Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances offer integrated firewall, IPsec VPN, and intrusion prevention system (IPS) services in single-box packages, delivering a wide array of features to match the security needs of organizations ranging from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500, and PIX firewall appliances enable IT security staffs to protect their network perimeter and offer secure remote access while using advanced management mechanisms based on Cisco's world-class firewall products.

Cisco’s ASA 5500 Series and PIX firewall appliances have reached end-of-life but are still widely deployed in small and mid-size businesses as well as in a few larger networks. Cisco’s ASA 5500-X Next-Generation Firewalls represent significantly more value and have supplanted Cisco's ASA 5500 and PIX 500 lines of firewalls for new deployments. Still, Cisco's legacy firewalls, if properly maintained, continue to offer a high degree of protection by supplying multiple features including firewall, Virtual Private Network (VPN) connections, and IPS.

After Cisco's acquisition of Sourcefire, the whole family of ASA 5500-X devices can be configured to enable Firepower Services, based on Sourcefire's Snort technology, which is the world's most popular network intrusion protection system. Firepower services bring powerful new capabilities including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.

Progent's Cisco CCIE-certified network engineers can help your organization to support and debug older ASA 5500 and PIX 500 firewall appliances and can also help you to plan and implement an efficient upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to design, configure, optimize, manage and debug new firewall solutions built on Cisco's latest ASA 5500-X models with Firepower.

Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X firewalls includes an improved substitute for each rack-mountable unit in the older ASA 5500 generation of firewalls. Each ASA 5500-X model targets the same environment as the associated previous models, which offers small and midsize businesses plenty of room for selecting a firewall that meets their security needs and IT budgets. All ASA 5500-X products build on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and support Cisco's advanced security services. All models in Cisco's ASA 5500-X family deliver consistent protection across any mix of physical, virtual, and cloud deployments.

>Cisco ASA 5500-X Firepower Consultants

For additional details about ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA 5500-X security appliances, go to Firepower integration and debugging expertise

Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with either software or hardware modules that support Firepower Services, which provide layered defense against multi-vector threats. Firepower Services are based on technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA 5500-X security appliances include:

  • Layered defense against both familiar and zero-day attacks
  • Advanced Malware Protection (AMP) that utilizes big data to discover and mitigate intrusions
  • Cisco's Next-Generation Intrusion Prevention System that performs contextual analysis that looks at clients, network infrastructure, apps, and content to discover attacks that use simultaneous vectors
  • High-resolution Application Visibility and Control (AVC that is aware of thousands of applications and can automatically activate both standard and customized IPS policies based on the severity of threats
>Cisco Firepower Integration Expertise

Firepower Services for Cisco ASA 5500-X firewalls provide advanced multi-layered threat protection

Simpler implementations of ASA firewalls can be effectively managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility provided with all ASA 5500-X versions. ASDM includes a simple web dashboard for deploying, administering, and troubleshooting ASA 5500-X firewalls and modules.

For more complex deployments, ASA 5500-X firewalls with Firepower can be managed with Firepower Management Center, implemented as one or more physical or virtual devices. Cisco's Firepower Management Center offers unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names including Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.

Firepower Management Center offers features unavailable with Cisco's on-box ASDM tool. Additional capabilities include greater context awareness, Cisco's Advanced Malware Protection with mitigation for user devices, a console that provides real-time network infrastructure visualization, automated policy tuning driven by impact assessment of attacks, comprehensive IPS, custom application discovery for Application Visibility and Control (AVC), customized health notifications, enhanced reporting options, and application interfaces for host input and databases. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be managed using Cisco's ASA 5500-X on-device ASDM or the ASA 5500-X CLI.

Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances 5500 Series Firewalls build on engineering developed for the Cisco PIX 500 Series firewall, Cisco's IPS 4200 sensor, and the VPN 3000 Series concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to deliver a firewall that stops the widest variety of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver application security, local containment and control, and clean Virtual Private Network connectivity across the entire product portfolio. This broad scope of protection enables the guarding of any network segment, including the most typical threat vectors like remote sites, LAN-connected inside users, and remote connected VPNs.

>ASA 5500 Series Consulting and Troubleshooting
The scalable architecture of the Cisco ASA 5500 Series allows you to add security services via security service modules and security service cards (SSCs). These easy-to-install enhancements give you the ability to add Intrusion Protection and content protection functions like blocking virus, spyware, and phishing attacks and performing file and URL screening. In addition to allowing you to react rapidly to the latest threat environments, the extensible architecture of the Cisco ASA 5500 family also protects your hardware investment by increasing the life of your firewalls. The ASA 5500 family also leverages your investment in IT team training by supporting the familiar library of PIX management utilities and protocols including the Cisco ASDM platform, secure command-line interface access, syslog, and Simple Network Management Protocol.

Cisco ASA 5500 Series firewalls deliver a high-level of application security through smart, application-aware inspection engines that analyze network flows at Layers 4-7. The result is a more secure environment covering Web, voice, and mobile wireless services. To defend against application-layer assaults and to provide better policing of the applications and protocols used in their environments, these inspection engines incorporate extensive application and protocol knowledgebases and employ protection enforcement solutions such as anomaly detection and application and protocol state tracking. Also included are attack detection and mitigation technology such as application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver control over IM and tunneling applications, enabling businesses to police usage policies and conserve bandwidth for important business applications.

For more information about Progent's support services for Cisco's ASA 5500 firewalls, see Cisco ASA 5500 firewalls integration and troubleshooting support.

PIX Firewalls
Built around a hardened, specialized software platform that offers rich protection services, PIX firewall appliances offer excellent protection and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security qualification. PIX firewall appliances provide protection for a broad array of VoIP and additional mixed-media standards including H.323 Version 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, enabling organizations to protect deployments of a broad range of current and upcoming IP voice and multimedia applications.

Cisco PIX Firewalls Support
PIX firewalls offer a variety of setup, monitoring, and troubleshooting options, giving IT managers the versatility to use the techniques that best match their needs. Administrative solutions include centralized, policy-based administration tools, integrated web-accessible management, and compatibility with remote-monitoring standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface offers a world-class Web-accessible control solution that greatly streamlines the deployment, in-place modification, and monitoring of a specific PIX security appliance without requiring any additional utility beyond a standard Web browser and Java applet to be installed on an administrator's computer.

Administrators can furthermore remotely configure, track, and analyze Cisco PIX security appliances via a command-line interface (CLI). Safe command-line interface access is possible through a number of methods including Secure Shell (SSHv2) Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. PIX security appliances also have robust automatic-update capabilities, a set of revolutionary protected remote-management services that make sure that firewall configurations and software images are always current.

For additional information about Progent's support services for Cisco PIX 500 firewalls, see Cisco PIX 500 firewalls integration and debugging services.

Progent's PIX to ASA Migration Support
Since Cisco has stopped selling the PIX family of firewalls, many businesses are uncomfortable with depending on a key security component that may stop being supported by Cisco. ASA 5500 firewalls have the benefit of being current devices and also offer several functions and financial benefits in comparison to PIX devices. These benefits include substantially higher performance, optional Secure Sockets Layer tunneling support, and a modular architecture that protects your investment by enabling you to self-install new security services whenever you require them. Progent's CCIE-certified network engineers can help you to assess the strategic value of for migrating from PIX to Cisco ASA 5500 firewalls, design a migration process that permits a quick and seamless upgrade, assist your IT staff to set up new ASA 5500 Series appliances, and provide remote training, consulting, and troubleshooting services.

Other Ways Progent Can Assist Your Business with Cisco ASA and PIX Security Appliances
Cisco ASA 5500 Series adaptive security appliances and PIX security appliances provide a wealth of setup, tracking, and analysis features that give you the ability to deploy these firewalls to match your company's needs. Progent's CCIE authorized network experts can assist you to design an efficient infrastructure that includes Cisco ASA and/or PIX firewalls and that offers advanced protection, resilience, throughput, and recoverability. Progent's GISA and CISSP-ISSP-certified IS security consultants can assist your business to create a security strategy that makes sense for your situation and can set up your security appliance to enforce your security strategy. Progent's risk assessment experts can assess the effectiveness of your current firewall solution and audit the overall security of your entire information system network. Progent’s Technical Response Center can provide emergency remote troubleshooting for Cisco technology and can give you quick access to a Cisco CCIE expert.

For additional details about Progent's consulting expertise for Cisco products, choose a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic: For more information about Progent's engineering expertise for Cisco solutions, choose a subject:

For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.

© 2002- 2018 Progent Corporation. All rights reserved.

More topics of interest: