Ciscoís ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls provide integrated firewall, VPN, and intrusion prevention system services in single-box packages, delivering a broad array of features to match the security and compliance requirements of organizations from small and mid-size businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewalls enable IT security teams to protect their network edge and provide secure offsite and mobile connectivity while utilizing powerful management mechanisms based on Cisco's world-class firewall products.
Ciscoís ASA 5500 and PIX 500 firewall appliances have reached end-of-life (EOL) status but are still commonly deployed in small and mid-size organizations as well as in some enterprise data centers. The ASA 5500-X Next-Generation Firewalls represent significantly more value and have supplanted the ASA 5500 and PIX 500 families of firewalls for new installations. Still, Cisco's older model firewall appliances, if properly maintained, can offer a high degree of security by providing a variety of features including stateful firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's purchase of Sourcefire, the entire line of Cisco ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort technology, which is the world's most popular network intrusion protection system. Firepower services bring powerful new features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco-certified network consultants can help you to support and troubleshoot older ASA 5500 Series and PIX 500 firewalls and can also assist you to plan and implement a smooth upgrade to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also help you to design, deploy, tune, administer and debug new firewall solutions based on Cisco's latest ASA 5500-X models with Firepower.
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive family of ASA 5500-X firewalls features an enhanced replacement for each rack-mountable model in the older ASA 5500 series of devices. Each ASA 5500-X model targets the same market as the corresponding earlier models, which offers small and midsize businesses plenty of choice for picking a solution that aligns with their security requirements and IT budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and are capable of running Cisco's advanced protection services. All devices in Cisco's ASA 5500-X family provide consistent security across any mix of physical, virtual, and cloud deployments.
For more information about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's support for ASA 5500-X security appliances, see Firepower integration and troubleshooting expertise
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with software or hardware modules that enable Cisco's Firepower Services, which offer layered protection against sophisticated threats. Firepower Services are powered by technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA firewalls include:
- Multi-layer protection against both familiar and new attacks
- Advanced Malware Protection (AMP) that utilizes big data to discover and mitigate intrusions
- Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that looks at clients, infrastructure, apps, and content to detect attacks that use multiple approaches
- Fine-grained Application Visibility and Control (AVC that is familiar with thousands of apps and can automatically activate standard and customized IPS policies based on the severity of risk
Firepower Services for Cisco ASA 5500-X firewalls offer multi-layered protection
Simpler deployments of Cisco ASA firewalls can be effectively managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool which is provided with all ASA 5500-X models. ASDM provides an easy-to-use web console for deploying, administering, and troubleshooting ASA 5500-X firewalls and service modules.
For more complex deployments, ASA 5500-X firewalls with Firepower can be managed with Cisco's Firepower Management Center, implemented as one or more physical units or virtual devices. Firepower Management Center offers unified firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection. Because of frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under several names including Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Cisco's Firepower Management Center offers capabilities unavailable with Cisco's on-box ASDM tool. Additional capabilities include greater context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for client devices, a dashboard that offers real-time network infrastructure visualization, automated policy optimization based on impact assessment of threats, comprehensive IPS, custom app detectors for Application Visibility and Control (AVC), customized health alerts, enhanced reporting features, and application interfaces for host input and databases. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed using the on-box ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls leverage technology behind Cisco's PIX 500 family Security Appliance, Cisco's IPS 4200 family sensor, and Cisco's VPN 3000 model concentrator. These technologies converge on the Cisco Adaptive Security Appliances Firewall product line to deliver a platform that defends against the broadest variety of attacks. Cisco Adaptive Security Appliances Firewalls provide application security, local containment and control, and safe VPN functionality throughout the entire product line. This breadth of security enables the guarding of any network section, which includes the most typical threat vectors like remote locations, LAN-attached inside users, and off-site access VPNs.
The scalable design of the Cisco ASA 5500 Series permits you to add more security services via security service modules (SSMs) and security service cards. These easy-to-install enhancements provide the ability to add IPS and content protection services like filtering virus, spyware, and phishing assaults and executing data and URL filtering. Beside allowing you to respond quickly to the latest risk environments, the extensible design of the ASA 5500 Series also protects your capital investment by prolonging the useful life of your security appliances. The ASA 5500 family also leverages your investment in IT staff education by supporting the familiar set of PIX management tools and protocols including the Cisco Adaptive Security Device Manager (ASDM) platform, protected command-line interface access, verbose syslog, and Simple Network Management Protocol.
