Cisco’s ASA 5500-X, ASA 5500, and PIX 500 firewalls offer combined firewall, VPN, and IPS services in compact single-box devices, delivering a broad array of features to meet the security and compliance needs of organizations from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500, and PIX 500 firewall appliances allow IT security staffs to defend their network edge and provide secure remote connectivity while utilizing advanced management tools based on Cisco's industry-leading firewall products.

Cisco’s ASA 5500 and PIX firewalls have reached end-of-life but are still widely deployed in smaller organizations and in a few larger networks. Cisco’s ASA 5500-X Next-Generation Firewalls represent significantly more bang for the buck and have supplanted the ASA 5500 and PIX 500 families of firewalls for new installations. Still, Cisco's older model firewalls, if carefully maintained, can deliver a high level of security by supplying multiple features such as stateful firewall, VPN, and IPS.

After Cisco's purchase of Sourcefire, the entire family of Cisco ASA 5500-X devices can be provisioned to support Firepower Services, built on Sourcefire's Snort product, which is the world's most deployed network intrusion protection system (IPS). Firepower services bring enhanced capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.

Progent's Cisco-qualified network engineers can help you to maintain and troubleshoot legacy ASA 5500 Series and PIX firewalls and can also help you to design and carry out a smooth migration to Cisco’s ASA 5500-X firewalls with Firepower Services. Progent can also help you to design, integrate, optimize, manage and debug new firewall ecosystems based on Cisco's current ASA 5500-X firewalls with Firepower.

Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive line of ASA 5500-X firewalls features an enhanced replacement for each rack-mountable unit in the older ASA 5500 series of devices. Each ASA 5500-X firewall targets the same market as the associated earlier models, which gives small and midsize businesses plenty of choice for selecting a solution that aligns with their security requirements and IT budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore processors and are capable of running Cisco's advanced security services. All models in Cisco's ASA 5500-X family deliver dependable security across any mix of physical, virtual, and cloud environments.

>Cisco ASA 5500-X Firepower Consultants

For additional details about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's support for ASA 5500-X firewalls, visit Cisco Firepower integration and troubleshooting expertise

Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances accept either software or physical modules that enable Cisco's Firepower Services, which provide layered protection against multi-vector attacks. Firepower Services are powered by technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X security appliances include:

  • Multi-layer defense against familiar and zero-day attacks
  • Cisco's Advanced Malware Protection that utilizes big data techniques to find and mitigate security breaches
  • Cisco's Next-Generation Intrusion Prevention System that performs contextual analysis that looks at clients, network infrastructure, software applications, and content to detect threats that use simultaneous vectors
  • Fine-grained Application Visibility and Control that is familiar with thousands of apps and can automatically launch standard and custom IPS policies based on the degree of threats
>Cisco Firepower Integration Expertise

Firepower Services for ASA firewalls provide multi-layered security

Simpler deployments of ASA 5500-X firewalls can be efficiently managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility included with all ASA 5500-X models. ASDM includes an easy-to-use web console for configuring, administering, and debugging ASA 5500-X devices and service modules.

For multi-device and multi-site environments, ASA 5500-X appliances with Firepower Services can be administered with Cisco's Firepower Management Center, implemented as one or more physical units or virtual devices. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under several names that include Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.

Cisco's Firepower Management Center offers capabilities unavailable with Cisco's on-device Adaptive Security Device Manager tool. Additional capabilities include greater context awareness, Advanced Malware Protection (AMP) with mitigation for user devices, a dashboard that provides real-time infrastructure visualization, automated policy tuning based on impact assessment of attacks, comprehensive IPS, custom application detectors for Application Visibility and Control (AVC), customized health alerts, improved reporting options, and application interfaces for host input and databases. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be handled using either the on-device ASDM or the ASA CLI.

Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls build on technology developed for the Cisco PIX 500 family Security Appliance, the Cisco IPS 4200 Series sensor, and the Cisco VPN 3000 model concentrator. These solutions enable the Cisco ASA 5500 Series Firewall product line to deliver a firewall that defends against the broadest range of attacks. Cisco ASA Firewalls deliver program protection, local containment, and clean Virtual Private Network functionality across the entire product line. This broad scope of security enables the guarding of any network section, which includes the most common threat vectors like remote sites, LAN-connected inside users, and off-site connected VPNs.

