Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances provide integrated firewall, VPN, and intrusion prevention system capabilities in compact single-box devices, delivering a broad array of features to match the security and compliance needs of organizations from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewalls enable IT security staffs to protect their network perimeter and offer safe remote connectivity while using advanced administration mechanisms built on Cisco's world-class firewall technology.

Cisco’s ASA 5500 and PIX 500 firewall appliances have arrived at end-of-life (EOL) status but are still widely used in small and mid-size organizations and in some larger networks. The ASA 5500-X Next-Generation Firewalls represent significantly more bang for the buck and have superseded Cisco's ASA 5500 and PIX lines of firewalls for new installations. However, Cisco's older model firewall appliances, if properly maintained, continue to offer a high degree of security by supplying a variety of security functions including stateful firewall, Virtual Private Network (VPN) connections, and IPS.

Following Cisco's purchase of Sourcefire, the entire family of Cisco ASA 5500-X firewalls can be configured to support Firepower Services, built on Sourcefire's Snort product, which is the market's most deployed network intrusion protection system. Firepower services provide enhanced capabilities including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.

Progent's Cisco-qualified infrastructure engineers can help you to maintain and troubleshoot legacy ASA 5500 Series and PIX firewalls and can also help you to design and implement an efficient upgrade to Cisco’s ASA 5500-X firewalls with Firepower. Progent can also assist you to plan, configure, optimize, administer and debug new firewall ecosystems built on Cisco's current ASA 5500-X models with Firepower.

Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive family of ASA 5500-X security appliances features an enhanced substitute for every rack-mountable model in the previous ASA 5500 line of firewalls. Each ASA 5500-X model targets the identical environment as the associated previous models, which gives most ample room for selecting a firewall that meets their security needs and IT budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and support Cisco's advanced protection services. All devices in Cisco's ASA 5500-X family provide consistent protection across any combination of physical, virtual, and cloud deployments.

Cisco ASA 5500-X Firepower Consultants

For more information about ASA 5500-X firewalls, Cisco Firepower services, and Progent's consulting for ASA 5500-X firewalls, go to Firepower configuration and troubleshooting consulting

Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with software or hardware modules that enable Firepower Services, which provide layered protection against sophisticated attacks. Firepower Services are based on technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA 5500-X firewalls include:

  • Layered protection against familiar and zero-day attacks
  • Cisco's Advanced Malware Protection (AMP) that utilizes big data techniques to find and mitigate intrusions
  • Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that covers users, infrastructure, apps, and content to discover attacks that use simultaneous vectors
  • Fine-grained Application Visibility and Control (AVC that is aware of thousands of applications and can automatically launch both standard and customized IPS policies depending on the severity of risk
Cisco Firepower Integration Consultants

Firepower Services for ASA firewalls offer advanced multi-layered security

Smaller implementations of Cisco ASA 5500-X firewalls can be efficiently managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool included with all ASA 5500-X models. ASDM includes a simple web console for configuring, administering, and debugging ASA 5500-X devices and service modules.

For more complex deployments, ASA 5500-X appliances with Firepower can be managed with Firepower Management Center, implemented as one or more physical units or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names that include Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.

Firepower Management Center provides features beyond those available with Cisco's on-box ASDM tool. Additional capabilities include greater context awareness, Advanced Malware Protection (AMP) with remediation for client devices, a console that provides real-time network visualization, automated policy optimization based on impact assessment of attacks, comprehensive IPS, custom app detectors for Application Visibility and Control, customized health alerts, improved reporting options, and application interfaces for host input and databases. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed via the on-box ASDM or the ASA 5500-X CLI.

Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances Firewalls leverage technology behind the Cisco PIX 500 Series firewall, the IPS 4200 family Intrusion Prevention System, and the VPN 3000 family concentrator. These technologies converge on the Cisco Adaptive Security Appliances Firewall family to offer a firewall that stops the widest variety of threats. Cisco Adaptive Security Appliances 5500 Series Firewalls provide application protection, network containment and control, and clean Virtual Private Network connectivity across the entire product line. This breadth of protection enables defense of any network section, which includes the most common attack conduits such as remote locations, locally-connected inside users, and off-site connected Virtual Private Networks.

Cisco ASA 5500 Series Consulting Services and Troubleshooting
The expandable architecture of the Cisco ASA 5500 family permits you to add more features by installing security service modules (SSMs) and security service cards (SSCs). These user-installable enhancements give you the option of adding Intrusion Protection and content protection services like blocking virus, spyware, and phishing attacks and performing file and web screening. Beside enabling you to respond quickly to the latest risk environments, the expandable architecture of the ASA 5500 family also protects your hardware investment by prolonging the useful life of your security appliances. The Cisco ASA 5500 Series also leverages your investment in administrative team education by supporting the rich library of PIX 500 security management utilities and protocols including the Cisco Adaptive Security Device Manager platform, protected command-line interface (CLI) availability, verbose syslog, and SNMP.

