Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewall appliances provide combined firewall, IPsec VPN, and IPS services in single-box devices, delivering a broad range of features to meet the security requirements of organizations ranging from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewalls enable network security staffs to defend their network perimeter and provide secure remote connectivity while utilizing advanced management tools built on Cisco's world-class firewall technology.
Cisco’s ASA 5500 Series and PIX firewalls have reached end-of-life but are still widely deployed in smaller businesses and in some enterprise networks. Cisco’s ASA 5500-X Next-Generation Firewalls deliver substantially more value and have superseded Cisco's ASA 5500 and PIX 500 lines of firewalls for new installations. However, Cisco's older model firewall appliances, if properly managed, continue to offer a high level of protection by providing a variety of security functions such as firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's acquisition of Sourcefire, the entire line of Cisco ASA 5500-X devices can be configured to enable Firepower Services, based on Sourcefire's Snort technology, which is the world's most deployed network intrusion protection system (IPS). Firepower services provide enhanced capabilities such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco-certified network consultants can help your organization to support and debug older ASA 5500 and PIX firewall appliances and can also help you to plan and implement a smooth upgrade to Cisco’s ASA 5500-X firewalls with Firepower Services. Progent can also assist you to plan, integrate, tune, administer and troubleshoot new firewall ecosystems built on Cisco's current ASA 5500-X models with Firepower Services.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X security appliances features an improved substitute for every rack-mountable model in the older ASA 5500 generation of devices. Each ASA 5500-X firewall targets the identical environment as the corresponding earlier models, which gives most ample room for picking a firewall that meets their security needs and budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and support Cisco's advanced protection services. All devices in Cisco's ASA 5500-X product line deliver dependable protection across any mix of physical, virtual, and cloud environments.
For more information about ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for Cisco ASA 5500-X security appliances, visit Firepower integration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances accept either software or hardware modules that enable Firepower Services, which offer layered defense against sophisticated attacks. Firepower Services are powered by technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA 5500-X firewalls include:
- Layered protection against both familiar and new threats
- Cisco's Advanced Malware Protection (AMP) that uses big data to discover and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System that performs contextual analysis that covers users, infrastructure, software applications, and content to detect attacks that incorporate multiple approaches
- High-resolution Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically launch standard and customized IPS policies based on the degree of risk
Firepower Services for ASA 5500-X firewalls provide multi-layered security
Smaller deployments of ASA 5500-X firewalls can be efficiently managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility provided with all ASA 5500-X models. ASDM includes a simple web console for configuring, managing, and debugging ASA 5500-X firewalls and modules.
For multi-device and multi-site deployments, ASA 5500-X appliances with Firepower Services can be managed using Cisco's Firepower Management Center, implemented as one or several physical or virtual appliances. Firepower Management Center offers unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to ongoing rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under various names that include Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center offers features beyond those available with Cisco's on-device Adaptive Security Device Manager utility. Additional capabilities include greater context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for client devices, a console that offers dynamic network infrastructure visualization, automated policy optimization based on risk assessment of threats, comprehensive IPS, custom app discovery for Application Visibility and Control (AVC), customized health notifications, enhanced reporting options, and application interfaces for host input and database access. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed via Cisco's ASA 5500-X on-box ASDM or the ASA CLI.
Cisco ASA 5500 Firewalls
Cisco ASA 5500 Series Firewalls build on engineering behind the Cisco PIX 500 Series Security Appliance, Cisco's IPS 4200 family sensor, and the VPN 3000 model concentrator. These solutions converge on the Cisco ASA Firewall product line to offer a platform that defends against the widest variety of threats. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver program protection, network containment and control, and clean VPN connectivity throughout the entire product portfolio. This broad scope of protection enables the guarding of any network segment, which includes the most typical attack conduits like remote locations, LAN-connected internal users, and off-site connected VPNs.
The scalable architecture of the ASA 5500 Series allows you to add features by installing service modules and security service cards. These user-installable options provide the ability to add Intrusion Protection and content protection services such as blocking virus, spyware, and phishing attacks and performing file and web screening. In addition to enabling you to react quickly to new risk vectors, the extensible design of the Cisco ASA 5500 family also leverages your capital investment by increasing the useful life of your security appliances. The ASA 5500 Series also leverages your investment in IT team education by utilizing the familiar library of PIX security management utilities and protocols including the Cisco ASDM platform, protected command-line interface access, verbose syslog, and SNMP.
