Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewalls provide combined firewall, VPN, and intrusion prevention system services in compact single-box devices, delivering a broad range of features to meet the security and compliance requirements of companies from small businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X, ASA 5500, and PIX 500 firewall appliances enable network security staffs to defend their network perimeter and offer safe remote access while using advanced management mechanisms based on Cisco's industry-leading firewall technology.

Cisco’s ASA 5500 and PIX firewalls have arrived at end-of-life status but remain widely deployed in smaller businesses as well as in a few larger networks. Cisco’s ASA 5500-X Next-Generation Firewalls deliver significantly more bang for the buck and have supplanted the ASA 5500 and PIX 500 lines of firewalls for new installations. Still, Cisco's older model firewall appliances, if properly managed, continue to deliver a high degree of security by providing a variety of services such as firewall, Virtual Private Network (VPN) connections, and IPS.

Following Cisco's acquisition of Sourcefire, the entire family of ASA 5500-X firewalls can be configured to enable Firepower Services, based on Sourcefire's Snort product, which is the market's most deployed network intrusion protection system. Firepower services bring powerful new features including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.

Progent's Cisco-qualified network engineers can assist your organization to maintain and troubleshoot legacy ASA 5500 and PIX 500 firewall appliances and can also help you to design and carry out a smooth upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to plan, configure, tune, manage and troubleshoot new firewall ecosystems based on Cisco's latest ASA 5500-X models with Firepower Services.

Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive line of ASA 5500-X security appliances features an enhanced substitute for every rack-mountable model in the previous ASA 5500 generation of firewalls. Each ASA 5500-X model targets the identical market as the corresponding previous models, which gives small and midsize businesses ample choice for selecting a solution that meets their security requirements and IT budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and support Cisco's powerful security services. All models in Cisco's ASA 5500-X family deliver dependable security across any mix of physical, virtual, and cloud environments.

>Cisco ASA 5500-X Firepower Consultants

For more details about ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for Cisco ASA 5500-X firewalls, visit Firepower configuration and debugging consulting

Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls work with either software or hardware modules that enable Cisco's Firepower Services, which offer layered defense against multi-vector attacks. Cisco's Firepower Services are powered by technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X firewalls include:

  • Layered protection against familiar and zero-day threats
  • Advanced Malware Protection (AMP) that uses big data techniques to discover and mitigate security breaches
  • A Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at clients, network infrastructure, software applications, and content to discover threats that incorporate multiple approaches
  • High-resolution Application Visibility and Control that is aware of thousands of apps and can automatically activate standard and custom IPS policies based on the severity of threats
>Cisco Firepower Configuration Expertise

Firepower Services for Cisco ASA firewalls offer multi-layered security

Simpler deployments of Cisco ASA 5500-X firewalls can be effectively managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool included with all ASA 5500-X models. ASDM provides a convenient web console for configuring, administering, and debugging ASA 5500-X appliances and service modules.

For multi-device and multi-site environments, ASA 5500-X appliances with Firepower Services can be administered using Firepower Management Center, available as one or more physical or virtual appliances. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names that include Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.

Firepower Management Center offers features unavailable with Cisco's on-box ASDM tool. Extra features include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for client devices, a dashboard that provides real-time network infrastructure visualization, automated policy optimization based on risk evaluation of threats, comprehensive IPS, custom application discovery for Application Visibility and Control, customized health notifications, improved reporting features, and application interfaces for host input and database access. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be handled using either Cisco's ASA 5500-X on-device ASDM or the ASA 5500-X CLI.

Cisco ASA 5500 Adaptive Security Appliances
Cisco Adaptive Security Appliances 5500 Series Firewalls build on technology behind the Cisco PIX 500 Security Appliance, the Cisco IPS 4200 Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These solutions converge on the Cisco ASA Firewall product line to offer a firewall that stops the broadest variety of attacks. Cisco ASA 5500 Series Firewalls provide application protection, local containment and control, and safe Virtual Private Network functionality across Cisco's product portfolio. This broad scope of protection enables defense of any network area, including the most typical threat conduits like remote locations, LAN-attached internal users, and remote connected VPNs.

