Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances offer integrated firewall, VPN, and intrusion prevention system capabilities in compact single-box packages, delivering a wide array of features to meet the security needs of companies ranging from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances allow network security staffs to protect their network edge and provide safe remote access while using powerful management mechanisms built on Cisco's world-class firewall technology.

Cisco’s ASA 5500 and PIX firewalls have reached end-of-life (EOL) but are still commonly deployed in smaller businesses and in some larger data centers. The ASA 5500-X Next-Generation Firewalls deliver significantly more bang for the buck and have superseded Cisco's ASA 5500 and PIX 500 families of firewalls for new deployments. Still, Cisco's legacy firewalls, if carefully maintained, can deliver a high degree of protection by supplying multiple features such as firewall, VPN, and IPS.

Following Cisco's purchase of Sourcefire, the whole family of Cisco ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort product, which is the market's most deployed intrusion protection system. Firepower services provide powerful new features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.

Progent's Cisco CCIE-certified infrastructure consultants can assist you to maintain and troubleshoot older ASA 5500 and PIX firewalls and can also assist you to design and implement an efficient migration to Cisco’s ASA 5500-X firewalls with Firepower Services. Progent can also help you to plan, deploy, tune, administer and troubleshoot new firewall solutions built on Cisco's latest ASA 5500-X firewalls with Firepower Services.

Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X firewalls features an enhanced substitute for every rack-mountable model in the previous ASA 5500 generation of firewalls. Each ASA 5500-X model targets the same market as the associated previous models, which offers most ample room for selecting a solution that aligns with their security requirements and budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore processors and are capable of running Cisco's powerful protection services. All devices in Cisco's ASA 5500-X family provide dependable security across any combination of physical, virtual, and cloud environments.

>Cisco ASA 5500-X Firepower Consultants

For additional details about ASA 5500-X firewalls, Firepower services, and Progent's support for ASA security appliances, visit Cisco Firepower configuration and troubleshooting expertise

Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls work with software or physical modules that enable Firepower Services, which provide layered defense against multi-vector attacks. Firepower Services are based on innovative technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA security appliances include:

  • Multi-layer protection against both familiar and new threats
  • Advanced Malware Protection that utilizes big data to find and mitigate intrusions
  • A Next-Generation Intrusion Prevention System that provides contextual analysis that looks at clients, infrastructure, software applications, and content to detect attacks that use multiple vectors
  • Fine-grained Application Visibility and Control that is aware of thousands of apps and can automatically activate standard and customized IPS policies based on the severity of threats
>Cisco Firepower Configuration Expertise

Firepower Services for ASA firewalls offer multi-layered protection

Smaller deployments of Cisco ASA 5500-X firewalls can be efficiently administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool included with all ASA 5500-X versions. ASDM provides a simple web console for configuring, managing, and debugging ASA 5500-X devices and modules.

For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower can be managed using Cisco's Firepower Management Center, available as one or more physical or virtual appliances. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under several names that include Cisco Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.

Cisco's Firepower Management Center offers features beyond those available with Cisco's on-box ASDM tool. Additional features include greater context awareness, Advanced Malware Protection (AMP) with remediation for client devices, a console that provides real-time infrastructure visualization, automated policy tuning based on risk evaluation of threats, comprehensive IPS, custom application detectors for Application Visibility and Control (AVC), customized health alerts, improved reporting features, and application interfaces for host input and database access. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be handled via the on-device ASDM or the ASA CLI.

Cisco ASA 5500 Family of Firewalls
Cisco ASA 5500 Series Firewalls leverage technology behind the PIX 500 firewall, the IPS 4200 Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These solutions enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to deliver a platform that stops the broadest variety of attacks. Cisco Adaptive Security Appliances Firewalls provide program security, network containment, and safe VPN functionality across Cisco's product line. This breadth of protection allows the guarding of any network section, which includes the most common threat conduits like remote locations, LAN-attached internal users, and off-site access VPNs.

>ASA 5500 Series Consulting and Troubleshooting
The expandable architecture of the ASA 5500 Series enables you to add more services by installing security service modules (SSMs) and security service cards. These easy-to-install enhancements give you the option of adding Intrusion Protection and content protection functions like filtering virus, worms, and phishing attacks and performing data and web filtering. In addition to enabling your IT staff to respond rapidly to new threat vectors, the extensible design of the Cisco ASA 5500 Series also protects your hardware investment by increasing the useful life of your security appliances. The ASA 5500 Series also leverages your investment in administrative team education by supporting the rich set of PIX management tools and protocols including the Cisco ASDM system, secure command-line interface (CLI) availability, syslog, and Simple Network Management Protocol (SNMP).

