Cisco’s ASA 5500-X Series, ASA 5500, and PIX 500 firewalls provide combined firewall, IPsec VPN, and intrusion prevention system (IPS) capabilities in single-box devices, delivering a broad range of features to match the security and compliance needs of organizations ranging from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500, and PIX firewall appliances allow network security teams to protect their network edge and provide secure remote access while utilizing advanced administration mechanisms based on Cisco's world-class firewall technology.

Cisco’s ASA 5500 and PIX 500 firewalls have arrived at end-of-life (EOL) status but remain widely used in small and mid-size organizations and in a few larger data centers. Cisco’s ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have superseded Cisco's ASA 5500 and PIX 500 lines of firewalls for new deployments. Still, Cisco's legacy firewall appliances, if properly maintained, can deliver a high level of protection by providing multiple features such as firewall, Virtual Private Network (VPN) connections, and IPS.

Since Cisco's acquisition of Sourcefire, the whole family of Cisco ASA 5500-X firewalls can be configured to support Firepower Services, based on Sourcefire's Snort product, which is the world's most deployed network intrusion protection system (IPS). Firepower services bring enhanced features including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.

Progent's Cisco-qualified infrastructure engineers can assist your organization to maintain and debug older ASA 5500 Series and PIX 500 firewall appliances and can also help you to design and carry out an efficient migration to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also help you to design, deploy, tune, administer and debug new firewall ecosystems built on Cisco's current ASA 5500-X models with Firepower Services.

Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X security appliances includes an improved substitute for each rack-mountable unit in the older ASA 5500 line of devices. Each ASA 5500-X firewall targets the identical environment as the corresponding previous models, which gives small and midsize businesses plenty of choice for selecting a solution that meets their security requirements and IT budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and are capable of running Cisco's advanced security services. All models in Cisco's ASA 5500-X product line deliver dependable security across any combination of physical, virtual, and cloud environments.

>Cisco ASA 5500-X Firepower Consultants

For more information about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's support for ASA 5500-X firewalls, see Firepower configuration and troubleshooting expertise

Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances accept software or physical modules that support Firepower Services, which offer layered defense against multi-vector attacks. Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA 5500-X firewalls include:

  • Multi-layer defense against familiar and new threats
  • Cisco's Advanced Malware Protection (AMP) that uses big data techniques to find and mitigate intrusions
  • Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers users, infrastructure, software applications, and content to discover attacks that use simultaneous vectors
  • High-resolution Application Visibility and Control (AVC that is aware of thousands of applications and can automatically activate both standard and customized IPS policies based on the severity of risk
>Cisco Firepower Integration Consultants

Firepower Services for ASA 5500-X firewalls provide advanced multi-layered security

Simpler implementations of Cisco ASA firewalls can be efficiently managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all ASA 5500-X versions. ASDM includes an easy-to-use web console for configuring, administering, and troubleshooting ASA 5500-X appliances and modules.

For more complex environments, ASA 5500-X appliances with Firepower can be administered with Cisco's Firepower Management Center, implemented as one or several physical units or virtual appliances. Firepower Management Center offers unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection. Due to ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.

Cisco's Firepower Management Center provides features unavailable with Cisco's on-box Adaptive Security Device Manager tool. Extra capabilities include expanded context awareness, Advanced Malware Protection (AMP) with remediation for client devices, a dashboard that provides dynamic network visualization, automated policy optimization driven by risk assessment of threats, comprehensive IPS, custom app discovery for Application Visibility and Control, customized health alerts, enhanced reporting features, and APIs for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be handled using either Cisco's ASA 5500-X on-box ASDM or the ASA command line interface.

Cisco ASA 5500 Adaptive Security Appliances
Cisco Adaptive Security Appliances Firewalls leverage engineering behind Cisco's PIX 500 Series firewall, the IPS 4200 Series sensor, and the VPN 3000 family concentrator. These solutions converge on the Cisco Adaptive Security Appliances 5500 Series Firewall product line to offer a platform that stops the broadest variety of threats. Cisco ASA 5500 Series Firewalls provide program protection, local containment and control, and clean VPN connectivity across Cisco's product portfolio. This broad scope of security enables defense of any network area, which includes the most common attack conduits like remote sites, locally-connected inside users, and off-site connected Virtual Private Networks.