>ASA 5500 Consulting Services and Technical Support
The scalable architecture of the ASA 5500 Series allows you to add features by installing security service modules (SSMs) and security service cards. These user-installable options provide the option of adding IPS and content protection services like filtering virus, spyware, and phishing assaults and executing data and web screening. In addition to enabling your IT staff to react quickly to new threat environments, the extensible design of the Cisco ASA 5500 Series also protects your hardware investment by increasing the useful life of your security appliances. The Cisco ASA 5500 family also leverages your investment in administrative staff education by supporting the familiar library of PIX security management tools and protocols such as the Cisco ASDM platform, secure command-line interface access, verbose syslog, and Simple Network Management Protocol (SNMP).

Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver robust application security via smart, application-aware inspection engines that analyze traffic at Layers 4-7. The result is a more secure network covering Web, voice, and 3G-mobile wireless access. To protect against application-layer assaults and to offer better control over the programs and protocols utilized in their environments, these inspection engines incorporate extensive application and protocol knowledgebases and employ security enforcement solutions such as protocol anomaly sensing and state tracking. Also incorporated are attack sensing and mitigation techniques such as application/protocol command filtering and content verification. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver management of IM and tunneling applications, enabling businesses to police usage policies and free up bandwidth for vital business processes.

For additional details about Progent's support services for ASA 5500 security appliances, see ASA 5500 series firewalls configuration and debugging services.

Cisco PIX Security Appliance Series
Built around a hardened, specialized operating system that offers a wealth of protection services, Cisco PIX firewalls provide excellent security and have received EAL 4 status and ICSA Labs Firewall and IP Security qualification. Cisco PIX firewalls provide security for a broad range of VoIP and additional multimedia standards including H.323 Version 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), enabling businesses to safeguard deployments of a wide array of current and upcoming Voice over IP and mixed-media applications.

PIX Firewalls Experts
PIX firewall appliances offer a wealth of setup, monitoring, and troubleshooting options, giving IT managers the flexibility to utilize the techniques that best match their needs. Management solutions include centralized, policy-based management tools, integrated web-based administration, and compatibility with remote-monitoring standards like SNMP and syslog. The integrated ASDM system provides a powerful Web-accessible control solution that greatly simplifies the deployment, in-place configuration, and tracking of a specific Cisco PIX firewall appliance without requiring any extra software other than an ordinary Web browser and Java applet to be installed on a manager's computer.

IT managers can also remotely set up, monitor, and troubleshoot Cisco PIX firewall appliances using a command-line interface. Secure command-line interface (CLI) communication is possible through a number of techniques such as SSHv2 Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. PIX firewalls also include robust automatic-update capabilities, a set of revolutionary secure remote-management services that make sure that security settings and software images are kept up to date.

For additional information about Progent's consulting services for Cisco PIX 500 firewalls, see PIX firewalls configuration and debugging consulting.

Progent's PIX to ASA Migration Support Services
Since Cisco has stopped selling the PIX 500 product line, many businesses are uncomfortable with depending on a critical security mechanism that might no longer be supported by Cisco. ASA 5500 security appliances offer the advantage of being new products and also bring several technical and economic advantages in comparison to PIX 500 devices. These benefits include substantially higher performance, optional Secure Sockets Layer tunneling capability, and a modular architecture that protects your investment by enabling you to self-install new security services whenever you require them. Progent's Cisco experts can assist your company to assess the business case for migrating from PIX 500 to ASA 5500 firewalls, create a migration plan that allows for a fast and non-disruptive changeover, assist your IT staff to install new ASA 5500 firewalls, and offer remote training, consulting, and troubleshooting services.

Additional Ways Progent Can Assist Your Business with Cisco Firewalls
Cisco Cisco ASA 5500 Series adaptive security appliances and PIX firewalls incorporate a wealth of configuration, monitoring, and analysis features that offer you the flexibility to configure these firewalls to align optimally with your business needs. Progent's CCIE certified network experts can assist you to install a cost-effective infrastructure that includes Cisco ASA and/or PIX firewalls and that provides world-class protection, fault tolerance, performance, and manageability. Progent's GISA and CISSP-ISSP-qualified information security professionals can assist you to create a security policy appropriate for your business and can configure your firewall to support your security policies. Progent's risk evaluation engineers can evaluate the strength of your existing firewall solution and audit the security of your entire IT network. Progent’s Technical Response Center (TRC) can provide urgent remote technical support for Cisco products and offer quick access to a Cisco network engineer.

To see more details about Progent's engineering support for Cisco networking products, pick a topic:

For additional details about Progent's consulting help for Cisco technology, pick a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

If you wish to ask Progent about consulting help for Cisco products, call 1-800-993-9400 or refer to Contact Progent.
















© 2002- 2017 Progent Corporation. All rights reserved.