Ciscoís ASA 5500-X Series, ASA 5500, and PIX 500 firewall appliances provide combined firewall, IPsec VPN, and IPS services in single-box packages, delivering a wide array of features to meet the security requirements of companies ranging from small businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X Series, ASA 5500, and PIX firewalls enable IT security teams to protect their network perimeter and provide safe offsite and mobile connectivity while utilizing advanced administration mechanisms based on Cisco's industry-leading firewall products.
Ciscoís ASA 5500 and PIX 500 firewalls have reached end-of-life (EOL) but are still widely deployed in smaller organizations and in some enterprise networks. The ASA 5500-X Next-Generation Firewalls represent substantially more bang for the buck and have superseded the ASA 5500 and PIX families of firewalls for new installations. However, Cisco's older model firewall appliances, if properly managed, can deliver a high level of protection by providing a variety of services including stateful firewall, Virtual Private Network (VPN) connections, and IPS.
After Cisco's purchase of Sourcefire, the entire line of ASA 5500-X firewalls can be provisioned to enable Firepower Services, based on Sourcefire's Snort product, which is the world's most deployed network intrusion protection system (IPS). Firepower services provide powerful new capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco-certified infrastructure engineers can assist your organization to support and troubleshoot legacy ASA 5500 Series and PIX 500 firewalls and can also help you to design and implement an efficient upgrade to Ciscoís ASA 5500-X firewalls with Firepower. Progent can also help you to design, integrate, tune, manage and debug new firewall solutions built on Cisco's latest ASA 5500-X models with Firepower.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X security appliances includes an improved substitute for each rack-mountable model in the older ASA 5500 generation of firewalls. Each ASA 5500-X model targets the same environment as the corresponding previous models, which gives small and midsize businesses ample room for selecting a solution that aligns with their security requirements and budgets. All ASA 5500-X products build on Cisco's proven stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore processors and are capable of running Cisco's powerful security services. All devices in Cisco's ASA 5500-X family deliver dependable security across any mix of physical, virtual, and cloud deployments.
For additional details about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's support for ASA 5500-X firewalls, go to Cisco Firepower integration and debugging expertise
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with software or hardware modules that support Firepower Services, which provide layered protection against advanced attacks. Firepower Services are based on technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA firewalls include:
- Multi-layer protection against familiar and zero-day attacks
- Advanced Malware Protection (AMP) that utilizes big data to find and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that covers users, infrastructure, software applications, and content to discover threats that use multiple approaches
- High-resolution Application Visibility and Control that is aware of thousands of apps and can automatically activate standard and customized IPS policies based on the degree of threats
Firepower Services for Cisco ASA 5500-X firewalls offer advanced multi-layered security
Smaller implementations of ASA firewalls can be effectively administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all ASA 5500-X models. ASDM includes a convenient web console for deploying, managing, and debugging ASA 5500-X firewalls and modules.
For more complex deployments, ASA 5500-X appliances with Firepower can be managed using Firepower Management Center, implemented as one or several physical units or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection. Because of frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under various names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Cisco's Firepower Management Center offers capabilities unavailable with Cisco's on-device ASDM tool. Extra capabilities include greater context awareness, Advanced Malware Protection (AMP) with remediation for user devices, a dashboard that offers real-time network infrastructure visualization, automated policy tuning based on impact evaluation of attacks, advanced IPS, custom app discovery for Application Visibility and Control (AVC), customized health alerts, improved reporting options, and APIs for host input and databases. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be handled via Cisco's ASA 5500-X on-device ASDM or the ASA command line interface.
Cisco ASA 5500 Firewalls
Cisco ASA Firewalls build on engineering developed for the Cisco PIX 500 Series Security Appliance, Cisco's IPS 4200 Series sensor, and Cisco's VPN 3000 Series concentrator. These solutions enable the Cisco ASA Firewall product line to deliver a platform that stops the widest range of attacks. Cisco Adaptive Security Appliances Firewalls provide application security, network containment and control, and safe Virtual Private Network connectivity throughout Cisco's product portfolio. This broad scope of protection allows the guarding of any network segment, including the most common attack conduits like remote sites, locally-attached internal users, and off-site access Virtual Private Networks.
The expandable design of the ASA 5500 Series enables you to add more features via security service modules and cards. These easy-to-install options give you the option of adding IPS and content protection services such as blocking virus, worms, and phishing attacks and executing file and web screening. In addition to enabling your IT staff to respond quickly to new risk environments, the extensible architecture of the Cisco ASA 5500 family also leverages your capital investment by prolonging the life of your security appliances. The Cisco ASA 5500 family also leverages your investment in administrative staff training by utilizing the rich set of PIX 500 security management utilities and protocols including the Cisco ASDM platform, protected command-line interface availability, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco ASA firewalls deliver robust application protection through intelligent, application-sensitive inspection engines that examine traffic at Layers 4-7. This results in a more secure network covering Web, voice, and 3G-mobile wireless connectivity. To defend networks against application-layer attacks and to provide better policing of the programs and protocols used in their environments, Cisco's inspection engines integrate broad application and protocol knowledgebases and employ security enforcement technologies such as anomaly detection and state monitoring. Also incorporated are attack sensing and remediation techniques including application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver management of IM and peer-to-peer file sharing, enabling organizations to police usage policies and recover bandwidth for critical business applications.
For more details about Progent's consulting services for Cisco's ASA 5500 security appliances, see Cisco ASA 5500 firewalls integration and debugging consulting.
Based upon a hardened, specialized OS that offers a wealth of protection services, Cisco PIX firewalls offer a high level of protection and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. Cisco PIX firewalls provide protection for a broad range of VoIP and other mixed-media conventions including H.323 Version 4, SIP, Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol (MGCP), helping organizations to protect installations of a broad range of contemporary and upcoming Voice over IP and multimedia applications.
Cisco PIX firewalls feature a variety of configuration, tracking, and analysis features, giving businesses the versatility to utilize the techniques that best match their needs. Administrative options include centralized, policy-based management tools, integrated web-based management, and support for remote-monitoring protocols like Simple Network Management Protocol and syslog. The integrated ASDM system offers a powerful Web-accessible management platform that significantly streamlines the installation, in-place configuration, and monitoring of a single PIX security appliance without the need of any additional utility beyond a standard browser and Java plug-in to be running on an administrator's computer.
IT managers can furthermore remotely set up, track, and analyze PIX firewalls via a CLI interface. Secure command-line interface (CLI) access is available using a number of methods including SSHv2 Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. PIX firewall appliances also include robust auto-update capabilities, a set of revolutionary protected remote-management services that make sure that firewall settings and software images are kept up to date.
For more information about Progent's support services for PIX security appliances, visit PIX 500 firewalls configuration and troubleshooting services.
Progent's PIX to ASA Migration Consulting Services
Since Cisco has discontinued offering the PIX 500 product line, many businesses are concerned about depending on a critical infrastructure component that might stop being supported. ASA 5500 firewalls have the advantage of being current products and also offer a number of technical and budgetary benefits in comparison to PIX 500 firewalls. These advantages include substantially better throughput, optional Secure Sockets Layer VPN capability, and an expandable architecture that guards your investment by enabling you to add new security services whenever you need them. Progent's CCIE-certified network engineers can help your company to assess the strategic value of for upgrading from PIX 500 to Cisco ASA 5500 security appliances, design a migration plan that permits a fast and seamless upgrade, help you to install new ASA 5500 firewalls, and provide remote training, consulting, and troubleshooting services.
Other Ways Progent Can Help You with Cisco ASA and PIX Security Appliances
Cisco's Cisco ASA 5500 Series adaptive security appliances and PIX firewalls provide a wealth of setup, monitoring, and analysis options that give you the flexibility to deploy these firewalls to match your company's requirements. Progent's CCIE authorized network experts can assist you to install an efficient infrastructure that incorporates Cisco ASA and/or PIX firewall technology and that offers world-class security, resilience, performance, and recoverability. Progent's CISA and CISSP-ISSP-premier information security experts can assist you to create a security strategy that makes sense for your environment and can set up your security appliance to support your security strategy. Progent's risk evaluation engineers can assess the effectiveness of your current firewall deployment and audit the security of your entire IT environment. Progentís Technical Response Center can provide emergency remote troubleshooting for Cisco technology and can give you quick access to a Cisco network engineer.
For additional information about Progent's professional support for Cisco technology, select a topic:
To see additional details about Progent's consulting help for Cisco products, choose a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To get in touch with Progent about technical expertise for Cisco products, phone 1-800-993-9400 or see Contact Progent.