Cisco Adaptive Security Appliances (ASA) firewalls provide robust application security via smart, application-sensitive inspection engines that examine traffic at Layers 4-7. The result is a more secure network covering Web, voice, and mobile wireless access. To defend networks against application-layer attacks and to provide stronger control over the applications and protocols used in their networks, Cisco's inspection engines incorporate broad application and protocol knowledge and employ protection enforcement solutions that include protocol anomaly sensing and state tracking. Also incorporated are attack sensing and mitigation techniques such as application and protocol command filters and content verification. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, enabling organizations to enforce usage policies and recover network bandwidth for important business processes.

For additional information about Progent's consulting services for ASA 5500 security appliances, visit ASA 5500 firewalls integration and debugging support.

Cisco PIX Firewall Appliances
Based upon a tested, purpose-built operating system that delivers rich security services, Cisco PIX firewall appliances provide a high level of protection and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security qualification. PIX firewalls provide security for a broad range of Voice over IP and additional mixed-media standards including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, enabling organizations to safeguard deployments of a broad range of contemporary and upcoming Voice over IP and mixed-media applications.

Cisco PIX Security Help
Cisco PIX firewalls offer a variety of configuration, monitoring, and troubleshooting features, providing IT managers the flexibility to utilize the methods that most closely meet their requirements. Management solutions include centralized, policy-based administration tools, integrated web-based administration, and support for remote-monitoring standards like Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a powerful Web-accessible control platform that greatly streamlines the installation, in-place configuration, and monitoring of a single PIX security appliance without requiring any additional utility other than a standard Web browser and Java applet to be installed on a manager's PC.

Administrators can furthermore remotely configure, monitor, and analyze Cisco PIX security appliances via a command-line interface (CLI). Secure command-line interface (CLI) access is possible through a number of techniques such as SSHv2 Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. Cisco PIX security appliances also include dependable automatic-update capabilities, a set of advanced protected remote-administration options that ensure firewall configurations and software images are kept up to date.

For additional information about Progent's support services for PIX 500 firewalls, see PIX 500 firewalls configuration and troubleshooting support.

Progent's PIX to ASA Migration Support
Because Cisco has ceased offering the PIX product line, many businesses are concerned about depending on a key security mechanism that might no longer be supported. Cisco ASA 5500 security appliances have the benefit of being new devices and also bring several functions and economic advantages in comparison to PIX 500 firewalls. These benefits include significantly better performance, optional SSL VPN capability, and a modular design that protects your investment by allowing you to add more security services when and if you require them. Progent's Cisco certified experts can help you to assess the strategic value of for upgrading from PIX to Cisco ASA 5500 security appliances, create a migration process that permits a fast and seamless upgrade, help your IT staff to deploy new ASA 5500 Series appliances, and offer online, consulting, and technical support services.

Other Ways Progent Can Assist Your Business with Cisco ASA and PIX Security Appliances
Cisco's ASA 5500 Series firewalls and PIX security appliances incorporate a wealth of configuration, tracking, and troubleshooting features which offer you the flexibility to configure these firewalls to match your business requirements. Progent's CCIE authorized network professionals can assist you to and support a cost-effective infrastructure that includes Cisco ASA and/or PIX security appliances and that offers advanced security, resilience, performance, and recoverability. Progent's CISA and CISSP-ISSP-qualified IS security consultants can assist your business to create a security policy that makes sense for your situation and can configure your firewall to support your security policies. Progent's risk assessment consultants can assess the strength of your current firewall solution and validate the overall security of your whole IT environment. Progent’s Technical Response Center (TRC) can provide emergency remote troubleshooting for Cisco products and offer quick access to a Cisco CCIE expert.

To learn more information concerning Progent's professional support for Cisco networking products, pick a topic:

To find out additional details concerning Progent's professional support for Cisco solutions, choose a subject:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

In order to ask Progent about professional expertise for Cisco products, call 1-800-993-9400 or see Contact Progent.

© 2002- 2017 Progent Corporation. All rights reserved.