>Cisco ASA 5500 Series Consulting Services and Technical Support
The scalable design of the Cisco ASA 5500 family allows you to add more services by installing service modules and security service cards. These easy-to-install enhancements provide the ability to add Intrusion Protection and content protection services like blocking virus, spyware, and phishing assaults and performing data and URL filtering. In addition to enabling your IT staff to react quickly to the latest threat environments, the expandable architecture of the ASA 5500 family also protects your hardware investment by prolonging the life of your security appliances. The Cisco ASA 5500 Series also leverages your investment in administrative team training by utilizing the familiar set of PIX 500 security management tools and protocols such as the Cisco ASDM platform, protected command-line interface access, verbose syslog, and Simple Network Management Protocol.

Cisco ASA firewalls provide robust application security via smart, application-sensitive inspection engines that analyze traffic at Layers 4-7. This produces a better protected network including Web, voice, and 3G-mobile wireless connectivity. To protect networks against application-layer assaults and to provide stronger control over the programs and protocols used in their environments, Cisco's inspection engines integrate broad application and protocol knowledge and employ protection enforcement technologies that include anomaly detection and state tracking. Also incorporated are assault sensing and mitigation technology including application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide control over instant messaging and tunneling applications, enabling organizations to enforce usage policies and conserve bandwidth for crucial business processes.

For more information about Progent's consulting services for ASA 5500 security appliances, visit Cisco ASA 5500 firewalls configuration and troubleshooting services.

PIX Firewalls
Built upon a tested, purpose-built software platform that delivers a wealth of protection features, PIX security appliances provide excellent protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security qualification. Cisco PIX firewalls provide protection for a wide range of VoIP and other mixed-media standards such as H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), enabling organizations to safeguard installations of a wide range of current and next-generation VoIP and multimedia applications.

Cisco PIX Firewalls Help
PIX firewall appliances feature a wealth of setup, tracking, and analysis features, giving businesses the versatility to utilize the techniques that best match their needs. Management solutions include common, policy-based administration utilities, integrated web-accessible administration, and compatibility with remote-monitoring standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager system offers a world-class Web-accessible control platform that greatly simplifies the deployment, in-place configuration, and tracking of a specific PIX security appliance without requiring any extra software other than an ordinary Web browser and Java plug-in to be running on an administrator's PC.

Administrators can furthermore remotely set up, track, and troubleshoot PIX firewalls using a command-line interface (CLI). Safe CLI interface access is possible using several methods such as Secure Shell (SSHv2) Protocol, Telnet over IP Security, and out-of-band via a console port. Cisco PIX firewall appliances also include dependable automatic-update capabilities, a collection of advanced secure remote-administration options that ensure security configurations and software images are always current.

For more details about Progent's support services for Cisco PIX firewalls, see PIX 500 firewalls configuration and debugging services.

Progent's PIX to ASA Migration Consulting Support
Since Cisco has ceased selling the PIX 500 product line, many businesses are concerned about depending on a key infrastructure mechanism that may stop being supported. ASA 5500 firewalls offer the benefit of being new devices and also offer several technical and financial benefits in comparison to PIX 500 devices. These advantages include substantially higher throughput, optional Secure Sockets Layer tunneling capability, and an expandable design that guards your investment by enabling you to self-install new security services when and if you need them. Progent's Cisco certified network engineers can help you to determine the strategic value of for migrating from PIX 500 to Cisco ASA 5500 firewalls, create a migration process that allows for a fast and seamless changeover, help you to configure new ASA 5500 Series appliances, and provide remote training, consulting, and troubleshooting services.

Additional Ways Progent Can Assist You with Cisco ASA and PIX Security Appliances
Cisco's ASA 5500 Series adaptive security appliances and PIX security appliances provide a wealth of setup, tracking, and analysis options which give you the flexibility to set up these firewalls to match your business requirements. Progent's CCIE authorized network professionals can show you how to install an efficient network infrastructure that incorporates Cisco ASA and/or PIX security appliances and that provides world-class protection, resilience, throughput, and manageability. Progent's GISA and CISSP-ISSP-qualified information security experts can assist your business to create a security policy that makes sense for your business and can configure your PIX or ASA firewall to enforce your security policies. Progent's risk assessment professionals can assess the strength of your existing firewall solution and audit the security of your entire IT environment. Progent’s Help Desk support team can deliver emergency remote technical support for Cisco products and offer quick access to a Cisco expert.

To see more information about Progent's engineering assistance for Cisco technology, select a subject:

To see more details about Progent's engineering help for Cisco products, select a subject:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To contact Progent about technical assistance for Cisco networking, phone 1-800-993-9400 or refer to Contact Progent.
















© 2002- 2018 Progent Corporation. All rights reserved.