Ciscoís ASA 5500-X Series, ASA 5500, and PIX 500 firewalls provide integrated firewall, VPN, and intrusion prevention system capabilities in compact single-box devices, delivering a broad array of features to meet the security and compliance needs of organizations ranging from small and mid-size businesses to enterprises and ISPs. Ciscoís ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances allow IT security staffs to defend their network perimeter and offer safe offsite and mobile access while using advanced management tools based on Cisco's industry-leading firewall products.
Ciscoís ASA 5500 and PIX 500 firewall appliances have reached end-of-life status but are still widely deployed in smaller organizations as well as in a few enterprise data centers. The ASA 5500-X Series Next-Generation Firewalls represent substantially more bang for the buck and have superseded Cisco's ASA 5500 and PIX families of firewalls for new deployments. However, Cisco's legacy firewall appliances, if properly maintained, can deliver a high degree of protection by supplying a variety of services such as stateful firewall, VPN, and IPS.
Since Cisco's purchase of Sourcefire, the whole family of ASA 5500-X devices can be provisioned to support Firepower Services, based on Sourcefire's Snort technology, which is the market's most popular network intrusion protection system (IPS). Firepower services provide enhanced features including advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco-certified infrastructure consultants can assist you to maintain and troubleshoot older ASA 5500 and PIX firewall appliances and can also help you to plan and carry out an efficient upgrade to Ciscoís ASA 5500-X firewalls with Firepower. Progent can also assist you to plan, configure, optimize, administer and troubleshoot new firewall ecosystems based on Cisco's latest ASA 5500-X firewalls with Firepower Services.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X security appliances includes an improved substitute for every rack-mountable model in the older ASA 5500 series of firewalls. Each ASA 5500-X firewall targets the identical environment as the corresponding previous models, which gives most plenty of choice for picking a solution that meets their security needs and budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore processors and support Cisco's advanced security services. All devices in Cisco's ASA 5500-X family provide dependable security across any mix of physical, virtual, and cloud environments.
For more details about ASA 5500-X security appliances, Firepower services, and Progent's support for ASA security appliances, see Cisco Firepower integration and troubleshooting consulting
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances accept either software or hardware modules that enable Firepower Services, which offer layered defense against multi-vector attacks. Firepower Services are based on innovative technology adopted by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA firewalls include:
- Layered defense against both familiar and zero-day threats
- Advanced Malware Protection (AMP) that uses big data techniques to find and mitigate security breaches
- Cisco's Next-Generation Intrusion Prevention System that performs contextual analysis that covers clients, network infrastructure, apps, and content to discover threats that incorporate multiple approaches
- Fine-grained Application Visibility and Control (AVC that is familiar with thousands of apps and can automatically activate standard and custom IPS policies based on the severity of risk
Firepower Services for ASA 5500-X firewalls offer multi-layered security
Smaller deployments of ASA firewalls can be efficiently managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all ASA 5500-X models. ASDM includes an easy-to-use web dashboard for configuring, administering, and troubleshooting ASA 5500-X appliances and service modules.
For more complex environments, ASA 5500-X firewalls with Firepower Services can be managed with Firepower Management Center, available as one or several physical or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to ongoing rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under several names including Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Firepower Management Center offers features unavailable with Cisco's on-device Adaptive Security Device Manager utility. Extra features include expanded context awareness, Cisco's Advanced Malware Protection with mitigation for client devices, a dashboard that offers dynamic network visualization, automated policy tuning based on impact assessment of attacks, advanced IPS, custom application detectors for Application Visibility and Control (AVC), customized health notifications, improved reporting options, and application interfaces for host input and database access. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be managed using Cisco's ASA 5500-X on-box ASDM or the ASA command line interface.
Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls build on engineering developed for the Cisco PIX 500 Series Security Appliance, Cisco's IPS 4200 family Intrusion Prevention System, and the VPN 3000 model concentrator. These solutions converge on the Cisco ASA Firewall family to deliver a firewall that stops the broadest range of attacks. Cisco ASA 5500 Series Firewalls provide program security, network containment, and clean VPN functionality throughout Cisco's product line. This breadth of protection allows defense of any network segment, which includes the most common threat vectors such as remote locations, LAN-connected internal users, and off-site access Virtual Private Networks.