>ASA 5500 Series Consulting and Technical Support
The scalable architecture of the ASA 5500 Series allows you to add security services via security service modules (SSMs) and security service cards (SSCs). These user-installable enhancements give you the ability to add Intrusion Protection and content protection functions such as blocking virus, worms, and phishing attacks and executing file and web filtering. Beside enabling you to react rapidly to the latest threat environments, the expandable architecture of the Cisco ASA 5500 Series also leverages your capital investment by prolonging the useful life of your firewalls. The ASA 5500 Series also leverages your investment in IT staff education by utilizing the familiar library of PIX 500 management tools and protocols including the Cisco Adaptive Security Device Manager (ASDM) system, secure command-line interface availability, verbose syslog, and Simple Network Management Protocol.

Cisco ASA 5500 Series firewalls deliver a high-level of application security through intelligent, application-sensitive inspection processes that analyze traffic at Layers 4-7. This results in a better protected environment covering Web, voice, and 3G-mobile wireless access. To protect against application-layer assaults and to offer stronger control over the programs and protocols used in their environments, Cisco's inspection engines incorporate broad application and protocol knowledge and rely on protection enforcement technologies such as protocol anomaly sensing and state monitoring. Also incorporated are attack detection and remediation techniques such as application/protocol command filters and content verification. Cisco Adaptive Security Appliances firewall inspection engines also provide management of instant messaging and peer-to-peer file sharing, enabling businesses to police usage policies and conserve network bandwidth for important business applications.

For additional details about Progent's consulting services for Cisco's ASA 5500 firewalls, go to Cisco ASA 5500 series firewalls configuration and debugging support.

Cisco PIX Firewalls
Based upon a tested, specialized software platform that offers a wealth of security services, Cisco PIX firewalls provide a high level of protection and have earned EAL 4 status and ICSA Labs Firewall and IP Security qualification. PIX firewall appliances offer protection for a wide range of Voice over IP and other multimedia conventions such as H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), enabling organizations to protect installations of a broad range of current and upcoming Voice over IP and video applications.

PIX Firewalls Help
Cisco PIX security appliances offer a variety of setup, monitoring, and analysis options, providing IT managers the flexibility to utilize the techniques that best meet their requirements. Management solutions include centralized, policy-based management tools, integrated web-accessible management, and support for remote-monitoring protocols such as Simple Network Management Protocol and syslog. The integrated ASDM system provides a powerful Web-based management platform that greatly simplifies the installation, in-place configuration, and monitoring of a specific Cisco PIX firewall without requiring any additional utility beyond a standard Web browser and Java applet to be installed on an administrator's PC.

IT managers can furthermore remotely configure, monitor, and analyze Cisco PIX firewall appliances using a command-line interface (CLI). Secure command-line interface (CLI) communication is available using a number of methods such as Secure Shell (SSHv2) Protocol, Telnet over IP Security, and out-of-band via a console port. Cisco PIX firewall appliances also have dependable automatic-update capabilities, a set of advanced secure remote-management options that ensure firewall configurations and software images are always current.

For additional details about Progent's consulting services for Cisco PIX 500 firewalls, visit Cisco PIX firewalls integration and debugging consulting.

Progent's PIX to ASA Migration Support
Since Cisco has ceased selling the PIX family of firewalls, many companies are uncomfortable with depending on a key infrastructure component that may stop being supported. Cisco ASA 5500 security appliances offer the benefit of being new devices and also offer several technical and economic benefits in comparison to PIX 500 devices. These advantages include significantly better performance, optional SSL VPN capability, and a modular design that protects your investment by enabling you to add more security features when and if you require them. Progent's CCIE-certified experts can assist you to determine the business case for upgrading from PIX 500 to Cisco ASA 5500 firewalls, design a migration plan that allows for a quick and non-disruptive changeover, help you to set up new ASA 5500 Series firewalls, and offer remote training, consulting, and troubleshooting services.

Additional Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco's Cisco ASA Series firewalls and PIX security appliances incorporate an array of setup, monitoring, and troubleshooting features that offer you the flexibility to deploy these security appliances to align optimally with your business needs. Progent's CCIE authorized network professionals can show you how to design a cost-effective infrastructure that incorporates Cisco ASA and/or PIX firewalls and that provides advanced protection, resilience, performance, and manageability. Progent's CISA and CISSP-ISSP-certified information security engineers can assist your business to create a security policy appropriate for your business and can set up your security appliance to enforce your security policies. Progent's risk evaluation engineers can assess the effectiveness of your current firewall solution and audit the security of your entire IT environment. Progent’s Technical Response Center (TRC) can provide urgent online technical support for Cisco products and can give you fast access to a Cisco CCIE network engineer.

For additional information about Progent's professional support for Cisco solutions, pick a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic: To see additional details concerning Progent's professional support for Cisco products, pick a topic:

For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.

© 2002- 2017 Progent Corporation. All rights reserved.

More topics of interest: