Cisco's ASA 5500 line of multi-function firewalls offers integrated firewall, Virtual Private Network, and IPS capability in compact single-cabinet packages and can be upgraded with a rich selection optional capabilities to meet the requirements of organizations ranging from small and mid-size businesses to enterprise data centers and ISPs. Cisco's ASA 5500 firewalls enable IT organizations to defend their network perimeter and achieve safe remote connectivity while utilizing familiar administration utilities based on a shared software architecture. Because the ASA 5500 product line has reached end-of-life status and support from Cisco may not be available, IT managers must consider whether to continue using these legacy products or upgrade to Cisco's current series of ASA 5500-X series firewalls with Firepower Services. Progent's CCIE-certified network consultants can provide support in either circumstance by providing support for the ASA 5500 firewalls or helping you migrate cost-effectively to Cisco's next generation of security appliances.
For details about Cisco's ASA 5500-X family of firewalls and to find out how Progent can help you migrate to these newer devices, see Progent's ASA 5500-X firewalls with Firepower Services: integration and technical support.
Cisco ASA 5500 Series Firewalls
Cisco ASA Firewalls build on the proven engineering behind Cisco's popular PIX 500 firewall, the Cisco IPS 4200 Series sensor, and the VPN 3000 model concentrator. These solutions enable the Cisco Adaptive Security Appliances (ASA) Firewall family to deliver a firewall that stops the widest range of threats. Cisco Adaptive Security Appliances Firewalls provide program security, network containment and control, and clean Virtual Private Network functionality throughout Cisco's product line. This breadth of security allows defense of any network area, including the most typical attack conduits such as remote sites, LAN-attached inside users, and off-site connected VPNs.
The expandable design of the Cisco ASA 5500 Series permits you to add more services by installing security service modules and security service cards. These user-installable options give you the option of adding IPS and content protection services such as filtering virus, spyware, and phishing assaults and executing data and web screening. Besides allowing you to respond rapidly to the latest risk vectors, the extensible architecture of the ASA 5500 family also leverages your capital investment by prolonging the useful life of your firewalls. The ASA 5500 Series also leverages your investment in IT team training by utilizing the familiar set of PIX 500 security management utilities and protocols including the Cisco Adaptive Security Device Manager system, protected command-line interface (CLI) availability, syslog, and SNMP.
Cisco Adaptive Security Appliances 5500 Series firewalls deliver a high-level of application protection through smart, application-aware inspection processes that analyze network flows at Layers 4-7. The result is a safer environment including Web, voice, and mobile wireless services. To defend networks against application-layer attacks and to offer stronger policing of the applications and protocols used in their networks, these inspection engines integrate broad application and protocol knowledge and employ security enforcement technologies such as protocol anomaly detection and application and protocol state monitoring. Also included are attack sensing and mitigation technology such as application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide management of instant messaging and peer-to-peer file sharing, allowing organizations to enforce usage policies and preserve network bandwidth for crucial business processes.
ASA 5505 Security Firewalls
Cisco's ASA 5505 firewall is intended for small organizations, branch offices, and teleworkers. ASA 5505 firewalls offer maximum firewall throughput of 150 Mbps and accommodate as many as 25 Secure Sockets Layer VPN sessions plus 10k connections in the standard version and as many as 25,000 connections in the Security Plus version. The ASA 5505 features 256 MB of RAM and can handle three VLANs with trunking disabled. Advanced security features like GTP/GPRS inspection are not offered in this low-cost security appliance. High availability is an option with the Security Plus version.
The Cisco ASA 5505 firewall contains a single expansion slot for a Security Services Card that supports IPS. Maximum IPS performance with this card installed is 75 Mbps.
ASA 5510, 5520, and 5540 Firewalls
The ASA 5510 firewall is designed for small and mid-sized businesses (SMBs) and small enterprises. The 5510 supports top firewall throughput of 300 Mbps and can handle up to 250 Secure Sockets Layer VPN sessions. In the Base version, the ASA 5510 firewall supports 50,000 connections and 130k in the Security Plus version. The ASA 5510 includes 256 MB of memory and can support 50 VLANs with the base version and 100 VLANs with the Security Plus model. Load balancing, tunnel clustering, and high availability support are optional only with the Security Plus model.
Cisco's ASA 5520 firewall is intended for small enterprises. Cisco's 5520 offers top firewall throughput of 450 Mbps and can handle up to 750 Secure Sockets Layer VPN sessions and 280k connections. The ASA 5520 firewall includes 512 MB of memory and can support 150 VLANs. GTP/GPRS inspection, VPN clustering, network load balancing, and high availability support are standard.
Cisco's ASA 5540 firewall is intended for mid-sized enterprises, supports top firewall speed of 650 Mbps, and accommodates as many as 2,500 Secure Sockets Layer tunneling sessions along with 400,000 connections. The ASA 5540 includes 1 gigabyte of memory and supports 200 virtual interfaces. GTP/GPRS inspection, tunnel clustering, load balancing, and high availability support are included.
Cisco ASA 5510, 5520, and 5540 firewalls can each accept a single SSM module that can enable Content Security and Control Security, Advanced Inspection and Prevention, or 4 GB Ethernet security. Maximum Advanced Inspection and Prevention bandwidth, based on the AIP SSM module used, can reach 350, 450, and 650 Mbps with the respective models.
Cisco ASA 5550 Firewalls
Cisco's 5500 firewall is targeted at large enterprises and offers top firewall throughput of 1.2Gbps. The ASA 5550 security appliance supports up to 5,000 Secure Sockets Layer tunneling sessions and 650,000 connections. Cisco's 5500 firewall includes 4 gigabytes of memory and supports 250 VLANs. GTP/GPRS inspection, tunnel clustering, and network load balancing support is standard, and high availability features are available as an option.
Cisco's 5550 does not have card slots but includes four built-in SFP fiber optic Ethernet ports.
ASA 5580 Firewalls
Cisco's ASA 5580-20 and 5580-40 firewalls are designed for enterprise data centers. The Cisco ASA 5580-20 features firewall throughput of 5 Gbps, handles one million connections, and has 8 GB of RAM. The 5580-40 has firewall throughput of 10 Gbps, supports 2 million connections, and has 12 gigabytes of RAM.
Both models can handle as many as 10k SSL tunnel sessions and up to 250 VLANs. Both models support GTP/GPRS inspection, VPN clustering, network load balancing, and high availability, and both include six card slots for Interface Expansion Cards (IECs) that accommodate various Ethernet connections.
How Progent Can Help Support Your Cisco ASA 5500 Firewalls
Although Cisco ASA 5500 firewalls have been discontinued, they are still widely deployed and they still offer a high level of protection. Progent's CCIE-certified network consultants can help you optimize the business value of your existing ASA 5500 firewalls, provide expert online technical support, or help you migrate to Cisco's ASA 5500-X family. Progent's migration services, which also apply to older PIX 500 firewalls, include evaluating the strategic advantage of upgrading, developing a migration plan based on leading practices, testing firewall models and configurations to make sure they provide the performance and security you need, installing and configuring the new firewalls, and ongoing consulting support and troubleshooting either remotely or onsite. Progent can also train your IT staff about proven techniques for firewall management.
Progent can also provide additional consulting and support services make sure your firewall deployment is a cohesive part of your overall security strategy. Progent's senior project managers can assist you to create, test, and carry out an efficient migration plan. Progent's vulnerability assessment services offer an affordable way to check for security gaps in the way network devices are configured and the way network applications are written. Progent's certified network security experts can help you create a company-wide security solution that accounts for the issues associated with cloud computing and bring-your-own-device environments. Progent's ProSight WAN Watch remote network monitoring and reporting services provide 24x7 monitoring and automated alerts when security or performance issues are detected. Progent can also provide the expertise of a business continuity planning consulting who can assist you in designing, documenting, and testing a disaster recovery/business continuity plan that meets government and industry requirements. For major IT initiatives such as security appliance migrations, Progent offers the resources of the QTS Data Center Testing Lab to create and test pilot systems in order to assess the effectiveness of new equipment and configurations.
Contact Progent about Consulting Services for Cisco ASA 5500 Firewalls
To ask Progent about consulting services for Cisco ASA 5500 Firewalls, call 1-800-993-9400 or visit Contact Progent.
For more details concerning Progent's consulting assistance for Cisco technology, choose a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To ask Progent about consulting help for Cisco networking, phone 1-800-993-9400 or visit Contact Progent.