Ciscoís ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls provide combined firewall, IPsec VPN, and intrusion prevention system services in single-box devices, delivering a broad array of features to match the security requirements of companies from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X, ASA 5500, and PIX firewalls enable network security teams to defend their network edge and offer secure remote connectivity while utilizing powerful administration mechanisms built on Cisco's world-class firewall technology.

Ciscoís ASA 5500 and PIX 500 firewall appliances have reached end-of-life but are still widely deployed in smaller organizations and in a few larger data centers. Ciscoís ASA 5500-X Series Next-Generation Firewalls represent substantially more value and have supplanted Cisco's ASA 5500 and PIX lines of firewalls for new installations. However, Cisco's older model firewall appliances, if carefully maintained, continue to deliver a high degree of protection by supplying a variety of services including stateful firewall, IPsec VPN, and IPS.

Since Cisco's acquisition of Sourcefire, the whole line of ASA 5500-X firewalls can be configured to support Firepower Services, built on Sourcefire's Snort technology, which is the market's most popular network intrusion protection system. Firepower services provide enhanced features including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.

Progent's Cisco CCIE-premier network engineers can help you to support and troubleshoot legacy ASA 5500 and PIX firewalls and can also assist you to plan and carry out an efficient upgrade to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also help you to design, deploy, optimize, administer and debug new firewall solutions built on Cisco's latest ASA 5500-X models with Firepower.

Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X firewalls features an improved replacement for each rack-mountable model in the older ASA 5500 series of firewalls. Each ASA 5500-X firewall is suited for the same environment as the corresponding previous models, which offers small and midsize businesses plenty of choice for picking a firewall that meets their security requirements and IT budgets. All ASA 5500-X firewalls are based on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and support Cisco's advanced security services. All devices in Cisco's ASA 5500-X family provide dependable security across any combination of physical, virtual, and cloud environments.

Cisco ASA 5500-X Firepower Consultants

For more details about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's consulting for Cisco ASA firewalls, see Firepower configuration and troubleshooting expertise

Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls accept software or hardware modules that support Firepower Services, which offer layered defense against sophisticated threats. Cisco's Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA security appliances include:

  • Multi-layer defense against familiar and new attacks
  • Advanced Malware Protection that utilizes big data to find and remediate intrusions
  • Cisco's Next-Generation Intrusion Prevention System that performs contextual analysis that looks at clients, network infrastructure, apps, and content to discover attacks that incorporate simultaneous approaches
  • Fine-grained Application Visibility and Control (AVC that is aware of thousands of applications and can automatically activate standard and custom IPS policies depending on the degree of threats
Cisco Firepower Integration Expertise

Firepower Services for ASA 5500-X firewalls offer multi-layered threat protection

Simpler implementations of Cisco ASA 5500-X firewalls can be effectively managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility provided with all ASA 5500-X models. ASDM includes an easy-to-use web dashboard for configuring, managing, and debugging ASA 5500-X firewalls and modules.

For more complex environments, ASA 5500-X firewalls with Firepower Services can be administered with Cisco's Firepower Management Center, implemented as one or more physical or virtual devices. Cisco's Firepower Management Center offers unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to ongoing rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under several names that include Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.

Firepower Management Center offers features beyond those available with Cisco's on-box Adaptive Security Device Manager tool. Additional features include expanded context awareness, Advanced Malware Protection with remediation for client devices, a dashboard that provides real-time network visualization, automated policy tuning based on risk evaluation of attacks, advanced IPS, custom application detectors for Application Visibility and Control, customized health alerts, improved reporting features, and APIs for host input and databases. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be managed using either the on-box ASDM or the ASA 5500-X command line interface.

Cisco ASA 5500 Family of Adaptive Security Appliances
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage engineering developed for the Cisco PIX 500 firewall, the Cisco IPS 4200 family sensor, and the VPN 3000 Series concentrator. These solutions enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to offer a platform that defends against the broadest range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide program security, network containment and control, and safe VPN connectivity throughout Cisco's product portfolio. This breadth of security allows defense of any network area, which includes the most typical attack conduits such as remote locations, LAN-attached internal users, and remote connected Virtual Private Networks.

Cisco ASA 5500 Consulting and Technical Support
The scalable design of the ASA 5500 Series enables you to add security services by installing security service modules and cards. These user-installable options provide the ability to add Intrusion Protection and content protection functions such as blocking virus, spyware, and phishing assaults and performing data and web filtering. Beside enabling you to respond quickly to the latest risk vectors, the extensible design of the Cisco ASA 5500 family also leverages your hardware investment by increasing the life of your security appliances. The Cisco ASA 5500 family also leverages your investment in administrative team training by supporting the familiar set of PIX 500 management tools and protocols including the Cisco Adaptive Security Device Manager platform, secure command-line interface access, syslog, and Simple Network Management Protocol (SNMP).

Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide robust application security through intelligent, application-aware inspection processes that analyze network flows at Layers 4-7. This results in a more secure network covering Web, voice, and 3G-mobile wireless access. To protect against application-layer assaults and to provide stronger policing of the applications and protocols used in their networks, these inspection engines integrate extensive application and protocol knowledge and employ protection enforcement technologies such as protocol anomaly detection and state monitoring. Also incorporated are attack sensing and mitigation techniques such as application/protocol command filters and content verification. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver control over IM and tunneling applications, enabling businesses to enforce usage policies and recover bandwidth for vital business applications.

For additional details about Progent's consulting services for ASA 5500 security appliances, visit ASA 5500 series firewalls configuration and debugging support.

Cisco PIX Firewalls
Based around a hardened, specialized OS that offers rich protection services, Cisco PIX firewalls provide excellent security and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. Cisco PIX firewall appliances provide security for a broad range of VoIP and additional multimedia conventions including H.323 Version 4, SIP, SCCP, Real-Time Streaming Protocol, and MGCP, helping organizations to safeguard installations of a wide range of contemporary and next-generation IP voice and multimedia applications.

PIX Security Consulting
Cisco PIX security appliances offer a variety of configuration, tracking, and troubleshooting features, providing businesses the flexibility to use the techniques that best match their requirements. Management solutions include common, policy-based administration utilities, integrated web-accessible administration, and support for remote-monitoring standards like Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a powerful Web-based control platform that significantly streamlines the installation, ongoing modification, and monitoring of a single PIX firewall appliance without requiring any additional software beyond a standard browser and Java plug-in to be installed on a manager's PC.

Administrators can also remotely set up, track, and analyze Cisco PIX firewalls via a CLI interface. Safe CLI interface access is available through several methods such as Secure Shell Protocol, Telnet through IPsec, and out-of-band through a console port. PIX firewalls also have dependable auto-update features, a collection of advanced secure remote-management services that make sure that security configurations and software images are always current.

For more information about Progent's consulting services for Cisco PIX security appliances, go to Cisco PIX firewalls integration and debugging services.

Progent's PIX to ASA Migration Consulting Support
Since Cisco has discontinued offering the PIX 500 family of firewalls, many companies are concerned about relying on a key infrastructure component that may stop being supported. Cisco ASA 5500 firewalls offer the benefit of being new devices and also bring a number of functions and financial advantages in comparison to PIX 500 devices. These benefits include significantly higher performance, optional Secure Sockets Layer VPN support, and an expandable architecture that protects your investment by allowing you to add new security features whenever you require them. Progent's Cisco experts can help your company to determine the business case for moving from PIX 500 to Cisco ASA 5500 firewalls, design a migration plan that permits a quick and seamless upgrade, help you to set up new ASA 5500 Series appliances, and offer online, consulting, and technical support services.

Other Ways Progent Can Help Your Business with Cisco ASA and PIX Security Appliances
Cisco's ASA 5500 Series adaptive security appliances and PIX family firewalls provide a wealth of setup, tracking, and troubleshooting options which give you the flexibility to configure these security appliances to match your company's needs. Progent's CCIE authorized network professionals can help you to design a cost-effective infrastructure that incorporates Cisco ASA or PIX firewall technology and that offers advanced security, fault tolerance, throughput, and manageability. Progent's GISA and CISSP-ISSP-premier IS security experts can assist your business to create a security strategy that makes sense for your environment and can set up your PIX or ASA firewall to support your security strategy. Progent's security assessment professionals can assess the strength of your current firewall deployment and audit the security of your entire IT environment. Progentís Technical Response Center (TRC) can provide emergency remote technical support for Cisco technology and offer fast access to a Cisco CCIE expert.

To find out additional information about Progent's consulting support for Cisco networking products, choose a subject:

To find out additional information about Progent's engineering assistance for Cisco products, select a subject:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

In order to get in touch with Progent about engineering help for Cisco products, phone 1-800-993-9400 or refer to Contact Progent.