Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances offer combined firewall, IPsec VPN, and IPS capabilities in single-box devices, delivering a wide array of features to meet the security needs of organizations ranging from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX firewalls enable network security teams to protect their network edge and provide secure remote access while utilizing powerful administration mechanisms built on Cisco's industry-leading firewall products.
Ciscoís ASA 5500 and PIX 500 firewall appliances have arrived at end-of-life status but remain commonly used in small and mid-size organizations as well as in some larger data centers. Ciscoís ASA 5500-X Series Next-Generation Firewalls deliver significantly more value and have superseded the ASA 5500 and PIX families of firewalls for new installations. However, Cisco's older model firewall appliances, if properly managed, can offer a high level of security by providing multiple features including firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's purchase of Sourcefire, the whole line of Cisco ASA 5500-X firewalls can be provisioned to support Firepower Services, built on Sourcefire's Snort technology, which is the market's most popular network intrusion protection system. Firepower services provide powerful new capabilities including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco-certified infrastructure consultants can assist you to support and troubleshoot older ASA 5500 Series and PIX firewall appliances and can also help you to plan and carry out an efficient migration to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to plan, deploy, tune, manage and troubleshoot new firewall solutions built on Cisco's current ASA 5500-X models with Firepower.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive line of ASA 5500-X security appliances includes an enhanced replacement for each rack-mountable model in the older ASA 5500 generation of devices. Each ASA 5500-X model is suited for the identical market as the corresponding previous models, which gives most plenty of room for picking a solution that meets their security requirements and IT budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful security services. All models in Cisco's ASA 5500-X product line deliver consistent protection across any mix of physical, virtual, and cloud deployments.
For more information about ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for Cisco ASA security appliances, visit Firepower configuration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls accept software or hardware modules that support Cisco's Firepower Services, which offer layered defense against multi-vector threats. Cisco's Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA firewalls include:
- Layered defense against familiar and zero-day attacks
- Cisco's Advanced Malware Protection that utilizes big data to discover and mitigate security breaches
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that covers clients, network infrastructure, software applications, and content to detect threats that incorporate multiple vectors
- Fine-grained Application Visibility and Control that is aware of thousands of applications and can automatically launch both standard and customized IPS policies based on the degree of risk
Firepower Services for ASA firewalls provide multi-layered security
Smaller implementations of Cisco ASA 5500-X firewalls can be effectively managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all ASA 5500-X models. ASDM provides a convenient web console for deploying, managing, and troubleshooting ASA 5500-X devices and modules.
For multi-device and multi-site environments, ASA 5500-X appliances with Firepower Services can be administered using Cisco's Firepower Management Center, implemented as one or more physical units or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names that include Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Cisco's Firepower Management Center offers features unavailable with Cisco's on-box ASDM utility. Extra features include greater context awareness, Cisco's Advanced Malware Protection with mitigation for client devices, a console that provides real-time network visualization, automated policy tuning driven by risk assessment of threats, advanced IPS, custom app discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting features, and APIs for host input and databases. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be managed via the on-box ASDM or the ASA command line interface.
Cisco ASA 5500 Adaptive Security Appliances
Cisco ASA Firewalls build on engineering behind the PIX 500 firewall, the IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 Series concentrator. These solutions converge on the Cisco Adaptive Security Appliances Firewall product line to offer a firewall that defends against the widest range of attacks. Cisco ASA Firewalls provide program protection, local containment, and clean Virtual Private Network connectivity throughout the entire product line. This broad scope of security allows the guarding of any network section, including the most typical threat vectors like remote locations, LAN-attached inside users, and remote connected VPNs.
The expandable design of the ASA 5500 Series enables you to add services via service modules and cards. These user-installable options give you the ability to add Intrusion Protection and content protection functions like filtering virus, worms, and phishing assaults and performing file and URL filtering. In addition to allowing you to react quickly to new risk vectors, the expandable architecture of the ASA 5500 Series also protects your hardware investment by increasing the useful life of your firewalls. The ASA 5500 family also protects your investment in administrative staff training by utilizing the rich set of PIX security management utilities and protocols such as the Cisco ASDM system, protected command-line interface (CLI) availability, verbose syslog, and SNMP.