The expandable design of the ASA 5500 family enables you to add more security services via security service modules (SSMs) and cards. These easy-to-install enhancements give you the ability to add IPS and content protection functions such as filtering virus, spyware, and phishing assaults and executing data and URL screening. Beside enabling you to respond quickly to the latest risk environments, the expandable architecture of the Cisco ASA 5500 family also leverages your capital investment by increasing the life of your firewalls. The Cisco ASA 5500 Series also protects your investment in administrative staff training by utilizing the familiar library of PIX 500 management utilities and protocols including the Cisco Adaptive Security Device Manager (ASDM) platform, protected command-line interface access, verbose syslog, and Simple Network Management Protocol.
Cisco ASA 5500 Series firewalls deliver a high-level of application security via smart, application-aware inspection processes that analyze network flows at Layers 4-7. This results in a safer network including Web, voice, and mobile wireless services. To protect against application-layer attacks and to provide stronger control over the applications and protocols used in their environments, these inspection engines integrate broad application and protocol knowledgebases and rely on protection enforcement technologies that include protocol anomaly sensing and state tracking. Also incorporated are assault sensing and remediation technology including application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, allowing organizations to enforce usage policies and preserve network bandwidth for important business applications.
For more details about Progent's support services for Cisco's ASA 5500 firewalls, visit ASA 5500 series firewalls integration and debugging consulting.
PIX Firewall Appliances
Based around a hardened, purpose-built software platform that offers a wealth of protection features, PIX security appliances provide excellent protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec qualification. PIX firewalls offer security for a broad array of Voice over IP and other mixed-media standards including H.323 Version 4, Session Initiation Protocol (SIP), SCCP, RTSP, and Media Gateway Control Protocol, helping organizations to safeguard installations of a broad array of current and next-generation IP voice and mixed-media applications.
PIX firewalls offer a wealth of setup, monitoring, and troubleshooting options, giving businesses the versatility to utilize the techniques that most closely meet their requirements. Management solutions include centralized, policy-based management utilities, integrated web-based administration, and compatibility with remote-tracking standards such as Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a powerful Web-accessible control solution that greatly simplifies the deployment, ongoing configuration, and monitoring of a specific Cisco PIX firewall without the need of any additional utility other than an ordinary Web browser and Java applet to be running on an administrator's computer.
Administrators can also remotely set up, monitor, and analyze Cisco PIX security appliances using a command-line interface. Safe command-line interface access is available using a number of techniques including SSHv2 Protocol, Telnet over IP Security, and out-of-band via a console port. Cisco PIX firewall appliances also have dependable auto-update capabilities, a set of revolutionary protected remote-administration options that ensure security settings and software images are always up to date.
For additional information about Progent's consulting services for PIX 500 security appliances, go to PIX firewalls integration and debugging support.
Progent's PIX to ASA Migration Support
Because Cisco has ceased offering the PIX product line, many companies are concerned about relying on a critical security component that may no longer be supported by Cisco. ASA 5500 security appliances offer the advantage of being current products and also bring several functions and economic benefits in comparison to PIX devices. These benefits include substantially higher throughput, optional SSL VPN capability, and a modular architecture that protects your investment by allowing you to self-install new security services whenever you need them. Progent's Cisco network engineers can assist your company to assess the strategic case for moving from PIX 500 to Cisco ASA 5500 security appliances, design a migration plan that permits a quick and non-disruptive upgrade, assist you to configure new ASA 5500 Series appliances, and offer online, consulting, and troubleshooting services.
Other Ways Progent Can Help You with Cisco Firewalls
Cisco Cisco ASA Series firewalls and PIX family security appliances provide a wealth of setup, tracking, and troubleshooting options that give you the flexibility to deploy these firewalls to match your business requirements. Progent's CCIE authorized network professionals can help you to install an efficient infrastructure that incorporates Cisco ASA and/or PIX firewall technology and that offers world-class security, fault tolerance, throughput, and manageability. Progent's CISA and CISM-premier information security experts can assist you to develop a security strategy appropriate for your situation and can set up your PIX or ASA firewall to enforce your security strategy. Progent's risk assessment engineers can evaluate the strength of your existing firewall deployment and audit the security of your whole IT environment. Progentís Technical Response Center (TRC) can provide urgent online troubleshooting for Cisco technology and offer fast access to a Cisco network engineer.
To see additional information about Progent's engineering help for Cisco technology, select a topic:
To see additional details concerning Progent's consulting assistance for Cisco technology, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to get in touch with Progent about technical help for Cisco products, phone 1-800-993-9400 or go to Contact Progent.