Cisco’s ASA 5500-X, ASA 5500, and PIX 500 firewall appliances provide integrated firewall, VPN, and intrusion prevention system (IPS) services in single-box packages, delivering a broad array of features to meet the security requirements of organizations ranging from small businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances enable network security teams to protect their network edge and offer secure remote connectivity while utilizing powerful management mechanisms based on Cisco's industry-leading firewall products.
Cisco’s ASA 5500 Series and PIX 500 firewalls have arrived at end-of-life (EOL) but are still widely used in small and mid-size businesses as well as in a few enterprise networks. Cisco’s ASA 5500-X Series Next-Generation Firewalls represent substantially more value and have superseded Cisco's ASA 5500 and PIX families of firewalls for new installations. Still, Cisco's older model firewall appliances, if properly managed, can offer a high level of protection by providing a variety of services such as stateful firewall, Virtual Private Network (VPN) connections, and IPS.
Since Cisco's acquisition of Sourcefire, the whole family of ASA 5500-X devices can be provisioned to enable Firepower Services, built on Sourcefire's Snort technology, which is the world's most popular intrusion protection system. Firepower services bring powerful new features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco-certified infrastructure engineers can help you to support and troubleshoot older ASA 5500 and PIX firewalls and can also help you to design and carry out an efficient upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also help you to plan, deploy, tune, manage and troubleshoot new firewall ecosystems based on Cisco's current ASA 5500-X firewalls with Firepower Services.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive line of ASA 5500-X security appliances features an improved replacement for each rack-mountable model in the older ASA 5500 generation of firewalls. Each ASA 5500-X model is suited for the identical market as the associated earlier models, which offers most ample choice for picking a firewall that aligns with their security needs and budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and support Cisco's powerful security services. All models in Cisco's ASA 5500-X product line provide consistent security across any mix of physical, virtual, and cloud deployments.
For additional details about ASA 5500-X security appliances, Firepower services, and Progent's consulting for Cisco ASA firewalls, visit Firepower integration and debugging consulting
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls work with either software or physical modules that support Cisco's Firepower Services, which provide layered protection against multi-vector threats. Firepower Services are based on technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA firewalls include:
- Multi-layer defense against both familiar and zero-day attacks
- Cisco's Advanced Malware Protection that utilizes big data to discover and remediate security breaches
- A Next-Generation Intrusion Prevention System that provides contextual analysis that covers clients, network infrastructure, apps, and content to detect threats that use multiple approaches
- Fine-grained Application Visibility and Control (AVC that is aware of thousands of apps and can automatically activate both standard and customized IPS policies based on the degree of threats
Firepower Services for ASA 5500-X firewalls provide advanced multi-layered threat protection
Smaller deployments of Cisco ASA firewalls can be efficiently administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility included with all ASA 5500-X versions. ASDM includes a simple web console for deploying, administering, and troubleshooting ASA 5500-X appliances and service modules.
For more complex environments, ASA 5500-X firewalls with Firepower Services can be managed using Cisco's Firepower Management Center, available as one or several physical units or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of ongoing rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Cisco's Firepower Management Center offers features beyond those available with Cisco's on-device Adaptive Security Device Manager tool. Additional features include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for user devices, a console that offers real-time network visualization, automated policy tuning based on risk assessment of attacks, comprehensive IPS, custom app detectors for Application Visibility and Control, customized health notifications, enhanced reporting features, and application interfaces for host input and databases. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be handled via the on-box ASDM or the ASA command line interface.
Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls build on technology developed for Cisco's PIX 500 family firewall, the IPS 4200 Intrusion Prevention System, and the VPN 3000 Series concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) Firewall product line to offer a platform that defends against the broadest variety of attacks. Cisco ASA Firewalls deliver application protection, network containment, and safe Virtual Private Network functionality throughout the entire product portfolio. This breadth of security enables defense of any network section, which includes the most typical threat conduits such as remote sites, LAN-connected internal users, and remote connected Virtual Private Networks.
