Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewalls offer combined firewall, VPN, and IPS capabilities in single-box devices, delivering a wide range of features to meet the security and compliance requirements of companies ranging from small and mid-size businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X Series, ASA 5500, and PIX firewall appliances enable network security staffs to protect their network perimeter and provide secure offsite and mobile connectivity while utilizing advanced management tools built on Cisco's industry-leading firewall technology.

Cisco’s ASA 5500 Series and PIX 500 firewall appliances have reached end-of-life (EOL) but are still widely deployed in small and mid-size businesses and in some enterprise data centers. The ASA 5500-X Next-Generation Firewalls represent substantially more value and have supplanted Cisco's ASA 5500 and PIX families of firewalls for new installations. However, Cisco's legacy firewall appliances, if carefully maintained, continue to deliver a high level of security by supplying multiple features such as stateful firewall, VPN, and IPS.

After Cisco's acquisition of Sourcefire, the whole family of ASA 5500-X firewalls can be configured to support Firepower Services, based on Sourcefire's Snort product, which is the world's most popular network intrusion protection system (IPS). Firepower services bring enhanced features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.

Progent's Cisco-certified infrastructure engineers can assist your organization to maintain and troubleshoot older ASA 5500 and PIX 500 firewalls and can also assist you to design and carry out a smooth upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to plan, integrate, tune, administer and troubleshoot new firewall ecosystems based on Cisco's current ASA 5500-X firewalls with Firepower.

Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive family of ASA 5500-X firewalls includes an improved substitute for each rack-mountable unit in the previous ASA 5500 generation of devices. Each ASA 5500-X model is suited for the identical market as the corresponding earlier models, which gives small and midsize businesses ample room for picking a firewall that meets their security needs and budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and are capable of running Cisco's powerful security services. All models in Cisco's ASA 5500-X product line deliver consistent security across any mix of physical, virtual, and cloud deployments.

Cisco ASA 5500-X Firepower Consultants

For additional information about Cisco's ASA 5500-X security appliances, Cisco Firepower services, and Progent's support for ASA 5500-X security appliances, see Cisco Firepower integration and debugging consulting

Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with software or physical modules that enable Cisco's Firepower Services, which provide layered protection against advanced attacks. Cisco's Firepower Services are powered by technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X security appliances include:

  • Layered protection against familiar and new attacks
  • Cisco's Advanced Malware Protection (AMP) that utilizes big data techniques to discover and remediate intrusions
  • A Next-Generation Intrusion Prevention System that performs contextual analysis that covers users, network infrastructure, software applications, and content to discover threats that incorporate simultaneous vectors
  • High-resolution Application Visibility and Control that is aware of thousands of applications and can automatically activate standard and customized IPS policies based on the severity of risk
Cisco Firepower Configuration Expertise

Firepower Services for ASA firewalls provide multi-layered threat protection

Smaller deployments of ASA 5500-X firewalls can be effectively administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility which is provided with all ASA 5500-X versions. ASDM includes a convenient web dashboard for configuring, managing, and debugging ASA 5500-X appliances and modules.

For more complex deployments, ASA 5500-X firewalls with Firepower can be managed using Cisco's Firepower Management Center, implemented as one or more physical units or virtual devices. Firepower Management Center offers centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names that include Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.

Firepower Management Center offers capabilities unavailable with Cisco's on-device ASDM tool. Extra features include greater context awareness, Advanced Malware Protection with mitigation for user devices, a console that offers dynamic network infrastructure visualization, automated policy tuning based on impact evaluation of attacks, advanced IPS, custom app detectors for Application Visibility and Control, customized health alerts, enhanced reporting options, and application interfaces for host input and databases. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed via the on-device ASDM or the ASA command line interface.

Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances Firewalls build on engineering behind the Cisco PIX 500 Series Security Appliance, the Cisco IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 family concentrator. These technologies enable the Cisco ASA 5500 Series Firewall product line to deliver a firewall that stops the broadest variety of attacks. Cisco ASA 5500 Series Firewalls provide program protection, local containment, and safe VPN functionality across Cisco's product portfolio. This broad scope of protection allows the guarding of any network segment, including the most common attack conduits like remote sites, LAN-connected inside users, and off-site access VPNs.

