Cisco's ASA 5500 line of multi-function firewalls offers integrated firewall, VPN, and IPS capability in compact single-cabinet packages and can be upgraded with a variety of optional capabilities to meet the requirements of organizations ranging from small and mid-size businesses to enterprise data centers and ISPs. Cisco's ASA 5500 firewalls enable IT organizations to defend their network perimeter and achieve safe remote connectivity while utilizing familiar administration utilities based on a shared software architecture. Because Cisco's ASA 5500 product line has reached end-of-life status and support from Cisco may not be available, IT managers must consider whether to continue using these legacy products or upgrade to Cisco's current portfolio of ASA 5500-X series firewalls with Firepower Services or the newer Firepower Series of Next Generation firewalls. Progent's CCIE-certified firewall consultants can provide support for the ASA 5500 firewalls or help you migrate efficiently to Cisco's modern lineup of security appliances.
For details about Cisco's Firepower Series of Next Generation firewalls and ASA 5500-X family of firewalls and to find out how Progent can help you migrate to these newer security appliances, see Progent's "Cisco Firepower NGFW Firewall Consulting and ASA 5500-X firewalls with Firepower Services: integration experts.
Cisco ASA 5500 Series Firewalls
Cisco's ASA 5500 Series multi-function firewalls improve on the discontinued PIX 500 family they are designed to replace by introducing a modular hardware and software architecture for easy expansion and investment protection, offering optional Secure Sockets Layer (SSL) VPN support in addition to the standard IPsec VPN included with all models, and delivering substantially higher performance. Unlike the ASA 5500-X line of firewalls that replace them, ASA 5500 firewalls cannot be upgraded to support Cisco's Firepower Services.
The expandable design of the ASA 5500 Series allows you to add services by installing security service modules (SSMs) and security service cards (SSCs). These user-installable enhancements give you the option of adding IPS and content protection services such as blocking viruses, spyware, and phishing attacks and performing file and URL filtering. In addition to allowing you to respond quickly to new threat environments, the expandable design of the ASA 5500 Series also protects your capital investment by increasing the useful life of your security appliances. The ASA 5500 Series also protects your investment in IT staff training by supporting the rich set of PIX 500 management tools and protocols including the Cisco Adaptive Security Device Manager (ASDM) system for web-based management, secure command-line interface (CLI) access, verbose syslog, and SNMP.
Cisco ASA 5500 firewalls provide enhanced application protection via application-aware inspection processes that analyze network flows at Layers 4-7 and covers web, voice, and mobile wireless connectivity. Cisco's inspection engines integrate extensive application and protocol databases and employ advanced security enforcement technologies such as anomaly detection and application and protocol state monitoring. Cisco ASA firewall inspection engines also let you control IM and peer-to-peer file sharing so you can police usage policies and free up bandwidth for key business applications.
Cisco ASA 5505 Firewalls
Cisco's ASA 5505 firewall is designed for small businesses, branch offices, and enterprise teleworkers. These devices offer maximum firewall throughput of 150 Mbps and can handle up to 25 SSL VPN sessions plus 10,000 connections in the Base version and up to 25,000 connections in the Security Plus version. The ASA 5505 includes 256 MB of memory and can support up to three VLANs with trunking disabled. GTP/GPRS inspection, VPN clustering, and load balancing are not available in this entry-level firewall. High availability support is an option with the Security Plus version.
The ASA 5505 has a single expansion slot for a Security Services Card (SSC) that supports Advanced Inspection and Prevention. Maximum IPS throughput with this card installed is 75 Mbps.
Cisco ASA 5510, 5520, and 5540 Firewalls
Cisco's ASA 5510 firewall is designed for small and mid-sized businesses and small enterprises. The ASA 5510 offers maximum firewall throughput of 300 Mbps and can handle up to 250 SSL VPN sessions. In the Base version, the ASA 5510 supports 50,000 connections in the Base version and up to 130,000 connections in the Security Plus version. The ASA 5510 includes 256 MB of memory and can support up to 50 VLANs in the base version and 100 VLANs with the Security Plus version. Load balancing, VPN clustering, and high availability support are available only in the Security Plus version.
Cisco's ASA 5520 security appliance is designed for small enterprises. The 5510 offers maximum firewall throughput of 450 Mbps and can handle up to 750 SSL VPN sessions and 280,000 connections. The ASA 5520 includes 512 MB of memory and can support up to 150 VLANs. GTP/GPRS inspection, VPN clustering, plus support for load balancing and high availability are included.
Cisco's ASA 5540 is made for medium-sized enterprises, offers maximum firewall throughput of 650 Mbps, and can handle up to 2,500 SSL VPN sessions along with 400,000 connections. The ASA 5540 includes 1 GB of memory and can support up to 200 VLANs. GTP/GPRS inspection, VPN clustering, load balancing, and high availability support are included.
Cisco ASA 5510, 5520, and 5540 firewalls can each accept a single Security Services Module (SSM) that can support Content Security and Control Security, Advanced Inspection and Prevention (AIP), or 4 Gigabit Ethernet security. Maximum IPS throughput, depending on the AIP Security Services Module used, can be up to 300 Mbps on the ASA 5510, 450 Mbps on the ASA 5520, and 650 Mbps on the ASA 5540.
Cisco ASA 5550 Firewalls
Cisco's ASA 5550 firewall is designed for large enterprises and delivers top firewall throughput of 1,200 Mbps. The ASA 5550 can handle up to 5,000 SSL VPN sessions and 650,000 connections. The Cisco ASA 5550 includes 4 GB of memory and supports up to 250 VLANs. GTP/GPRS inspection, VPN clustering, load balancing, and high availability support are included.
The ASA 5550 does not have expansion slots but has four integrated small form pluggable (SFP) fiber optic Ethernet ports.
Cisco ASA 5580 Firewalls
Cisco's ASA 5580-20 and 5580-40 firewalls are designed for large enterprise data centers. The ASA 5580-20 has firewall throughput of 5 Gbps, supports 1,000,000 connections, and has 8 GB of memory. The ASA 5580-40 has firewall throughput of 10 Gbps, supports 2,000,000 connections, and has 12 GB of memory. Both versions can handle up to 10,000 SSL VPN sessions and support up to 250 VLANs. Both models include GTP/GPRS inspection, VPN clustering, load balancing, and high availability support, and both have six slots for Interface Expansion Cards (IECs) that allow the addition of Ethernet ports.
How Progent Can Help Support Your Cisco ASA 5500 Firewalls
Although Cisco ASA 5500 firewalls have been discontinued, they are still widely deployed and they still offer a high level of protection. Progent's CCIE-certified network consultants can help you optimize the business value of your existing ASA 5500 firewalls, provide expert online technical support, or help you migrate to Cisco's ASA 5500-X Firewalls or Firepower Next Generation Firewalls. Progent's migration services, which also apply to older PIX 500 firewalls, include evaluating the strategic advantage of upgrading, developing a migration plan based on leading practices, testing firewall models and configurations to make sure they provide the performance and security you need, installing and configuring the new firewalls, and ongoing consulting support and troubleshooting either remotely or onsite. Progent can also train your IT staff about proven techniques for firewall management.
Progent can also provide additional consulting and support services make sure your firewall deployment is a cohesive part of your overall security strategy. Progent's senior project managers can assist you to create, test, and carry out an efficient migration plan. Progent's vulnerability assessment services offer an affordable way to check for security gaps in the way network devices are configured and the way network applications are written. Progent's certified network security experts can help you create a company-wide security solution that accounts for the issues associated with cloud computing and bring-your-own-device environments. Progent's ProSight WAN Watch remote network monitoring and reporting services provide 24x7 monitoring and automated alerts when security or performance issues are detected. Progent can also provide the expertise of a business continuity planning consulting who can assist you in designing, documenting, and testing a disaster recovery/business continuity plan that meets government and industry requirements. For major IT initiatives such as security appliance migrations, Progent offers the resources of the QTS Data Center Testing Lab to create and test pilot systems in order to assess the effectiveness of new equipment and configurations.
Contact Progent about Consulting Services for Cisco ASA 5500 Firewalls
To ask Progent about consulting services for Cisco ASA 5500 Firewalls, call 1-800-993-9400 or visit Contact Progent.
To see more information about Progent's engineering support for Cisco solutions, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To ask Progent about consulting help for Cisco networking, call 1-800-993-9400 or refer to Contact Progent.