and can configure your PIX or ASA firewall to enforce your security strategy. Progent's risk assessment professionals can assess the effectiveness of your existing firewall solution and help determine the overall security of your whole IS network. Progent’s Help Desk Call Center can provide urgent remote troubleshooting for Cisco products and offer fast access to a Cisco CCIE expert.

To find out additional information about Progent's professional help for Cisco solutions, choose a topic:

To learn more information about Progent's consulting support for Cisco technology, pick a subject:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

In order to ask Progent about technical support for Cisco networking, phone 1-800-993-9400 or refer to Contact Progent.

© 2002- 2017 Progent Corporation. All rights reserved.