Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewalls provide combined firewall, VPN, and intrusion prevention system capabilities in compact single-box devices, delivering a broad range of features to match the security requirements of organizations from small and mid-size businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls allow network security teams to defend their network perimeter and offer safe offsite and mobile connectivity while using powerful management mechanisms built on Cisco's industry-leading firewall technology.

Cisco’s ASA 5500 and PIX 500 firewalls have arrived at end-of-life but remain commonly used in small and mid-size businesses and in a few larger networks. The ASA 5500-X Series Next-Generation Firewalls deliver significantly more bang for the buck and have supplanted the ASA 5500 and PIX 500 families of firewalls for new installations. However, Cisco's older model firewall appliances, if properly managed, can offer a high degree of security by supplying multiple services such as stateful firewall, VPN, and IPS.

Since Cisco's acquisition of Sourcefire, the entire family of ASA 5500-X firewalls can be configured to support Firepower Services, based on Sourcefire's Snort product, which is the world's most deployed network intrusion protection system. Firepower services bring powerful new features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.

Progent's Cisco-certified network consultants can assist you to support and troubleshoot legacy ASA 5500 Series and PIX 500 firewalls and can also help you to plan and implement a smooth migration to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also help you to plan, configure, tune, manage and troubleshoot new firewall solutions based on Cisco's current ASA 5500-X models with Firepower.

Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X security appliances includes an improved replacement for every rack-mountable unit in the older ASA 5500 series of devices. Each ASA 5500-X model targets the same environment as the associated previous models, which gives small and midsize businesses plenty of room for picking a firewall that aligns with their security requirements and budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and support Cisco's advanced security services. All devices in Cisco's ASA 5500-X product line deliver dependable protection across any mix of physical, virtual, and cloud deployments.

>Cisco ASA 5500-X Firepower Consultants

For additional details about ASA 5500-X firewalls, Cisco Firepower services, and Progent's consulting for Cisco ASA security appliances, see Cisco Firepower configuration and troubleshooting expertise

Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances accept software or hardware modules that support Cisco's Firepower Services, which provide layered protection against advanced attacks. Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA security appliances include:

  • Multi-layer protection against familiar and new threats
  • Advanced Malware Protection (AMP) that uses big data techniques to discover and remediate security breaches
  • Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers users, network infrastructure, software applications, and content to discover attacks that use multiple vectors
  • Fine-grained Application Visibility and Control (AVC that is aware of thousands of applications and can automatically launch standard and customized IPS policies depending on the degree of threats
>Cisco Firepower Integration Expertise

Firepower Services for ASA firewalls provide advanced multi-layered protection

Simpler implementations of Cisco ASA 5500-X firewalls can be effectively managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool which is provided with all ASA 5500-X versions. ASDM provides a simple web dashboard for configuring, managing, and debugging ASA 5500-X devices and service modules.

For more complex deployments, ASA 5500-X appliances with Firepower can be managed using Cisco's Firepower Management Center, available as one or more physical or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names including Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.

Cisco's Firepower Management Center provides capabilities beyond those available with Cisco's on-device ASDM tool. Additional capabilities include greater context awareness, Advanced Malware Protection (AMP) with mitigation for user devices, a console that offers dynamic network visualization, automated policy optimization driven by impact evaluation of attacks, advanced IPS, custom application discovery for Application Visibility and Control (AVC), customized health notifications, enhanced reporting options, and application interfaces for host input and databases. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be handled using the on-box ASDM or the ASA command line interface.

Cisco ASA 5500 Firewalls
Cisco ASA Firewalls build on engineering developed for the PIX 500 family firewall, the Cisco IPS 4200 Series sensor, and the Cisco VPN 3000 model concentrator. These technologies converge on the Cisco ASA Firewall product line to offer a platform that defends against the widest variety of threats. Cisco ASA Firewalls deliver program security, network containment and control, and safe Virtual Private Network connectivity throughout Cisco's product line. This broad scope of security allows the guarding of any network area, which includes the most common attack conduits such as remote locations, LAN-connected internal users, and off-site access Virtual Private Networks.

>Cisco ASA 5500 Consulting Services and Technical Support
The expandable architecture of the Cisco ASA 5500 Series permits you to add more security services via service modules and cards. These user-installable options give you the option of adding Intrusion Protection and content protection functions like filtering virus, worms, and phishing assaults and performing file and web filtering. In addition to enabling your IT staff to respond quickly to the latest risk vectors, the expandable design of the ASA 5500 Series also leverages your hardware investment by increasing the useful life of your security appliances. The Cisco ASA 5500 family also protects your investment in administrative team education by supporting the rich set of PIX 500 security management utilities and protocols such as the Cisco Adaptive Security Device Manager system, protected command-line interface (CLI) access, syslog, and Simple Network Management Protocol (SNMP).

Cisco Adaptive Security Appliances (ASA) firewalls deliver robust application protection through smart, application-aware inspection engines that analyze traffic at Layers 4-7. This results in a safer network covering Web, voice, and mobile wireless access. To protect networks against application-layer attacks and to offer better control over the applications and protocols used in their environments, these inspection engines integrate broad application and protocol knowledgebases and rely on security enforcement technologies that include anomaly detection and application and protocol state monitoring. Also included are attack sensing and mitigation technology such as application and protocol command filters and content verification. Cisco ASA 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, allowing organizations to enforce usage policies and free up network bandwidth for vital business processes.

For additional information about Progent's consulting services for ASA 5500 firewalls, go to ASA 5500 firewalls configuration and troubleshooting support.

Cisco PIX Firewall Appliances
Built upon a hardened, purpose-built software platform that delivers a wealth of protection services, Cisco PIX security appliances offer a high level of protection and have been awarded EAL 4 status and ICSA Firewall and IP Security (IPsec) qualification. Cisco PIX firewall appliances offer protection for a wide array of VoIP and additional multimedia standards including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping businesses to safeguard installations of a broad range of contemporary and upcoming Voice over IP and mixed-media applications.

Cisco PIX Firewalls Help
PIX firewall appliances offer a variety of setup, monitoring, and troubleshooting options, providing IT managers the versatility to utilize the techniques that best match their requirements. Management options include common, policy-based administration utilities, integrated web-accessible management, and support for remote-monitoring protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager system offers a world-class Web-accessible control platform that greatly simplifies the deployment, ongoing modification, and tracking of a single Cisco PIX firewall without the need of any additional utility other than a standard browser and Java plug-in to be running on an administrator's computer.

IT managers can furthermore remotely set up, monitor, and troubleshoot Cisco PIX firewalls using a command-line interface. Secure CLI interface communication is possible using several techniques including Secure Shell Protocol, Telnet over IPsec, and out-of-band via a console port. PIX security appliances also have dependable automatic-update features, a collection of revolutionary protected remote-management options that ensure firewall configurations and software images are always current.

For additional details about Progent's consulting services for Cisco PIX 500 firewalls, go to Cisco PIX 500 firewalls configuration and debugging support.

Progent's PIX to ASA Migration Support Services
Since Cisco has discontinued selling the PIX product line, many companies are concerned about depending on a critical security component that might no longer be supported by Cisco. Cisco ASA 5500 security appliances offer the advantage of being current products and also bring several technical and financial benefits in comparison to PIX 500 firewalls. These benefits include significantly higher throughput, optional SSL VPN support, and a modular design that protects your investment by enabling you to self-install more security features when and if you require them. Progent's Cisco network engineers can help you to assess the business value of for moving from PIX to ASA 5500 firewalls, create a migration plan that permits a fast and non-disruptive changeover, assist you to set up new ASA 5500 appliances, and provide online, consulting, and technical support services.

Other Ways Progent Can Assist Your Business with Cisco ASA and PIX Security Appliances
Cisco's Cisco ASA 5500 Series adaptive security appliances and PIX security appliances incorporate a wealth of setup, tracking, and analysis options that offer you the flexibility to deploy these security appliances to match your business requirements. Progent's CCIE authorized network experts can assist you to install an efficient infrastructure that incorporates Cisco ASA or PIX firewall technology and that provides advanced security, fault tolerance, performance, and manageability. Progent's CISA and CISSP-ISSP-qualified information security consultants can help your business to create a security policy that makes sense for your environment and can configure your security appliance to enforce your security strategy. Progent's risk assessment engineers can assess the effectiveness of your existing firewall deployment and validate the security of your entire information system environment. Progent’s Help Desk Call Center can provide emergency online troubleshooting for Cisco technology and offer quick access to a Cisco CCIE network engineer.

For more information concerning Progent's consulting assistance for Cisco networking products, choose a subject:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic: To learn additional details concerning Progent's consulting expertise for Cisco networking products, select a topic:

For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.

© 2002- 2018 Progent Corporation. All rights reserved.

More topics of interest: