Cisco’s ASA 5500-X, ASA 5500, and PIX 500 firewall appliances provide combined firewall, VPN, and IPS capabilities in single-box packages, delivering a broad array of features to match the security needs of companies ranging from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances enable IT security staffs to protect their network perimeter and offer safe offsite and mobile connectivity while using powerful management tools built on Cisco's industry-leading firewall technology.

Cisco’s ASA 5500 and PIX 500 firewall appliances have reached end-of-life (EOL) but are still widely used in smaller organizations and in some larger networks. The ASA 5500-X Next-Generation Firewalls represent substantially more value and have superseded Cisco's ASA 5500 and PIX families of firewalls for new deployments. However, Cisco's legacy firewall appliances, if carefully managed, can deliver a high degree of protection by providing a variety of features such as stateful firewall, VPN tunneling, and IPS.

Since Cisco's acquisition of Sourcefire, the whole line of ASA 5500-X firewalls can be provisioned to enable Firepower Services, based on Sourcefire's Snort technology, which is the market's most deployed network intrusion protection system (IPS). Firepower services bring powerful new features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.

Progent's Cisco CCIE-certified infrastructure consultants can assist you to support and debug legacy ASA 5500 and PIX firewall appliances and can also assist you to design and carry out a smooth migration to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to plan, deploy, tune, manage and troubleshoot new firewall ecosystems built on Cisco's latest ASA 5500-X models with Firepower Services.

Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive family of ASA 5500-X security appliances features an enhanced replacement for each rack-mountable model in the previous ASA 5500 generation of devices. Each ASA 5500-X model targets the identical environment as the corresponding previous models, which offers small and midsize businesses plenty of choice for picking a firewall that aligns with their security needs and IT budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore processors and support Cisco's powerful security services. All devices in Cisco's ASA 5500-X family provide consistent protection across any mix of physical, virtual, and cloud environments.

>Cisco ASA 5500-X Firepower Consultants

For additional details about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA 5500-X firewalls, go to Firepower integration and troubleshooting expertise

Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls work with either software or physical modules that support Cisco's Firepower Services, which provide layered defense against multi-vector attacks. Cisco's Firepower Services are based on technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA security appliances include:

  • Layered defense against both familiar and zero-day attacks
  • Advanced Malware Protection (AMP) that utilizes big data techniques to find and mitigate intrusions
  • Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that looks at clients, infrastructure, software applications, and content to discover attacks that use multiple vectors
  • High-resolution Application Visibility and Control (AVC that is aware of thousands of apps and can automatically launch both standard and custom IPS policies based on the degree of threats
>Cisco Firepower Configuration Consultants

Firepower Services for Cisco ASA firewalls offer advanced multi-layered security

Smaller implementations of Cisco ASA firewalls can be effectively managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility which is provided with all ASA 5500-X versions. ASDM includes a simple web console for deploying, administering, and troubleshooting ASA 5500-X appliances and service modules.

For more complex environments, ASA 5500-X appliances with Firepower Services can be managed using Cisco's Firepower Management Center, implemented as one or several physical or virtual devices. Firepower Management Center provides centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under several names that include Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.

Firepower Management Center offers capabilities beyond those available with Cisco's on-device ASDM tool. Additional features include greater context awareness, Advanced Malware Protection with mitigation for user devices, a dashboard that offers dynamic network infrastructure visualization, automated policy optimization based on risk evaluation of attacks, advanced IPS, custom application detectors for Application Visibility and Control (AVC), customized health notifications, enhanced reporting features, and application interfaces for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be handled using Cisco's ASA 5500-X on-device ASDM or the ASA CLI.

Cisco ASA 5500 Family of Adaptive Security Appliances
Cisco Adaptive Security Appliances 5500 Series Firewalls build on engineering developed for the Cisco PIX 500 Series firewall, the Cisco IPS 4200 family sensor, and the Cisco VPN 3000 family concentrator. These technologies converge on the Cisco Adaptive Security Appliances 5500 Series Firewall family to deliver a firewall that stops the broadest variety of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls provide program security, local containment, and clean VPN connectivity across Cisco's product line. This broad scope of security enables defense of any network section, including the most common attack vectors like remote locations, locally-attached inside users, and remote connected Virtual Private Networks.