Cisco ASA 5500 Series Consulting and Technical Support
The expandable architecture of the Cisco ASA 5500 family allows you to add security services by installing service modules and security service cards. These user-installable options give you the ability to add Intrusion Protection and content protection services like blocking virus, worms, and phishing assaults and performing data and web screening. In addition to enabling your IT staff to react rapidly to the latest risk vectors, the expandable architecture of the ASA 5500 family also leverages your capital investment by prolonging the life of your security appliances. The ASA 5500 Series also leverages your investment in IT staff education by utilizing the rich set of PIX 500 management utilities and protocols such as the Cisco Adaptive Security Device Manager (ASDM) system, secure command-line interface availability, syslog, and Simple Network Management Protocol (SNMP).

Cisco Adaptive Security Appliances (ASA) firewalls provide robust application protection via smart, application-aware inspection engines that analyze traffic at Layers 4-7. The result is a better protected environment including Web, voice, and mobile wireless connectivity. To defend networks against application-layer assaults and to offer stronger policing of the applications and protocols utilized in their networks, Cisco's inspection engines incorporate broad application and protocol knowledgebases and employ protection enforcement technologies such as anomaly detection and application and protocol state monitoring. Also included are assault detection and mitigation techniques such as application and protocol command filtering and URL deobfuscation. Cisco ASA firewall inspection engines also deliver control over IM and tunneling applications, allowing organizations to police usage policies and recover bandwidth for crucial business processes.

For more details about Progent's consulting services for Cisco's ASA 5500 firewalls, go to Cisco ASA 5500 series firewalls configuration and debugging support.

PIX Firewall Appliances
Based around a tested, specialized operating system that offers rich protection features, PIX security appliances offer excellent protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec qualification. Cisco PIX security appliances provide protection for a broad array of VoIP and additional mixed-media conventions such as H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, enabling organizations to protect installations of a broad range of contemporary and next-generation Voice over IP and multimedia applications.

Cisco PIX Security Consulting Firm
Cisco PIX firewalls feature a wealth of setup, tracking, and troubleshooting features, giving IT managers the flexibility to use the methods that best meet their needs. Management options include common, policy-based management utilities, integrated web-based management, and compatibility with remote-monitoring protocols like Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager interface offers a world-class Web-accessible control platform that significantly streamlines the deployment, in-place configuration, and tracking of a single PIX firewall without the need of any additional software other than a standard browser and Java applet to be running on a manager's PC.

IT managers can also remotely set up, track, and analyze Cisco PIX security appliances using a command-line interface. Secure command-line interface (CLI) access is available through several methods including SSHv2 Protocol, Telnet over IPsec, and out-of-band through a console port. PIX firewalls also have dependable automatic-update capabilities, a set of revolutionary secure remote-management options that ensure firewall settings and software images are always current.

For more information about Progent's consulting services for PIX security appliances, go to Cisco PIX firewalls integration and debugging support.

Progent's PIX to ASA Migration Support Services
Since Cisco has ceased offering the PIX product line, many companies are concerned about relying on a critical infrastructure mechanism that may stop being supported. ASA 5500 security appliances have the benefit of being new devices and also offer a number of technical and financial benefits in comparison to PIX 500 firewalls. These benefits include significantly better performance, optional SSL tunneling capability, and a modular design that protects your investment by allowing you to add new security features whenever you require them. Progent's Cisco certified experts can help you to assess the business value of for moving from PIX 500 to Cisco ASA 5500 firewalls, create a migration plan that permits a quick and seamless changeover, assist you to install new ASA 5500 firewalls, and offer remote training, consulting, and technical support services.

Other Ways Progent Can Help Your Business with Cisco Firewalls
Cisco's ASA 5500 Series firewalls and PIX security appliances provide an array of setup, monitoring, and analysis options which offer you the ability to configure these security appliances to match your company's requirements. Progent's CCIE certified network professionals can assist you to design a cost-effective network infrastructure that includes Cisco ASA or PIX security appliances and that provides world-class protection, fault tolerance, performance, and recoverability. Progent's CISA and CISSP-ISSP-qualified IS security professionals can assist your business to create a security policy that makes sense for your environment and can configure your PIX or ASA firewall to enforce your security policies. Progent's security assessment professionals can evaluate the effectiveness of your current firewall solution and audit the overall security of your whole information system network. Progent’s Technical Response Center (TRC) can provide emergency remote technical support for Cisco technology and can give you fast access to a Cisco CCIE expert.

To find out more information about Progent's engineering expertise for Cisco products, pick a subject:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic: To learn additional information about Progent's consulting help for Cisco technology, pick a subject:

For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.

© 2002- 2019 Progent Corporation. All rights reserved.

More topics of interest: