Ciscoís ASA 5500-X Series, ASA 5500, and PIX firewall appliances offer integrated firewall, VPN, and intrusion prevention system (IPS) capabilities in single-box packages, delivering a wide range of features to meet the security and compliance requirements of organizations from small businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances allow network security staffs to protect their network perimeter and offer safe remote access while utilizing powerful management mechanisms based on Cisco's world-class firewall products.

Ciscoís ASA 5500 and PIX firewall appliances have arrived at end-of-life status but are still widely deployed in small and mid-size organizations as well as in some larger data centers. The ASA 5500-X Next-Generation Firewalls deliver substantially more value and have supplanted the ASA 5500 and PIX 500 families of firewalls for new deployments. Still, Cisco's older model firewall appliances, if carefully maintained, can offer a high level of security by supplying multiple services such as stateful firewall, VPN tunneling, and IPS.

After Cisco's purchase of Sourcefire, the entire line of Cisco ASA 5500-X devices can be configured to enable Firepower Services, built on Sourcefire's Snort technology, which is the market's most deployed intrusion protection system (IPS). Firepower services provide enhanced capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.

Progent's Cisco CCIE-premier infrastructure consultants can assist you to maintain and troubleshoot older ASA 5500 Series and PIX 500 firewall appliances and can also assist you to plan and carry out an efficient upgrade to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also help you to plan, deploy, optimize, administer and debug new firewall solutions built on Cisco's current ASA 5500-X models with Firepower.

Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X firewalls includes an improved substitute for every rack-mountable unit in the previous ASA 5500 line of firewalls. Each ASA 5500-X firewall targets the same market as the corresponding earlier models, which offers most ample room for selecting a firewall that meets their security requirements and IT budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore processors and support Cisco's powerful protection services. All models in Cisco's ASA 5500-X product line provide consistent security across any combination of physical, virtual, and cloud deployments.

Cisco ASA 5500-X Firepower Consultants

For more details about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's consulting for ASA security appliances, go to Cisco Firepower integration and troubleshooting expertise

Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with software or physical modules that support Firepower Services, which provide layered protection against advanced attacks. Firepower Services are based on innovative technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X security appliances include:

  • Multi-layer protection against both familiar and new threats
  • Advanced Malware Protection (AMP) that uses big data techniques to find and remediate intrusions
  • A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that covers clients, infrastructure, apps, and content to detect attacks that use simultaneous approaches
  • Fine-grained Application Visibility and Control that is familiar with thousands of apps and can automatically launch both standard and customized IPS policies based on the degree of risk
Cisco Firepower Integration Expertise

Firepower Services for Cisco ASA 5500-X firewalls provide multi-layered threat protection

Simpler implementations of Cisco ASA 5500-X firewalls can be efficiently managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all ASA 5500-X models. ASDM provides a simple web console for configuring, administering, and troubleshooting ASA 5500-X devices and service modules.

For more complex environments, ASA 5500-X appliances with Firepower Services can be administered with Firepower Management Center, available as one or several physical or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under several names including Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.

Cisco's Firepower Management Center provides capabilities beyond those available with Cisco's on-device ASDM tool. Extra features include greater context awareness, Advanced Malware Protection with mitigation for user devices, a console that provides real-time network infrastructure visualization, automated policy tuning driven by impact evaluation of threats, advanced IPS, custom application discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting options, and APIs for host input and databases. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be handled via Cisco's ASA 5500-X on-device ASDM or the ASA 5500-X CLI.

Cisco ASA 5500 Adaptive Security Appliances
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage engineering developed for Cisco's PIX 500 Series firewall, the Cisco IPS 4200 sensor, and the Cisco VPN 3000 family concentrator. These solutions enable the Cisco Adaptive Security Appliances Firewall product line to offer a platform that defends against the broadest range of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls provide application protection, local containment, and safe Virtual Private Network connectivity across Cisco's product line. This broad scope of protection enables defense of any network segment, which includes the most typical threat vectors such as remote sites, locally-connected internal users, and remote connected VPNs.

Cisco ASA 5500 Consulting Services and Troubleshooting
The scalable design of the ASA 5500 Series permits you to add features via security service modules (SSMs) and cards. These easy-to-install options give you the option of adding IPS and content protection functions such as blocking virus, spyware, and phishing assaults and performing data and web screening. Beside enabling your IT staff to react rapidly to the latest risk vectors, the extensible architecture of the ASA 5500 family also protects your capital investment by prolonging the life of your security appliances. The Cisco ASA 5500 family also leverages your investment in IT staff training by utilizing the familiar set of PIX security management tools and protocols such as the Cisco Adaptive Security Device Manager system, secure command-line interface availability, syslog, and SNMP.

Cisco Adaptive Security Appliances (ASA) firewalls provide a high-level of application protection through intelligent, application-sensitive inspection processes that examine network flows at Layers 4-7. The result is a more secure network including Web, voice, and mobile wireless access. To protect against application-layer attacks and to offer stronger policing of the applications and protocols utilized in their networks, these inspection engines incorporate extensive application and protocol knowledgebases and employ protection enforcement technologies that include protocol anomaly detection and application and protocol state tracking. Also included are assault sensing and remediation technology including application/protocol command filtering and URL deobfuscation. Cisco ASA 5500 Series firewall inspection engines also deliver control over IM and peer-to-peer file sharing, enabling businesses to enforce usage policies and free up network bandwidth for important business processes.

For more information about Progent's consulting services for Cisco's ASA 5500 firewalls, go to Cisco ASA 5500 series firewalls configuration and debugging support.

Cisco PIX Firewall Appliances
Based around a tested, specialized operating system that delivers rich protection services, Cisco PIX firewall appliances provide a high level of security and have been awarded EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. PIX firewalls provide security for a broad range of Voice over IP and additional mixed-media conventions such as H.323 v. 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and MGCP, enabling organizations to protect deployments of a broad range of current and next-generation VoIP and video applications.

PIX Security Experts
PIX security appliances offer a variety of configuration, monitoring, and analysis options, giving businesses the versatility to use the techniques that best meet their needs. Management options include common, policy-based management tools, integrated web-based management, and support for remote-tracking protocols such as SNMP and syslog. The integrated Adaptive Security Device Manager interface offers a world-class Web-accessible control platform that greatly streamlines the deployment, in-place modification, and monitoring of a specific PIX security appliance without requiring any additional software beyond a standard browser and Java applet to be running on an administrator's PC.

IT managers can also remotely set up, monitor, and troubleshoot PIX firewalls using a CLI interface. Safe CLI interface access is available using a number of methods such as Secure Shell (SSHv2) Protocol, Telnet over IP Security, and out-of-band through a console port. PIX security appliances also include robust auto-update capabilities, a collection of advanced secure remote-management options that ensure security settings and software images are always current.

For additional information about Progent's consulting services for PIX 500 security appliances, go to PIX firewalls integration and debugging support.

Progent's PIX to ASA Migration Support
Since Cisco has stopped selling the PIX product line, many businesses are uncomfortable with depending on a critical infrastructure component that may stop being supported. ASA 5500 security appliances have the advantage of being current devices and also offer a number of technical and budgetary benefits in comparison to PIX 500 firewalls. These benefits include substantially higher throughput, optional Secure Sockets Layer tunneling capability, and an expandable architecture that guards your investment by enabling you to self-install new security features when and if you require them. Progent's Cisco experts can help you to assess the business case for migrating from PIX to ASA 5500 firewalls, create a migration plan that allows for a fast and non-disruptive upgrade, help your IT staff to deploy new ASA 5500 firewalls, and provide remote training, consulting, and technical support services.

Other Ways Progent Can Assist Your Business with Cisco ASA and PIX Security Appliances
Cisco Cisco ASA Series adaptive security appliances and PIX security appliances provide a wealth of setup, tracking, and troubleshooting features that offer you the ability to set up these firewalls to align optimally with your business needs. Progent's CCIE certified network consultants can show you how to design an efficient network infrastructure that includes Cisco ASA or PIX firewalls and that provides world-class security, fault tolerance, throughput, and manageability. Progent's GISA and CISM-certified IS security experts can help you to develop a security strategy appropriate for your environment and can configure your PIX or ASA firewall to support your security policies. Progent's security evaluation consultants can assess the effectiveness of your existing firewall deployment and help determine the overall security of your whole IS environment. Progentís Technical Response Center can deliver urgent remote troubleshooting for Cisco technology and can give you fast access to a Cisco CCIE network engineer.

For more information concerning Progent's professional support for Cisco networking products, select a subject:

To find out additional information about Progent's consulting support for Cisco networking products, pick a subject:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

If you wish to get in touch with Progent about technical assistance for Cisco products, phone 1-800-993-9400 or refer to Contact Progent.