Ciscoís ASA 5500-X Series, ASA 5500, and PIX 500 firewall appliances provide combined firewall, IPsec VPN, and intrusion prevention system (IPS) capabilities in single-box packages, delivering a wide range of features to meet the security and compliance requirements of companies ranging from small and mid-size businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X Series, ASA 5500, and PIX firewall appliances enable network security staffs to protect their network perimeter and offer secure offsite and mobile access while utilizing powerful management tools built on Cisco's world-class firewall products.
Ciscoís ASA 5500 and PIX firewall appliances have arrived at end-of-life (EOL) status but remain widely deployed in smaller businesses and in a few enterprise networks. Ciscoís ASA 5500-X Next-Generation Firewalls deliver significantly more bang for the buck and have supplanted the ASA 5500 and PIX 500 families of firewalls for new deployments. However, Cisco's older model firewalls, if properly managed, can deliver a high degree of protection by providing multiple services such as stateful firewall, Virtual Private Network (VPN) connections, and IPS.
After Cisco's purchase of Sourcefire, the whole line of ASA 5500-X devices can be provisioned to support Firepower Services, built on Sourcefire's Snort product, which is the world's most deployed intrusion protection system (IPS). Firepower services provide enhanced features including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco CCIE-premier network engineers can help you to maintain and debug older ASA 5500 and PIX firewalls and can also help you to plan and carry out a smooth upgrade to Ciscoís ASA 5500-X firewalls with Firepower. Progent can also assist you to plan, deploy, optimize, administer and troubleshoot new firewall ecosystems built on Cisco's latest ASA 5500-X firewalls with Firepower Services.
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive family of ASA 5500-X security appliances features an improved replacement for every rack-mountable unit in the older ASA 5500 series of devices. Each ASA 5500-X model targets the identical market as the associated earlier models, which gives most plenty of room for picking a firewall that aligns with their security requirements and budgets. All ASA 5500-X products build on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and support Cisco's powerful protection services. All devices in Cisco's ASA 5500-X family deliver consistent security across any combination of physical, virtual, and cloud environments.
For more details about Cisco's ASA 5500-X security appliances, Cisco Firepower services, and Progent's support for ASA 5500-X security appliances, see Firepower integration and troubleshooting expertise
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls work with either software or physical modules that enable Firepower Services, which provide layered defense against advanced threats. Cisco's Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA security appliances include:
- Layered defense against familiar and new attacks
- Cisco's Advanced Malware Protection (AMP) that uses big data to find and mitigate security breaches
- Cisco's Next-Generation Intrusion Prevention System that performs contextual analysis that looks at users, network infrastructure, apps, and content to detect attacks that incorporate multiple vectors
- Fine-grained Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically activate standard and custom IPS policies based on the degree of threats
Firepower Services for Cisco ASA 5500-X firewalls provide multi-layered threat protection
Smaller deployments of ASA 5500-X firewalls can be effectively managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility included with all ASA 5500-X versions. ASDM includes an easy-to-use web dashboard for deploying, managing, and troubleshooting ASA 5500-X appliances and service modules.
For more complex environments, ASA 5500-X firewalls with Firepower Services can be managed with Firepower Management Center, available as one or more physical units or virtual devices. Cisco's Firepower Management Center offers unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Due to frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under several names including Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Firepower Management Center offers capabilities beyond those available with Cisco's on-box Adaptive Security Device Manager tool. Additional capabilities include greater context awareness, Advanced Malware Protection (AMP) with remediation for user devices, a console that provides dynamic network infrastructure visualization, automated policy optimization driven by impact evaluation of threats, comprehensive IPS, custom app detectors for Application Visibility and Control (AVC), customized health notifications, enhanced reporting features, and application interfaces for host input and database access. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be handled via the on-device ASDM or the ASA command line interface.
Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls leverage technology behind Cisco's PIX 500 Series firewall, Cisco's IPS 4200 sensor, and the VPN 3000 Series concentrator. These solutions enable the Cisco ASA Firewall product line to offer a firewall that defends against the broadest variety of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver application security, network containment and control, and clean VPN functionality across the entire product line. This breadth of security allows defense of any network section, including the most typical threat conduits such as remote sites, LAN-connected internal users, and off-site connected VPNs.
