Ciscoís ASA 5500-X, ASA 5500, and PIX firewall appliances provide combined firewall, IPsec VPN, and IPS capabilities in compact single-box devices, delivering a wide range of features to meet the security requirements of organizations ranging from small businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X, ASA 5500, and PIX firewalls allow network security staffs to protect their network edge and provide secure offsite and mobile access while utilizing advanced management tools based on Cisco's world-class firewall products.
Ciscoís ASA 5500 and PIX firewalls have reached end-of-life (EOL) status but remain widely used in smaller organizations and in a few larger networks. The ASA 5500-X Series Next-Generation Firewalls deliver substantially more bang for the buck and have superseded Cisco's ASA 5500 and PIX lines of firewalls for new installations. However, Cisco's legacy firewalls, if carefully managed, can offer a high level of protection by providing multiple services including firewall, Virtual Private Network (VPN) connections, and IPS.
After Cisco's acquisition of Sourcefire, the whole family of ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort technology, which is the market's most deployed intrusion protection system (IPS). Firepower services bring enhanced features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco-premier infrastructure consultants can help you to maintain and debug legacy ASA 5500 and PIX firewalls and can also help you to plan and implement a smooth upgrade to Ciscoís ASA 5500-X Series firewalls with Firepower. Progent can also help you to plan, deploy, optimize, manage and troubleshoot new firewall solutions based on Cisco's current ASA 5500-X models with Firepower Services.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X firewalls includes an enhanced replacement for each rack-mountable model in the previous ASA 5500 line of firewalls. Each ASA 5500-X model targets the same market as the associated earlier models, which offers most plenty of choice for picking a solution that meets their security needs and budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and are capable of running Cisco's advanced protection services. All models in Cisco's ASA 5500-X product line provide dependable protection across any combination of physical, virtual, and cloud environments.
For additional information about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's consulting for ASA security appliances, go to Firepower integration and debugging expertise
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls accept software or physical modules that support Firepower Services, which offer layered defense against multi-vector threats. Firepower Services are based on technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X security appliances include:
- Multi-layer protection against both familiar and new attacks
- Cisco's Advanced Malware Protection (AMP) that uses big data to find and remediate security breaches
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers clients, infrastructure, software applications, and content to discover threats that use multiple vectors
- Fine-grained Application Visibility and Control (AVC that is aware of thousands of apps and can automatically launch standard and customized IPS policies based on the degree of risk
Firepower Services for ASA 5500-X firewalls provide multi-layered security
Simpler deployments of ASA 5500-X firewalls can be efficiently administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all ASA 5500-X versions. ASDM includes an easy-to-use web dashboard for deploying, managing, and troubleshooting ASA 5500-X devices and service modules.
For more complex deployments, ASA 5500-X firewalls with Firepower Services can be administered with Cisco's Firepower Management Center, implemented as one or several physical or virtual devices. Firepower Management Center provides unified firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection. Due to ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Cisco's Firepower Management Center provides capabilities unavailable with Cisco's on-box ASDM utility. Extra capabilities include greater context awareness, Advanced Malware Protection with mitigation for client devices, a console that provides real-time network visualization, automated policy tuning driven by risk evaluation of threats, comprehensive IPS, custom app discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting features, and APIs for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be handled using the on-box ASDM or the ASA command line interface.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls leverage technology behind the PIX 500 family firewall, the IPS 4200 family sensor, and the VPN 3000 family concentrator. These solutions enable the Cisco Adaptive Security Appliances Firewall product line to deliver a firewall that stops the widest range of attacks. Cisco Adaptive Security Appliances Firewalls deliver application security, network containment, and clean Virtual Private Network connectivity throughout Cisco's product portfolio. This breadth of protection enables defense of any network segment, which includes the most common threat conduits such as remote sites, locally-connected inside users, and remote connected VPNs.
The expandable design of the Cisco ASA 5500 family enables you to add more features via security service modules and security service cards (SSCs). These user-installable options provide the ability to add Intrusion Protection and content protection functions like blocking virus, worms, and phishing assaults and performing data and web screening. Beside allowing your IT staff to react rapidly to new threat environments, the extensible design of the ASA 5500 Series also leverages your hardware investment by prolonging the life of your firewalls. The Cisco ASA 5500 Series also leverages your investment in IT team training by supporting the familiar library of PIX management tools and protocols including the Cisco ASDM platform, secure command-line interface (CLI) access, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco ASA firewalls provide a high-level of application security via smart, application-sensitive inspection processes that analyze network flows at Layers 4-7. This results in a safer network covering Web, voice, and 3G-mobile wireless connectivity. To protect networks against application-layer assaults and to offer stronger policing of the applications and protocols utilized in their environments, these inspection engines incorporate broad application and protocol knowledge and rely on security enforcement solutions such as anomaly detection and state tracking. Also included are attack detection and remediation techniques including application/protocol command filtering and content verification. Cisco ASA firewall inspection engines also provide control over IM and tunneling applications, allowing businesses to enforce usage policies and conserve network bandwidth for critical business processes.
For additional information about Progent's support services for Cisco's ASA 5500 firewalls, see ASA 5500 series firewalls integration and troubleshooting support.
Cisco PIX Firewalls
Built upon a tested, purpose-built OS that delivers a wealth of protection services, Cisco PIX firewalls offer excellent protection and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IPsec certification. Cisco PIX firewall appliances provide security for a broad array of Voice over IP and additional multimedia standards such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol (MGCP), helping businesses to safeguard deployments of a broad array of current and upcoming Voice over IP and mixed-media applications.
PIX firewall appliances feature a variety of setup, monitoring, and troubleshooting options, providing businesses the flexibility to use the techniques that most closely meet their requirements. Management options include centralized, policy-based management tools, integrated web-accessible management, and support for remote-tracking protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager system offers a powerful Web-based management solution that significantly simplifies the installation, ongoing modification, and monitoring of a specific PIX security appliance without requiring any additional utility beyond a standard Web browser and Java plug-in to be installed on an administrator's computer.
Administrators can furthermore remotely configure, monitor, and analyze Cisco PIX security appliances using a command-line interface. Safe CLI interface access is possible through a number of methods such as Secure Shell (SSHv2) Protocol, Telnet over IP Security, and out-of-band through a console port. PIX firewalls also have dependable auto-update capabilities, a collection of revolutionary protected remote-management services that ensure firewall settings and software images are always current.
For additional information about Progent's support services for PIX security appliances, go to Cisco PIX firewalls configuration and debugging consulting.
Progent's PIX to ASA Migration Consulting
Since Cisco has ceased selling the PIX family of firewalls, many companies are concerned about depending on a critical security component that may no longer be supported. ASA 5500 firewalls have the benefit of being current devices and also offer several technical and financial benefits in comparison to PIX 500 firewalls. These benefits include significantly better throughput, optional SSL VPN support, and a modular architecture that guards your investment by allowing you to add new security services when and if you need them. Progent's CCIE-certified network engineers can help you to determine the strategic case for moving from PIX 500 to ASA 5500 firewalls, design a migration process that allows for a quick and seamless upgrade, help you to set up new ASA 5500 Series firewalls, and provide online, consulting, and troubleshooting services.
Other Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco's ASA Series adaptive security appliances and PIX firewalls incorporate an array of setup, monitoring, and troubleshooting options that give you the ability to set up these security appliances to align optimally with your business needs. Progent's CCIE authorized network experts can help you to install an efficient network infrastructure that incorporates Cisco ASA and/or PIX security appliances and that provides world-class protection, fault tolerance, performance, and recoverability. Progent's CISA and CISSP-ISSP-certified IS security experts can assist you to develop a security strategy that makes sense for your situation and can configure your security appliance to enforce your security strategy. Progent's risk assessment consultants can assess the effectiveness of your current firewall solution and help determine the security of your whole information system network. Progentís Help Desk Call Center can provide emergency remote troubleshooting for Cisco technology and can give you quick access to a Cisco CCIE network engineer.
To find out additional details concerning Progent's engineering support for Cisco solutions, select a subject:
To learn more information concerning Progent's professional assistance for Cisco technology, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to ask Progent about engineering assistance for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.