Cisco ASA firewalls provide a high-level of application protection via intelligent, application-sensitive inspection processes that examine traffic at Layers 4-7. This produces a more secure network including Web, voice, and 3G-mobile wireless access. To defend against application-layer attacks and to provide better policing of the applications and protocols used in their networks, Cisco's inspection engines incorporate extensive application and protocol knowledgebases and employ protection enforcement solutions that include protocol anomaly sensing and application and protocol state tracking. Also included are attack sensing and remediation technology such as application/protocol command filtering and content verification. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide management of instant messaging and tunneling applications, enabling organizations to enforce usage policies and free up bandwidth for crucial business processes.
For additional details about Progent's consulting services for ASA 5500 firewalls, see ASA 5500 firewalls integration and troubleshooting services.
Built upon a hardened, purpose-built operating system that offers rich security features, PIX firewalls provide a high level of protection and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. Cisco PIX firewalls provide protection for a wide range of Voice over IP and additional multimedia standards including H.323 v. 4, Session Initiation Protocol (SIP), SCCP, RTSP, and Media Gateway Control Protocol (MGCP), enabling businesses to protect installations of a wide range of contemporary and next-generation Voice over IP and video applications.
PIX firewall appliances offer a wealth of setup, monitoring, and analysis options, giving businesses the versatility to utilize the techniques that most closely meet their needs. Management solutions include common, policy-based management utilities, integrated web-accessible administration, and support for remote-monitoring protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface offers a powerful Web-accessible management solution that greatly simplifies the deployment, ongoing configuration, and tracking of a single Cisco PIX security appliance without the need of any additional utility beyond an ordinary browser and Java plug-in to be installed on a manager's PC.
Administrators can furthermore remotely configure, monitor, and analyze Cisco PIX firewalls using a command-line interface. Secure CLI interface communication is available using a number of techniques such as SSHv2 Protocol, Telnet through IP Security, and out-of-band via a console port. PIX firewalls also have dependable auto-update capabilities, a collection of revolutionary protected remote-management options that ensure firewall configurations and software images are kept up to date.
For more information about Progent's consulting services for Cisco PIX 500 firewalls, go to Cisco PIX 500 firewalls configuration and troubleshooting consulting.
Progent's PIX to ASA Migration Consulting
Because Cisco has ceased selling the PIX 500 product line, many businesses are concerned about depending on a key infrastructure component that may no longer be supported by Cisco. ASA 5500 firewalls have the advantage of being new products and also bring a number of functions and financial benefits in comparison to PIX 500 firewalls. These advantages include substantially higher performance, optional SSL VPN support, and a modular architecture that protects your investment by enabling you to add new security services whenever you need them. Progent's CCIE-certified experts can assist you to assess the business case for migrating from PIX 500 to Cisco ASA 5500 security appliances, create a migration process that allows for a fast and seamless upgrade, help your IT staff to install new ASA 5500 appliances, and provide remote training, consulting, and troubleshooting services.
Other Ways Progent Can Help You with Cisco Firewalls
Cisco's ASA Series adaptive security appliances and PIX security appliances incorporate a wealth of configuration, tracking, and troubleshooting options that offer you the flexibility to configure these firewalls to match your company's needs. Progent's CCIE certified network consultants can help you to and support an efficient infrastructure that includes Cisco ASA and/or PIX firewalls and that offers advanced protection, resilience, throughput, and recoverability. Progent's GISA and CISM-premier information security professionals can assist your business to develop a security strategy that makes sense for your situation and can configure your security appliance to support your security strategy. Progent's security assessment consultants can assess the effectiveness of your current firewall solution and validate the security of your entire IT network. Progentís Technical Response Center can provide emergency online troubleshooting for Cisco products and offer fast access to a Cisco expert.
To learn additional details concerning Progent's engineering expertise for Cisco networking products, select a topic:
For additional details about Progent's professional expertise for Cisco technology, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To contact Progent about consulting help for Cisco products, call 1-800-993-9400 or refer to Contact Progent.