Cisco Adaptive Security Appliances (ASA) firewalls deliver a high-level of application protection through intelligent, application-sensitive inspection engines that analyze network flows at Layers 4-7. This produces a safer network including Web, voice, and 3G-mobile wireless access. To protect against application-layer attacks and to provide stronger policing of the programs and protocols used in their environments, these inspection engines incorporate extensive application and protocol knowledgebases and employ security enforcement technologies such as protocol anomaly sensing and state tracking. Also incorporated are assault detection and remediation techniques such as application and protocol command filtering and content verification. Cisco ASA firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, enabling organizations to police usage policies and preserve network bandwidth for crucial business applications.

For additional details about Progent's consulting services for Cisco's ASA 5500 firewalls, visit Cisco ASA 5500 series firewalls configuration and debugging consulting.

PIX Security Appliance Series
Based upon a hardened, purpose-built software platform that delivers a wealth of protection features, PIX security appliances offer a high level of protection and have earned EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. PIX firewalls provide protection for a broad range of VoIP and additional multimedia conventions such as H.323 v. 4, SIP, SCCP, Real-Time Streaming Protocol, and MGCP, enabling businesses to protect installations of a wide range of current and upcoming Voice over IP and video applications.

Cisco PIX Security Help
Cisco PIX security appliances feature a variety of setup, tracking, and analysis features, providing businesses the flexibility to utilize the techniques that best meet their requirements. Management options include centralized, policy-based administration utilities, integrated web-accessible administration, and compatibility with remote-tracking protocols such as SNMP and syslog. The integrated Adaptive Security Device Manager interface offers a powerful Web-based control platform that greatly simplifies the installation, in-place modification, and tracking of a specific PIX security appliance without the need of any additional software beyond an ordinary Web browser and Java plug-in to be installed on an administrator's computer.

Administrators can also remotely set up, track, and analyze Cisco PIX security appliances via a CLI interface. Secure CLI interface communication is available using several techniques such as SSHv2 Protocol, Telnet through IPsec, and out-of-band through a console port. Cisco PIX firewalls also have robust auto-update capabilities, a set of advanced secure remote-administration services that make sure that firewall configurations and software images are kept current.

For additional information about Progent's support services for Cisco PIX 500 firewalls, visit Cisco PIX 500 firewalls configuration and troubleshooting consulting.

Progent's PIX to ASA Migration Consulting Services
Since Cisco has stopped selling the PIX product line, many companies are concerned about depending on a critical security component that may stop being supported by Cisco. ASA 5500 firewalls have the advantage of being new devices and also bring several functions and budgetary advantages in comparison to PIX firewalls. These benefits include significantly higher performance, optional SSL VPN capability, and an expandable architecture that guards your investment by allowing you to add more security features when and if you need them. Progent's Cisco experts can assist your company to assess the strategic case for upgrading from PIX 500 to Cisco ASA 5500 firewalls, create a migration process that allows for a fast and non-disruptive changeover, help your IT staff to deploy new ASA 5500 appliances, and provide remote training, consulting, and troubleshooting services.

Additional Ways Progent Can Assist You with Cisco ASA and PIX Security Appliances
Cisco's ASA 5500 Series firewalls and PIX firewalls provide an array of setup, tracking, and troubleshooting features that offer you the flexibility to deploy these firewalls to align optimally with your company's requirements. Progent's CCIE authorized network consultants can assist you to and support an efficient network infrastructure that includes Cisco ASA and/or PIX firewall technology and that provides world-class security, resilience, performance, and manageability. Progent's CISA and CISSP-ISSP-qualified information security professionals can assist your business to create a security policy appropriate for your environment and can set up your security appliance to enforce your security strategy. Progent's risk evaluation professionals can evaluate the strength of your current firewall solution and validate the security of your whole information system environment. Progent’s Technical Response Center (TRC) can deliver urgent online troubleshooting for Cisco technology and offer quick access to a Cisco network engineer.

For more details about Progent's engineering assistance for Cisco technology, choose a topic:

To learn additional information concerning Progent's professional help for Cisco networking products, select a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

In order to ask Progent about professional assistance for Cisco networking, phone 1-800-993-9400 or see Contact Progent.
















© 2002- 2018 Progent Corporation. All rights reserved.