The scalable design of the Cisco ASA 5500 Series permits you to add more features by installing security service modules (SSMs) and security service cards. These easy-to-install enhancements provide the option of adding IPS and content protection functions such as blocking virus, worms, and phishing assaults and executing data and URL screening. In addition to allowing your IT staff to react rapidly to the latest risk environments, the extensible architecture of the Cisco ASA 5500 Series also leverages your hardware investment by increasing the useful life of your security appliances. The Cisco ASA 5500 Series also leverages your investment in administrative team education by utilizing the familiar set of PIX 500 management utilities and protocols such as the Cisco ASDM platform, secure command-line interface (CLI) availability, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide robust application protection via smart, application-sensitive inspection processes that examine traffic at Layers 4-7. The result is a better protected environment including Web, voice, and 3G-mobile wireless access. To protect networks against application-layer attacks and to offer better policing of the programs and protocols utilized in their networks, these inspection engines integrate extensive application and protocol knowledgebases and rely on security enforcement solutions such as protocol anomaly sensing and state monitoring. Also incorporated are attack sensing and mitigation technology including application and protocol command filtering and URL deobfuscation. Cisco ASA firewall inspection engines also provide management of IM and tunneling applications, allowing businesses to police usage policies and free up bandwidth for critical business processes.
For more information about Progent's support services for Cisco's ASA 5500 security appliances, go to ASA 5500 firewalls configuration and troubleshooting services.
PIX Security Appliance Series
Built around a tested, purpose-built operating system that delivers a wealth of protection features, Cisco PIX security appliances offer a high level of security and have been awarded EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. Cisco PIX security appliances offer protection for a wide range of VoIP and additional mixed-media conventions including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and MGCP, enabling businesses to safeguard installations of a broad range of current and upcoming Voice over IP and mixed-media applications.
Cisco PIX firewalls offer a wealth of setup, monitoring, and troubleshooting options, giving businesses the versatility to utilize the methods that most closely meet their requirements. Management solutions include centralized, policy-based management utilities, integrated web-accessible management, and support for remote-tracking standards such as SNMP and syslog. The integrated ASDM interface offers a world-class Web-accessible control solution that significantly streamlines the deployment, ongoing modification, and monitoring of a specific PIX security appliance without the need of any extra software beyond a standard browser and Java plug-in to be installed on an administrator's PC.
IT managers can also remotely set up, track, and analyze PIX firewall appliances via a command-line interface (CLI). Secure command-line interface communication is possible through a number of techniques such as Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. Cisco PIX firewalls also include robust automatic-update capabilities, a set of revolutionary secure remote-management services that make sure that firewall configurations and software images are always up to date.
For more information about Progent's consulting services for PIX 500 firewalls, visit PIX 500 firewalls configuration and troubleshooting support.
Progent's PIX to ASA Migration Consulting Services
Since Cisco has ceased offering the PIX family of firewalls, many businesses are concerned about relying on a key infrastructure component that may no longer be supported by Cisco. Cisco ASA 5500 security appliances offer the benefit of being new products and also offer a number of technical and financial advantages in comparison to PIX 500 devices. These benefits include substantially better throughput, optional Secure Sockets Layer VPN support, and an expandable architecture that guards your investment by allowing you to self-install new security services whenever you require them. Progent's CCIE-certified experts can help you to assess the business case for migrating from PIX 500 to Cisco ASA 5500 security appliances, create a migration process that allows for a fast and non-disruptive changeover, help you to deploy new ASA 5500 appliances, and provide online, consulting, and troubleshooting services.
Other Ways Progent Can Assist You with Cisco Firewalls
Cisco's Cisco ASA 5500 Series firewalls and PIX family firewalls provide a wealth of configuration, monitoring, and troubleshooting features which give you the flexibility to configure these security appliances to align optimally with your business needs. Progent's CCIE certified network consultants can help you to and support a cost-effective infrastructure that includes Cisco ASA and/or PIX firewalls and that offers advanced protection, fault tolerance, performance, and recoverability. Progent's GISA and CISM-certified information security engineers can assist you to develop a security strategy that makes sense for your business and can configure your firewall to support your security policies. Progent's security evaluation professionals can assess the strength of your existing firewall deployment and help determine the overall security of your entire IT network. Progentís Help Desk support team can deliver emergency online technical support for Cisco technology and offer quick access to a Cisco CCIE expert.
To learn more information about Progent's engineering support for Cisco solutions, choose a subject:
To find out additional details about Progent's professional help for Cisco technology, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to get in touch with Progent about professional help for Cisco technology, phone 1-800-993-9400 or refer to Contact Progent.