The scalable architecture of the Cisco ASA 5500 family enables you to add services by installing security service modules and security service cards. These user-installable options provide the option of adding Intrusion Protection and content protection functions such as blocking virus, worms, and phishing attacks and performing file and web screening. In addition to enabling you to react rapidly to the latest threat environments, the extensible architecture of the Cisco ASA 5500 Series also protects your hardware investment by increasing the useful life of your security appliances. The Cisco ASA 5500 family also leverages your investment in administrative team training by supporting the rich set of PIX 500 management utilities and protocols including the Cisco Adaptive Security Device Manager (ASDM) platform, secure command-line interface (CLI) availability, syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver robust application security via intelligent, application-aware inspection processes that analyze network flows at Layers 4-7. The result is a more secure environment covering Web, voice, and mobile wireless services. To defend against application-layer assaults and to offer better policing of the applications and protocols utilized in their networks, these inspection engines incorporate broad application and protocol knowledge and employ security enforcement solutions such as protocol anomaly detection and state tracking. Also incorporated are attack detection and remediation techniques including application/protocol command filters and content verification. Cisco ASA 5500 Series firewall inspection engines also deliver management of instant messaging and peer-to-peer file sharing, enabling organizations to police usage policies and recover bandwidth for important business processes.
For additional information about Progent's consulting services for ASA 5500 security appliances, visit Cisco ASA 5500 firewalls integration and troubleshooting support.
PIX Firewall Appliances
Based upon a tested, specialized operating system that delivers a wealth of security features, Cisco PIX firewalls offer a high level of protection and have earned EAL 4 status and ICSA Firewall and IPsec qualification. Cisco PIX firewall appliances offer protection for a wide array of VoIP and other mixed-media conventions including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol (MGCP), enabling organizations to protect installations of a wide range of current and next-generation IP voice and mixed-media applications.
Cisco PIX security appliances offer a variety of configuration, tracking, and troubleshooting features, giving IT managers the versatility to use the techniques that most closely meet their needs. Administrative solutions include common, policy-based management tools, integrated web-based administration, and support for remote-monitoring protocols such as Simple Network Management Protocol and syslog. The integrated ASDM interface offers a world-class Web-accessible management solution that significantly streamlines the installation, ongoing configuration, and tracking of a specific Cisco PIX firewall without the need of any extra software beyond an ordinary Web browser and Java plug-in to be installed on a manager's computer.
Administrators can furthermore remotely configure, track, and analyze Cisco PIX firewalls via a command-line interface. Safe command-line interface communication is possible through a number of techniques such as Secure Shell (SSHv2) Protocol, Telnet over IPsec, and out-of-band through a console port. Cisco PIX firewalls also include robust automatic-update capabilities, a set of revolutionary protected remote-administration options that make sure that firewall configurations and software images are kept current.
For additional details about Progent's support services for Cisco PIX firewalls, go to PIX firewalls configuration and debugging support.
Progent's PIX to ASA Migration Consulting
Since Cisco has stopped selling the PIX family of firewalls, many companies are concerned about relying on a key security component that may stop being supported. ASA 5500 firewalls have the benefit of being current products and also offer a number of technical and budgetary benefits in comparison to PIX devices. These advantages include substantially better performance, optional Secure Sockets Layer VPN capability, and an expandable design that guards your investment by enabling you to add new security services whenever you require them. Progent's Cisco network engineers can assist your company to determine the strategic value of for upgrading from PIX 500 to ASA 5500 firewalls, create a migration plan that allows for a quick and non-disruptive upgrade, assist your IT staff to set up new ASA 5500 Series firewalls, and offer remote training, consulting, and technical support services.
Other Ways Progent Can Help You with Cisco Firewalls
Cisco ASA Series firewalls and PIX family firewalls incorporate a wealth of setup, monitoring, and analysis options which offer you the flexibility to configure these security appliances to align optimally with your business needs. Progent's CCIE certified network consultants can help you to and support an efficient network infrastructure that includes Cisco ASA or PIX security appliances and that provides advanced protection, resilience, performance, and recoverability. Progent's GISA and CISSP-ISSP-qualified information security engineers can help your business to develop a security policy that makes sense for your business and can set up your security appliance to enforce your security policies. Progent's security evaluation experts can assess the effectiveness of your existing firewall deployment and audit the security of your whole IS environment. Progent’s Help Desk Call Center can provide urgent online troubleshooting for Cisco technology and can give you fast access to a Cisco CCIE network engineer.
To find out more details about Progent's professional support for Cisco technology, pick a topic:
For additional details about Progent's engineering help for Cisco technology, select a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To get in touch with Progent about consulting assistance for Cisco networking, phone 1-800-993-9400 or go to Contact Progent.