>ASA 5500 Series Consulting and Troubleshooting
The expandable architecture of the Cisco ASA 5500 Series enables you to add more features via security service modules (SSMs) and security service cards (SSCs). These easy-to-install enhancements provide the ability to add Intrusion Protection and content protection services like filtering virus, spyware, and phishing assaults and performing file and URL screening. In addition to enabling you to respond rapidly to new risk environments, the extensible design of the Cisco ASA 5500 family also protects your hardware investment by increasing the life of your firewalls. The ASA 5500 Series also leverages your investment in IT team education by utilizing the rich library of PIX management tools and protocols including the Cisco Adaptive Security Device Manager (ASDM) system, protected command-line interface availability, verbose syslog, and Simple Network Management Protocol.

Cisco Adaptive Security Appliances 5500 Series firewalls deliver robust application protection via intelligent, application-aware inspection processes that analyze network flows at Layers 4-7. This results in a better protected environment covering Web, voice, and 3G-mobile wireless access. To protect networks against application-layer assaults and to offer stronger control over the applications and protocols used in their environments, Cisco's inspection engines integrate broad application and protocol knowledgebases and rely on protection enforcement technologies that include protocol anomaly sensing and application and protocol state tracking. Also incorporated are assault detection and mitigation technology such as application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver management of IM and tunneling applications, enabling businesses to police usage policies and recover bandwidth for important business applications.

For additional details about Progent's consulting services for Cisco's ASA 5500 firewalls, see ASA 5500 series firewalls configuration and debugging consulting.

Cisco PIX Firewalls
Built upon a tested, purpose-built OS that delivers rich security services, Cisco PIX firewall appliances offer a high level of security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security (IPsec) qualification. Cisco PIX security appliances offer security for a broad range of Voice over IP and other mixed-media conventions including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), enabling organizations to protect installations of a wide array of current and upcoming IP voice and multimedia applications.

Cisco PIX Firewalls Experts
Cisco PIX firewall appliances feature a variety of setup, monitoring, and analysis options, giving businesses the flexibility to utilize the methods that most closely meet their requirements. Administrative options include common, policy-based management tools, integrated web-accessible management, and support for remote-tracking standards such as Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a world-class Web-accessible control solution that significantly simplifies the deployment, in-place configuration, and tracking of a specific Cisco PIX firewall appliance without requiring any extra utility beyond a standard Web browser and Java applet to be running on a manager's PC.

Administrators can also remotely set up, monitor, and troubleshoot Cisco PIX firewalls using a command-line interface. Safe CLI interface communication is possible using a number of techniques such as Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band through a console port. Cisco PIX firewalls also have dependable auto-update features, a collection of revolutionary protected remote-management services that ensure firewall configurations and software images are always up to date.

For additional details about Progent's consulting services for Cisco PIX firewalls, go to Cisco PIX 500 firewalls configuration and debugging services.

Progent's PIX to ASA Migration Consulting Support
Since Cisco has ceased selling the PIX family of firewalls, many companies are uncomfortable with relying on a critical infrastructure component that might no longer be supported by Cisco. ASA 5500 security appliances offer the advantage of being current devices and also bring a number of functions and budgetary benefits in comparison to PIX firewalls. These advantages include significantly higher throughput, optional Secure Sockets Layer VPN capability, and a modular architecture that guards your investment by enabling you to add more security features when and if you require them. Progent's Cisco experts can help you to assess the business value of for migrating from PIX 500 to ASA 5500 security appliances, design a migration plan that permits a quick and non-disruptive upgrade, assist your IT staff to deploy new ASA 5500 Series firewalls, and provide remote training, consulting, and troubleshooting services.

Other Ways Progent Can Help Your Business with Cisco Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX firewalls incorporate an array of configuration, monitoring, and analysis features which give you the flexibility to set up these firewalls to match your business needs. Progent's CCIE authorized network professionals can assist you to design an efficient network infrastructure that includes Cisco ASA and/or PIX security appliances and that offers advanced protection, fault tolerance, performance, and recoverability. Progent's GISA and CISM-qualified IS security professionals can help you to develop a security strategy appropriate for your environment and can configure your firewall to enforce your security strategy. Progent's risk evaluation professionals can evaluate the effectiveness of your current firewall solution and help determine the security of your whole IT environment. Progent’s Help Desk Call Center can deliver emergency remote technical support for Cisco products and offer fast access to a Cisco CCIE expert.

To find out more details about Progent's consulting help for Cisco networking products, select a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic: To learn more details about Progent's engineering expertise for Cisco solutions, pick a subject:

For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.
















© 2002- 2017 Progent Corporation. All rights reserved.

More topics of interest:
  • Consulting Services for Firepower
  • Cisco Firepower AVC Engineer Tulsa
  • Greensboro, North Carolina Cisco Firesight Integration
  • Cisco ASA Firepower Integration
  • IT Services for Cisco Firepower URL Filtering Brisbane, CA