Ciscoís ASA 5500-X, ASA 5500, and PIX firewalls offer combined firewall, VPN, and IPS services in single-box devices, delivering a broad array of features to meet the security requirements of companies from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances enable IT security teams to protect their network edge and provide safe remote access while using powerful management mechanisms based on Cisco's world-class firewall products.
Ciscoís ASA 5500 Series and PIX firewalls have reached end-of-life (EOL) status but are still widely deployed in small and mid-size organizations as well as in some enterprise data centers. The ASA 5500-X Next-Generation Firewalls represent significantly more bang for the buck and have superseded Cisco's ASA 5500 and PIX lines of firewalls for new deployments. However, Cisco's legacy firewalls, if properly managed, can deliver a high degree of security by supplying multiple services including firewall, VPN tunneling, and IPS.
Since Cisco's acquisition of Sourcefire, the entire line of ASA 5500-X firewalls can be configured to support Firepower Services, built on Sourcefire's Snort product, which is the market's most deployed network intrusion protection system. Firepower services provide enhanced features including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco CCIE-certified network consultants can assist your organization to support and troubleshoot legacy ASA 5500 and PIX firewalls and can also assist you to design and implement a smooth migration to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to plan, integrate, optimize, administer and debug new firewall ecosystems based on Cisco's latest ASA 5500-X firewalls with Firepower Services.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X firewalls includes an enhanced replacement for each rack-mountable unit in the previous ASA 5500 series of firewalls. Each ASA 5500-X firewall targets the identical environment as the corresponding previous models, which offers most ample room for picking a solution that meets their security requirements and IT budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and are capable of running Cisco's powerful protection services. All models in Cisco's ASA 5500-X product line deliver consistent protection across any combination of physical, virtual, and cloud environments.
For additional information about ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for ASA 5500-X firewalls, go to Firepower integration and troubleshooting consulting
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances accept software or hardware modules that enable Firepower Services, which provide layered defense against advanced threats. Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA security appliances include:
- Layered protection against both familiar and zero-day attacks
- Advanced Malware Protection that utilizes big data techniques to discover and mitigate security breaches
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers clients, infrastructure, software applications, and content to detect threats that incorporate multiple approaches
- High-resolution Application Visibility and Control (AVC that is aware of thousands of applications and can automatically activate standard and customized IPS policies depending on the severity of threats
Firepower Services for ASA firewalls provide multi-layered protection
Smaller implementations of ASA 5500-X firewalls can be effectively managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool which is provided with all ASA 5500-X models. ASDM provides a convenient web console for configuring, managing, and troubleshooting ASA 5500-X devices and modules.
For more complex deployments, ASA 5500-X appliances with Firepower Services can be administered with Firepower Management Center, available as one or several physical units or virtual appliances. Firepower Management Center offers unified firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection. Because of ongoing rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names that include Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center provides capabilities unavailable with Cisco's on-box ASDM utility. Extra features include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for user devices, a console that provides real-time infrastructure visualization, automated policy optimization driven by impact evaluation of threats, advanced IPS, custom application discovery for Application Visibility and Control (AVC), customized health notifications, enhanced reporting features, and APIs for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed using the on-device ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls build on engineering behind the Cisco PIX 500 family firewall, the IPS 4200 sensor, and the Cisco VPN 3000 Series concentrator. These solutions enable the Cisco Adaptive Security Appliances 5500 Series Firewall product line to deliver a firewall that stops the broadest range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide application protection, network containment, and safe Virtual Private Network connectivity throughout Cisco's product line. This broad scope of protection enables the guarding of any network segment, including the most common threat vectors like remote sites, locally-connected internal users, and remote connected VPNs.
The scalable design of the ASA 5500 family allows you to add features by installing security service modules and cards. These user-installable options give you the option of adding IPS and content protection functions like blocking virus, spyware, and phishing assaults and performing file and web screening. In addition to allowing your IT staff to respond rapidly to new threat vectors, the expandable design of the ASA 5500 Series also leverages your hardware investment by prolonging the useful life of your security appliances. The Cisco ASA 5500 Series also protects your investment in IT staff training by supporting the familiar library of PIX 500 security management utilities and protocols such as the Cisco ASDM platform, protected command-line interface (CLI) access, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco ASA firewalls deliver robust application protection through intelligent, application-aware inspection engines that analyze traffic at Layers 4-7. This results in a better protected environment including Web, voice, and mobile wireless services. To protect networks against application-layer attacks and to offer stronger control over the applications and protocols utilized in their environments, these inspection engines incorporate broad application and protocol knowledge and rely on protection enforcement technologies such as protocol anomaly sensing and application and protocol state tracking. Also included are attack detection and remediation techniques including application/protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver control over IM and tunneling applications, enabling businesses to police usage policies and free up network bandwidth for important business applications.
For additional information about Progent's consulting services for ASA 5500 firewalls, go to Cisco ASA 5500 firewalls configuration and troubleshooting services.
PIX Security Appliance Series
Built upon a tested, specialized software platform that offers a wealth of security features, Cisco PIX firewalls provide a high level of security and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security qualification. Cisco PIX security appliances offer protection for a wide range of Voice over IP and other multimedia conventions such as H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol (MGCP), helping businesses to protect installations of a broad range of current and upcoming Voice over IP and video applications.
Cisco PIX firewall appliances feature a variety of setup, monitoring, and analysis features, providing IT managers the flexibility to use the methods that best match their needs. Administrative options include centralized, policy-based administration utilities, integrated web-accessible administration, and compatibility with remote-tracking protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system offers a powerful Web-based control platform that significantly simplifies the deployment, ongoing configuration, and tracking of a specific PIX security appliance without the need of any additional utility beyond a standard Web browser and Java applet to be running on an administrator's PC.
IT managers can furthermore remotely set up, monitor, and analyze Cisco PIX firewalls using a command-line interface. Safe command-line interface (CLI) communication is possible through several techniques such as Secure Shell (SSHv2) Protocol, Telnet over IPsec, and out-of-band via a console port. Cisco PIX firewalls also have dependable auto-update features, a set of advanced secure remote-administration options that ensure security configurations and software images are kept current.
For more information about Progent's consulting services for Cisco PIX 500 firewalls, see Cisco PIX firewalls integration and debugging services.
Progent's PIX to ASA Migration Consulting
Since Cisco has discontinued selling the PIX family of firewalls, many businesses are concerned about depending on a key security mechanism that might stop being supported by Cisco. Cisco ASA 5500 firewalls offer the benefit of being new products and also offer a number of functions and economic advantages in comparison to PIX firewalls. These advantages include substantially higher throughput, optional Secure Sockets Layer VPN support, and a modular design that protects your investment by enabling you to add new security services when and if you need them. Progent's CCIE-certified network engineers can assist your company to determine the strategic case for upgrading from PIX 500 to ASA 5500 security appliances, create a migration process that allows for a fast and non-disruptive changeover, help your IT staff to set up new ASA 5500 appliances, and provide remote training, consulting, and technical support services.
Additional Ways Progent Can Help You with Cisco ASA and PIX Firewalls
Cisco's ASA Series adaptive security appliances and PIX family firewalls provide an array of configuration, tracking, and troubleshooting features that offer you the flexibility to set up these security appliances to match your company's needs. Progent's CCIE authorized network experts can help you to install an efficient infrastructure that incorporates Cisco ASA or PIX firewall technology and that offers world-class protection, resilience, throughput, and recoverability. Progent's CISA and CISM-premier information security consultants can assist you to develop a security policy appropriate for your environment and can set up your firewall to enforce your security strategy. Progent's risk assessment engineers can assess the effectiveness of your existing firewall deployment and help determine the overall security of your whole IS network. Progentís Help Desk support team can deliver emergency online technical support for Cisco technology and offer fast access to a Cisco expert.
To find out more information concerning Progent's engineering support for Cisco technology, choose a subject:
To see more information about Progent's engineering assistance for Cisco networking products, choose a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To get in touch with Progent about technical expertise for Cisco products, call 1-800-993-9400 or visit Contact Progent.