Cisco Adaptive Security Appliances (ASA) firewalls provide a high-level of application protection through intelligent, application-sensitive inspection engines that examine network flows at Layers 4-7. This produces a more secure network including Web, voice, and 3G-mobile wireless services. To protect against application-layer attacks and to provide stronger policing of the applications and protocols utilized in their networks, Cisco's inspection engines incorporate broad application and protocol knowledge and rely on security enforcement technologies such as anomaly sensing and state tracking. Also included are assault sensing and remediation techniques including application/protocol command filtering and content verification. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver control over IM and tunneling applications, allowing organizations to police usage policies and free up network bandwidth for vital business processes.
For additional information about Progent's consulting services for Cisco's ASA 5500 firewalls, see Cisco ASA 5500 series firewalls integration and troubleshooting services.
Cisco PIX Firewalls
Built upon a tested, purpose-built OS that offers rich security services, Cisco PIX firewall appliances provide a high level of protection and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security qualification. Cisco PIX firewalls provide security for a wide range of Voice over IP and other multimedia conventions including H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), enabling organizations to safeguard installations of a broad array of contemporary and upcoming VoIP and multimedia applications.
Cisco PIX security appliances feature a wealth of setup, monitoring, and analysis features, giving businesses the versatility to utilize the methods that most closely meet their requirements. Administrative options include common, policy-based administration utilities, integrated web-based administration, and support for remote-monitoring protocols such as Simple Network Management Protocol and syslog. The integrated ASDM interface offers a powerful Web-based management solution that significantly simplifies the installation, in-place modification, and tracking of a specific Cisco PIX security appliance without requiring any additional software other than an ordinary Web browser and Java applet to be running on an administrator's PC.
Administrators can also remotely configure, track, and analyze PIX firewall appliances using a command-line interface (CLI). Secure CLI interface communication is available using several methods such as SSHv2 Protocol, Telnet through IPsec, and out-of-band via a console port. PIX firewall appliances also include robust automatic-update features, a collection of revolutionary protected remote-management options that ensure security configurations and software images are kept up to date.
For additional information about Progent's consulting services for Cisco PIX 500 security appliances, visit PIX firewalls configuration and troubleshooting services.
Progent's PIX to ASA Migration Support
Because Cisco has stopped selling the PIX family of firewalls, many companies are uncomfortable with depending on a key security mechanism that may no longer be supported. ASA 5500 security appliances offer the advantage of being new devices and also bring several functions and budgetary benefits in comparison to PIX devices. These advantages include significantly higher performance, optional Secure Sockets Layer VPN support, and a modular architecture that guards your investment by enabling you to self-install more security services when and if you require them. Progent's Cisco certified network engineers can help you to determine the business case for migrating from PIX to ASA 5500 security appliances, design a migration process that permits a fast and seamless upgrade, assist you to configure new ASA 5500 Series firewalls, and offer online, consulting, and troubleshooting services.
Other Ways Progent Can Help Your Business with Cisco ASA and PIX Security Appliances
Cisco ASA 5500 Series adaptive security appliances and PIX security appliances provide a wealth of configuration, monitoring, and troubleshooting options which offer you the flexibility to deploy these security appliances to match your company's needs. Progent's CCIE certified network experts can help you to and support an efficient network infrastructure that includes Cisco ASA or PIX firewalls and that offers advanced protection, fault tolerance, performance, and recoverability. Progent's CISA and CISSP-ISSP-qualified IS security experts can help your business to create a security policy appropriate for your situation and can configure your firewall to enforce your security strategy. Progent's risk evaluation professionals can assess the strength of your current firewall solution and help determine the overall security of your whole IT environment. Progent’s Help Desk support team can deliver urgent remote troubleshooting for Cisco technology and offer quick access to a Cisco CCIE network engineer.
To find out more information concerning Progent's engineering assistance for Cisco technology, pick a subject:
To see more details concerning Progent's consulting assistance for Cisco solutions, select a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To ask Progent about engineering expertise for Cisco products, phone 1-800-993-9400 or visit Contact Progent.