Cisco’s ASA 5500-X, ASA 5500, and PIX firewall appliances provide combined firewall, VPN, and IPS services in compact single-box devices, delivering a wide array of features to match the security needs of organizations from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewall appliances enable network security teams to protect their network perimeter and provide secure remote access while utilizing advanced administration mechanisms built on Cisco's industry-leading firewall technology.

Cisco’s ASA 5500 and PIX 500 firewall appliances have reached end-of-life (EOL) status but are still commonly deployed in small and mid-size organizations and in a few enterprise data centers. The ASA 5500-X Next-Generation Firewalls deliver substantially more value and have superseded the ASA 5500 and PIX lines of firewalls for new deployments. Still, Cisco's legacy firewall appliances, if properly maintained, continue to offer a high degree of security by supplying multiple features including stateful firewall, VPN, and IPS.

Since Cisco's purchase of Sourcefire, the whole line of ASA 5500-X devices can be provisioned to enable Firepower Services, built on Sourcefire's Snort product, which is the market's most deployed network intrusion protection system (IPS). Firepower services bring enhanced features including advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.

Progent's Cisco CCIE-qualified network consultants can assist you to support and debug older ASA 5500 Series and PIX 500 firewall appliances and can also help you to plan and carry out an efficient upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to design, integrate, tune, manage and debug new firewall ecosystems based on Cisco's current ASA 5500-X models with Firepower.

Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X firewalls includes an enhanced replacement for every rack-mountable unit in the previous ASA 5500 generation of firewalls. Each ASA 5500-X firewall is suited for the same environment as the corresponding earlier models, which offers most plenty of room for selecting a solution that aligns with their security requirements and budgets. All ASA 5500-X products are based on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and support Cisco's powerful protection services. All devices in Cisco's ASA 5500-X family deliver consistent security across any mix of physical, virtual, and cloud environments.

>Cisco ASA 5500-X Firepower Consultants

For additional information about ASA 5500-X security appliances, Cisco Firepower services, and Progent's support for Cisco ASA 5500-X security appliances, visit Firepower configuration and troubleshooting expertise

Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances accept either software or hardware modules that support Firepower Services, which provide layered defense against multi-vector threats. Cisco's Firepower Services are based on technology adopted by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA firewalls include:

  • Layered defense against both familiar and zero-day attacks
  • Advanced Malware Protection (AMP) that uses big data to discover and remediate intrusions
  • A Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers clients, infrastructure, software applications, and content to discover attacks that incorporate simultaneous vectors
  • Fine-grained Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically activate standard and custom IPS policies based on the degree of risk
>Cisco Firepower Configuration Expertise

Firepower Services for ASA firewalls provide advanced multi-layered security

Simpler deployments of ASA 5500-X firewalls can be efficiently managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool included with all ASA 5500-X models. ASDM includes a convenient web console for configuring, administering, and troubleshooting ASA 5500-X devices and modules.

For more complex environments, ASA 5500-X appliances with Firepower can be managed using Cisco's Firepower Management Center, implemented as one or several physical units or virtual devices. Firepower Management Center offers centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection (AMP). Due to frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under various names that include Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.

Cisco's Firepower Management Center provides capabilities beyond those available with Cisco's on-device ASDM utility. Extra capabilities include expanded context awareness, Advanced Malware Protection with remediation for user devices, a console that provides real-time infrastructure visualization, automated policy optimization driven by impact evaluation of attacks, comprehensive IPS, custom app detectors for Application Visibility and Control, customized health notifications, improved reporting options, and application interfaces for host input and databases. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be handled via the on-box ASDM or the ASA CLI.

Cisco ASA 5500 Series Adaptive Security Appliances
Cisco ASA 5500 Series Firewalls leverage technology behind the Cisco PIX 500 firewall, the IPS 4200 Series Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) Firewall family to offer a platform that stops the broadest range of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver program security, local containment, and clean Virtual Private Network functionality across the entire product line. This breadth of protection enables the guarding of any network segment, which includes the most typical attack conduits such as remote locations, locally-attached inside users, and remote access VPNs.

>ASA 5500 Consulting Services and Technical Support
The scalable design of the ASA 5500 family allows you to add more features by installing security service modules and security service cards. These user-installable options provide the option of adding Intrusion Protection and content protection services such as filtering virus, worms, and phishing assaults and executing file and URL screening. In addition to allowing you to respond rapidly to new threat environments, the extensible design of the ASA 5500 Series also leverages your capital investment by increasing the life of your firewalls. The ASA 5500 Series also protects your investment in IT staff education by supporting the rich library of PIX management tools and protocols such as the Cisco Adaptive Security Device Manager (ASDM) platform, secure command-line interface availability, syslog, and Simple Network Management Protocol (SNMP).

Cisco ASA firewalls deliver robust application security via intelligent, application-sensitive inspection processes that examine network flows at Layers 4-7. This produces a more secure environment including Web, voice, and mobile wireless services. To defend networks against application-layer attacks and to provide stronger control over the programs and protocols used in their networks, these inspection engines incorporate extensive application and protocol knowledgebases and rely on protection enforcement technologies that include anomaly sensing and application and protocol state monitoring. Also incorporated are attack sensing and mitigation technology such as application and protocol command filters and URL deobfuscation. Cisco ASA firewall inspection engines also provide management of IM and tunneling applications, enabling organizations to enforce usage policies and preserve network bandwidth for critical business applications.

For more details about Progent's consulting services for Cisco's ASA 5500 firewalls, visit Cisco ASA 5500 firewalls configuration and troubleshooting services.

PIX Firewalls
Built around a tested, purpose-built operating system that delivers rich protection features, PIX firewall appliances provide excellent protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IPsec certification. Cisco PIX firewall appliances provide security for a broad array of Voice over IP and other multimedia conventions such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping businesses to protect installations of a wide range of contemporary and upcoming IP voice and video applications.

Cisco PIX Firewalls Consulting
Cisco PIX firewalls offer a wealth of setup, tracking, and analysis features, giving businesses the flexibility to use the methods that best meet their requirements. Administrative options include centralized, policy-based management utilities, integrated web-based administration, and support for remote-monitoring protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a powerful Web-accessible management solution that significantly simplifies the installation, ongoing modification, and tracking of a specific Cisco PIX security appliance without the need of any additional utility beyond an ordinary Web browser and Java applet to be installed on a manager's PC.

Administrators can also remotely set up, track, and analyze Cisco PIX firewall appliances via a CLI interface. Secure CLI interface access is available through several techniques including Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. Cisco PIX firewalls also have robust auto-update capabilities, a set of revolutionary protected remote-administration options that ensure firewall settings and software images are always up to date.

For additional information about Progent's consulting services for PIX firewalls, visit Cisco PIX firewalls configuration and troubleshooting support.

Progent's PIX to ASA Migration Consulting
Because Cisco has discontinued offering the PIX family of firewalls, many businesses are uncomfortable with relying on a critical infrastructure component that might no longer be supported. ASA 5500 security appliances offer the benefit of being current devices and also offer a number of technical and financial benefits in comparison to PIX devices. These advantages include substantially higher performance, optional SSL VPN support, and an expandable design that guards your investment by allowing you to self-install more security services whenever you need them. Progent's CCIE-certified experts can assist you to determine the strategic value of for moving from PIX to Cisco ASA 5500 security appliances, design a migration process that allows for a quick and seamless changeover, help your IT staff to configure new ASA 5500 Series firewalls, and provide online, consulting, and technical support services.

Additional Ways Progent Can Assist You with Cisco ASA and PIX Security Appliances
Cisco ASA 5500 Series adaptive security appliances and PIX firewalls incorporate a wealth of configuration, tracking, and troubleshooting options that offer you the ability to deploy these firewalls to match your business needs. Progent's CCIE authorized network experts can show you how to install an efficient network infrastructure that incorporates Cisco ASA or PIX firewalls and that offers advanced protection, resilience, performance, and manageability. Progent's CISA and CISSP-ISSP-certified IS security engineers can assist you to develop a security policy appropriate for your business and can set up your firewall to enforce your security strategy. Progent's security evaluation consultants can evaluate the strength of your current firewall deployment and help determine the security of your entire information system environment. Progent’s Technical Response Center (TRC) can provide emergency online troubleshooting for Cisco technology and offer quick access to a Cisco CCIE network engineer.

To see more details concerning Progent's engineering assistance for Cisco networking products, select a subject:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic: To find out more details concerning Progent's engineering expertise for Cisco products, pick a topic:

For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.

© 2002- 2018 Progent Corporation. All rights reserved.

More topics of interest: