Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewalls offer combined firewall, IPsec VPN, and IPS services in compact single-box devices, delivering a broad range of features to match the security requirements of companies from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500, and PIX 500 firewalls enable IT security teams to defend their network perimeter and provide secure remote access while using powerful administration mechanisms based on Cisco's world-class firewall products.

Cisco’s ASA 5500 Series and PIX 500 firewalls have arrived at end-of-life but remain widely deployed in smaller organizations and in a few larger data centers. Cisco’s ASA 5500-X Next-Generation Firewalls deliver significantly more value and have supplanted Cisco's ASA 5500 and PIX families of firewalls for new deployments. Still, Cisco's older model firewall appliances, if carefully managed, continue to offer a high level of security by supplying a variety of security functions including stateful firewall, VPN, and IPS.

Following Cisco's acquisition of Sourcefire, the whole family of ASA 5500-X firewalls can be configured to enable Firepower Services, based on Sourcefire's Snort product, which is the market's most popular network intrusion protection system. Firepower services provide powerful new features including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.

Progent's Cisco CCIE-qualified infrastructure engineers can help your organization to support and troubleshoot legacy ASA 5500 Series and PIX firewalls and can also assist you to design and implement a smooth upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also help you to plan, configure, optimize, administer and troubleshoot new firewall solutions built on Cisco's current ASA 5500-X firewalls with Firepower.

Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X firewalls features an enhanced replacement for every rack-mountable model in the previous ASA 5500 line of firewalls. Each ASA 5500-X model is suited for the identical environment as the corresponding earlier models, which gives small and midsize businesses plenty of choice for selecting a firewall that meets their security requirements and IT budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and support Cisco's advanced security services. All models in Cisco's ASA 5500-X product line provide dependable protection across any mix of physical, virtual, and cloud deployments.

>Cisco ASA 5500-X Firepower Consultants

For additional details about ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA 5500-X firewalls, see Firepower configuration and troubleshooting consulting

Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with software or physical modules that support Cisco's Firepower Services, which provide layered protection against advanced attacks. Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X security appliances include:

  • Multi-layer defense against familiar and new attacks
  • Cisco's Advanced Malware Protection that utilizes big data to discover and remediate intrusions
  • Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers clients, network infrastructure, apps, and content to detect attacks that use multiple vectors
  • Fine-grained Application Visibility and Control that is familiar with thousands of applications and can automatically launch both standard and customized IPS policies depending on the severity of threats
>Cisco Firepower Integration Expertise

Firepower Services for Cisco ASA 5500-X firewalls provide advanced multi-layered threat protection

Smaller implementations of Cisco ASA firewalls can be effectively managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool provided with all ASA 5500-X versions. ASDM provides an easy-to-use web dashboard for deploying, administering, and debugging ASA 5500-X devices and modules.

For more complex deployments, ASA 5500-X appliances with Firepower Services can be administered using Firepower Management Center, implemented as one or several physical units or virtual devices. Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names that include Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.

Firepower Management Center offers capabilities beyond those available with Cisco's on-box Adaptive Security Device Manager utility. Additional capabilities include greater context awareness, Cisco's Advanced Malware Protection with remediation for client devices, a dashboard that provides dynamic infrastructure visualization, automated policy tuning based on impact evaluation of threats, advanced IPS, custom application discovery for Application Visibility and Control, customized health notifications, improved reporting features, and APIs for host input and database access. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be handled using the on-device ASDM or the ASA 5500-X command line interface.

Cisco ASA 5500 Family of Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on engineering developed for the Cisco PIX 500 family firewall, the Cisco IPS 4200 Series sensor, and the VPN 3000 model concentrator. These technologies enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to deliver a platform that stops the widest variety of threats. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver program protection, network containment and control, and clean Virtual Private Network functionality across the entire product line. This broad scope of security enables the guarding of any network area, which includes the most common threat conduits like remote locations, locally-attached internal users, and remote connected Virtual Private Networks.

>ASA 5500 Series Consulting Services and Troubleshooting
The scalable design of the ASA 5500 family permits you to add more security services via service modules and cards. These easy-to-install options give you the ability to add Intrusion Protection and content protection services like filtering virus, worms, and phishing attacks and executing data and URL filtering. Beside allowing your IT staff to react rapidly to the latest threat vectors, the extensible architecture of the ASA 5500 family also leverages your hardware investment by increasing the useful life of your security appliances. The Cisco ASA 5500 Series also protects your investment in IT staff education by utilizing the familiar library of PIX 500 management utilities and protocols including the Cisco Adaptive Security Device Manager (ASDM) system, secure command-line interface availability, verbose syslog, and Simple Network Management Protocol (SNMP).

Cisco Adaptive Security Appliances (ASA) firewalls provide robust application security via smart, application-sensitive inspection engines that analyze traffic at Layers 4-7. This results in a safer network including Web, voice, and 3G-mobile wireless services. To defend networks against application-layer attacks and to provide stronger control over the programs and protocols utilized in their environments, these inspection engines incorporate extensive application and protocol knowledge and employ security enforcement solutions that include anomaly detection and application and protocol state tracking. Also incorporated are assault detection and mitigation techniques such as application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver control over instant messaging and peer-to-peer file sharing, allowing businesses to police usage policies and conserve bandwidth for vital business processes.

For additional details about Progent's consulting services for ASA 5500 security appliances, go to ASA 5500 series firewalls configuration and troubleshooting support.

Cisco PIX Firewall Appliances
Built upon a tested, purpose-built software platform that delivers rich protection features, PIX firewalls provide a high level of security and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security qualification. Cisco PIX firewall appliances offer protection for a wide range of VoIP and additional multimedia standards such as H.323 Version 4, SIP, SCCP, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping organizations to protect installations of a wide range of current and next-generation IP voice and video applications.

Cisco PIX Security Experts
Cisco PIX security appliances offer a variety of configuration, tracking, and troubleshooting features, giving businesses the flexibility to use the techniques that most closely meet their requirements. Management options include centralized, policy-based administration utilities, integrated web-based administration, and compatibility with remote-monitoring standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM interface offers a powerful Web-accessible management platform that significantly simplifies the deployment, in-place configuration, and tracking of a single PIX firewall without the need of any additional utility other than a standard Web browser and Java applet to be installed on an administrator's computer.

IT managers can furthermore remotely configure, track, and troubleshoot Cisco PIX firewalls using a CLI interface. Safe command-line interface (CLI) access is available through several techniques including SSHv2 Protocol, Telnet over IP Security, and out-of-band through a console port. Cisco PIX firewalls also have dependable automatic-update capabilities, a collection of revolutionary protected remote-management services that ensure firewall configurations and software images are kept up to date.

For additional information about Progent's consulting services for PIX security appliances, visit PIX firewalls configuration and troubleshooting consulting.

Progent's PIX to ASA Migration Consulting
Because Cisco has ceased offering the PIX 500 family of firewalls, many companies are concerned about relying on a critical security mechanism that might stop being supported by Cisco. Cisco ASA 5500 security appliances have the benefit of being new devices and also bring several functions and financial benefits in comparison to PIX 500 firewalls. These advantages include substantially better throughput, optional SSL VPN capability, and a modular architecture that protects your investment by allowing you to self-install new security services when and if you require them. Progent's Cisco network engineers can help your company to determine the strategic value of for upgrading from PIX to ASA 5500 security appliances, create a migration process that allows for a quick and non-disruptive upgrade, assist you to configure new ASA 5500 appliances, and offer remote training, consulting, and technical support services.

Additional Ways Progent Can Help You with Cisco Firewalls
Cisco Cisco ASA 5500 Series adaptive security appliances and PIX security appliances provide a wealth of setup, monitoring, and troubleshooting options that offer you the flexibility to set up these security appliances to match your company's needs. Progent's CCIE certified network professionals can show you how to and support an efficient network infrastructure that incorporates Cisco ASA and/or PIX firewalls and that provides world-class protection, resilience, performance, and recoverability. Progent's GISA and CISSP-ISSP-certified IS security experts can assist your business to create a security strategy that makes sense for your environment and can set up your firewall to enforce your security policies. Progent's risk assessment professionals can assess the effectiveness of your existing firewall solution and audit the security of your entire information system environment. Progent’s Help Desk Call Center can provide urgent remote troubleshooting for Cisco technology and can give you fast access to a Cisco network engineer.

To find out additional details concerning Progent's professional assistance for Cisco networking products, choose a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic: To find out additional information concerning Progent's professional assistance for Cisco solutions, pick a subject:

For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.

© 2002- 2018 Progent Corporation. All rights reserved.

More topics of interest: