Cisco’s ASA 5500-X, ASA 5500, and PIX firewalls offer integrated firewall, VPN, and intrusion prevention system capabilities in compact single-box devices, delivering a wide array of features to match the security and compliance needs of organizations from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500, and PIX 500 firewalls allow network security teams to protect their network edge and provide secure remote connectivity while utilizing advanced administration tools built on Cisco's world-class firewall technology.

Cisco’s ASA 5500 and PIX firewalls have arrived at end-of-life (EOL) status but remain commonly deployed in small and mid-size businesses and in some larger networks. The ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have supplanted the ASA 5500 and PIX lines of firewalls for new installations. Still, Cisco's legacy firewall appliances, if properly managed, continue to offer a high degree of protection by supplying multiple services such as firewall, IPsec VPN, and IPS.

Since Cisco's acquisition of Sourcefire, the entire family of Cisco ASA 5500-X devices can be configured to support Firepower Services, based on Sourcefire's Snort technology, which is the world's most popular intrusion protection system (IPS). Firepower services bring powerful new capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.

Progent's Cisco CCIE-certified network consultants can assist your organization to maintain and troubleshoot legacy ASA 5500 and PIX firewall appliances and can also help you to design and carry out a smooth migration to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also help you to design, integrate, optimize, administer and troubleshoot new firewall ecosystems based on Cisco's latest ASA 5500-X firewalls with Firepower.

Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive line of ASA 5500-X security appliances includes an improved replacement for each rack-mountable unit in the older ASA 5500 series of devices. Each ASA 5500-X firewall is suited for the same market as the associated previous models, which gives most plenty of room for picking a firewall that aligns with their security needs and budgets. All ASA 5500-X products are based on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and support Cisco's powerful protection services. All devices in Cisco's ASA 5500-X family provide consistent protection across any combination of physical, virtual, and cloud deployments.

Cisco ASA 5500-X Firepower Consultants

For additional details about Cisco's ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for Cisco ASA 5500-X security appliances, visit Firepower integration and troubleshooting expertise

Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls accept either software or hardware modules that support Cisco's Firepower Services, which offer layered defense against advanced threats. Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA security appliances include:

  • Layered defense against familiar and zero-day attacks
  • Cisco's Advanced Malware Protection that utilizes big data to discover and mitigate security breaches
  • Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that covers clients, infrastructure, software applications, and content to discover threats that use multiple vectors
  • Fine-grained Application Visibility and Control (AVC that is aware of thousands of apps and can automatically launch both standard and customized IPS policies depending on the degree of threats
Cisco Firepower Configuration Consultants

Firepower Services for ASA 5500-X firewalls provide multi-layered security

Simpler deployments of ASA 5500-X firewalls can be efficiently administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all ASA 5500-X models. ASDM provides a convenient web console for configuring, managing, and debugging ASA 5500-X firewalls and service modules.

For more complex environments, ASA 5500-X appliances with Firepower can be managed using Firepower Management Center, implemented as one or more physical units or virtual appliances. Cisco's Firepower Management Center offers unified firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under various names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.

Cisco's Firepower Management Center offers capabilities beyond those available with Cisco's on-box Adaptive Security Device Manager tool. Extra capabilities include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for client devices, a console that provides real-time network infrastructure visualization, automated policy optimization based on impact assessment of attacks, comprehensive IPS, custom app discovery for Application Visibility and Control, customized health alerts, improved reporting features, and APIs for host input and databases. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be handled via the on-box ASDM or the ASA CLI.

Cisco ASA 5500 Adaptive Security Appliances
Cisco ASA 5500 Series Firewalls build on engineering behind Cisco's PIX 500 Series Security Appliance, the IPS 4200 family Intrusion Prevention System, and the VPN 3000 Series concentrator. These technologies enable the Cisco Adaptive Security Appliances (ASA) Firewall family to deliver a firewall that stops the widest variety of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide program protection, local containment and control, and clean Virtual Private Network functionality throughout Cisco's product line. This breadth of security enables the guarding of any network section, including the most common threat vectors such as remote sites, locally-attached inside users, and off-site access VPNs.

ASA 5500 Series Consulting Services and Technical Support
The expandable design of the ASA 5500 Series enables you to add features by installing service modules and security service cards. These user-installable options provide the ability to add IPS and content protection functions such as filtering virus, spyware, and phishing attacks and performing data and web filtering. In addition to allowing you to react rapidly to the latest threat environments, the expandable design of the Cisco ASA 5500 family also leverages your hardware investment by prolonging the life of your security appliances. The ASA 5500 Series also leverages your investment in IT staff education by utilizing the rich library of PIX 500 security management tools and protocols including the Cisco ASDM platform, secure command-line interface (CLI) availability, verbose syslog, and Simple Network Management Protocol (SNMP).

Cisco Adaptive Security Appliances 5500 Series firewalls provide robust application security via intelligent, application-aware inspection engines that analyze network flows at Layers 4-7. The result is a better protected environment covering Web, voice, and 3G-mobile wireless services. To protect networks against application-layer attacks and to provide stronger policing of the programs and protocols utilized in their networks, Cisco's inspection engines incorporate broad application and protocol knowledge and rely on security enforcement technologies such as anomaly sensing and application and protocol state monitoring. Also included are attack detection and mitigation techniques including application and protocol command filtering and content verification. Cisco ASA firewall inspection engines also deliver management of instant messaging and tunneling applications, allowing businesses to enforce usage policies and recover network bandwidth for vital business applications.

For more information about Progent's consulting services for ASA 5500 security appliances, go to Cisco ASA 5500 firewalls integration and troubleshooting support.

PIX Security Appliance Series
Based upon a hardened, specialized OS that delivers rich security features, PIX security appliances offer a high level of security and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec qualification. Cisco PIX firewalls provide security for a wide range of VoIP and additional mixed-media conventions including H.323 Version 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping organizations to protect installations of a broad range of current and upcoming VoIP and video applications.

PIX Firewalls Support
PIX security appliances offer a wealth of setup, tracking, and troubleshooting features, giving businesses the versatility to utilize the techniques that most closely meet their needs. Management options include centralized, policy-based management tools, integrated web-based administration, and compatibility with remote-monitoring standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a world-class Web-accessible control solution that significantly streamlines the installation, ongoing modification, and monitoring of a specific PIX security appliance without requiring any extra utility beyond a standard Web browser and Java plug-in to be running on an administrator's computer.

Administrators can furthermore remotely configure, track, and troubleshoot PIX firewall appliances using a CLI interface. Secure command-line interface (CLI) access is possible using a number of methods such as Secure Shell Protocol, Telnet over IPsec, and out-of-band via a console port. Cisco PIX firewalls also include dependable auto-update capabilities, a collection of advanced protected remote-management options that make sure that security settings and software images are always current.

For additional details about Progent's consulting services for PIX 500 security appliances, see Cisco PIX 500 firewalls configuration and troubleshooting services.

Progent's PIX to ASA Migration Consulting Support
Because Cisco has discontinued selling the PIX 500 product line, many companies are concerned about relying on a critical security component that may stop being supported by Cisco. Cisco ASA 5500 security appliances have the benefit of being current products and also bring a number of technical and budgetary advantages in comparison to PIX 500 devices. These advantages include significantly higher performance, optional SSL VPN support, and a modular design that guards your investment by enabling you to self-install new security features when and if you require them. Progent's CCIE-certified experts can assist you to assess the strategic value of for upgrading from PIX 500 to ASA 5500 security appliances, design a migration plan that allows for a fast and seamless upgrade, help your IT staff to install new ASA 5500 appliances, and offer remote training, consulting, and troubleshooting services.

Additional Ways Progent Can Assist Your Business with Cisco ASA and PIX Firewalls
Cisco ASA 5500 Series firewalls and PIX family security appliances provide a wealth of setup, monitoring, and analysis features which give you the ability to configure these firewalls to align optimally with your business needs. Progent's CCIE authorized network consultants can assist you to design an efficient infrastructure that incorporates Cisco ASA or PIX firewall technology and that offers world-class protection, fault tolerance, throughput, and manageability. Progent's GISA and CISM-qualified IS security experts can help you to develop a security strategy appropriate for your environment and can set up your security appliance to enforce your security policies. Progent's security evaluation engineers can evaluate the strength of your existing firewall deployment and help determine the overall security of your whole information system environment. Progent’s Help Desk support team can provide urgent online troubleshooting for Cisco technology and can give you quick access to a Cisco CCIE network engineer.

To find out additional information about Progent's professional support for Cisco networking products, pick a subject:

To find out additional information about Progent's engineering help for Cisco technology, select a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

In order to get in touch with Progent about technical support for Cisco products, call 1-800-993-9400 or see Contact Progent.

© 2002- 2019 Progent Corporation. All rights reserved.