Cisco Adaptive Security Appliances (ASA) firewalls provide robust application protection via intelligent, application-aware inspection processes that analyze network flows at Layers 4-7. The result is a safer environment including Web, voice, and mobile wireless connectivity. To protect networks against application-layer attacks and to provide stronger policing of the programs and protocols used in their environments, these inspection engines incorporate extensive application and protocol knowledge and employ security enforcement technologies that include anomaly detection and state tracking. Also incorporated are assault sensing and mitigation techniques including application and protocol command filters and URL deobfuscation. Cisco ASA firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, enabling organizations to enforce usage policies and recover bandwidth for important business applications.
For additional details about Progent's consulting services for Cisco's ASA 5500 firewalls, visit ASA 5500 firewalls integration and debugging support.
Cisco PIX Firewalls
Based upon a tested, specialized operating system that offers rich security features, PIX firewalls provide a high level of protection and have earned EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. PIX firewalls provide protection for a broad array of Voice over IP and additional mixed-media conventions such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), enabling organizations to safeguard installations of a broad range of current and next-generation Voice over IP and video applications.
PIX security appliances feature a wealth of configuration, tracking, and troubleshooting features, giving businesses the flexibility to utilize the techniques that most closely meet their requirements. Administrative options include centralized, policy-based management tools, integrated web-accessible administration, and compatibility with remote-monitoring protocols like SNMP and syslog. The integrated Adaptive Security Device Manager system offers a world-class Web-based management solution that significantly simplifies the deployment, ongoing modification, and tracking of a single PIX firewall without the need of any extra utility beyond an ordinary Web browser and Java applet to be installed on a manager's computer.
Administrators can furthermore remotely configure, monitor, and analyze PIX firewalls using a command-line interface (CLI). Safe CLI interface access is available using several techniques including Secure Shell Protocol, Telnet through IPsec, and out-of-band via a console port. PIX firewall appliances also have dependable auto-update features, a collection of advanced secure remote-management services that make sure that firewall settings and software images are always current.
For additional details about Progent's support services for PIX 500 firewalls, see Cisco PIX firewalls integration and troubleshooting consulting.
Progent's PIX to ASA Migration Consulting Services
Because Cisco has discontinued selling the PIX 500 product line, many companies are uncomfortable with relying on a key infrastructure mechanism that might no longer be supported by Cisco. ASA 5500 security appliances have the benefit of being new devices and also offer several technical and financial advantages in comparison to PIX devices. These advantages include significantly higher performance, optional Secure Sockets Layer tunneling capability, and a modular design that protects your investment by enabling you to add new security services whenever you require them. Progent's CCIE-certified network engineers can help you to assess the business value of for upgrading from PIX 500 to ASA 5500 security appliances, design a migration plan that permits a fast and non-disruptive changeover, assist your IT staff to install new ASA 5500 Series appliances, and offer remote training, consulting, and troubleshooting services.
Additional Ways Progent Can Help You with Cisco ASA and PIX Security Appliances
Cisco's Cisco ASA Series firewalls and PIX family firewalls incorporate an array of configuration, monitoring, and analysis options that offer you the ability to configure these security appliances to match your business requirements. Progent's CCIE authorized network consultants can assist you to design an efficient network infrastructure that includes Cisco ASA and/or PIX firewalls and that offers advanced protection, resilience, performance, and manageability. Progent's GISA and CISSP-ISSP-certified information security engineers can help you to create a security policy that makes sense for your situation and can set up your security appliance to enforce your security policies. Progent's risk assessment professionals can evaluate the effectiveness of your existing firewall solution and validate the overall security of your whole IS environment. Progentís Technical Response Center (TRC) can deliver emergency remote troubleshooting for Cisco technology and offer quick access to a Cisco network engineer.
For more information concerning Progent's professional help for Cisco networking products, choose a subject:
To find out more information concerning Progent's consulting expertise for Cisco products, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to get in touch with Progent about engineering help for Cisco technology, call 1-800-993-9400 or visit Contact Progent.