Ciscoís ASA 5500-X Series, ASA 5500, and PIX 500 firewall appliances provide integrated firewall, VPN, and intrusion prevention system (IPS) services in compact single-box devices, delivering a wide range of features to meet the security requirements of companies ranging from small and mid-size businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls enable network security staffs to defend their network perimeter and provide secure remote access while using powerful administration mechanisms built on Cisco's industry-leading firewall products.
Ciscoís ASA 5500 Series and PIX firewalls have reached end-of-life (EOL) but are still commonly deployed in smaller organizations and in some enterprise networks. Ciscoís ASA 5500-X Next-Generation Firewalls represent significantly more value and have supplanted Cisco's ASA 5500 and PIX families of firewalls for new deployments. However, Cisco's older model firewall appliances, if carefully maintained, can offer a high degree of security by providing multiple services such as firewall, VPN tunneling, and IPS.
Following Cisco's purchase of Sourcefire, the entire line of ASA 5500-X devices can be configured to support Firepower Services, based on Sourcefire's Snort product, which is the world's most deployed network intrusion protection system (IPS). Firepower services bring enhanced features including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco CCIE-certified network engineers can assist your organization to support and debug legacy ASA 5500 Series and PIX 500 firewalls and can also help you to design and carry out an efficient migration to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to plan, deploy, tune, administer and debug new firewall solutions based on Cisco's latest ASA 5500-X firewalls with Firepower Services.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive family of ASA 5500-X security appliances features an enhanced substitute for each rack-mountable unit in the previous ASA 5500 generation of devices. Each ASA 5500-X firewall targets the identical market as the corresponding previous models, which gives small and midsize businesses plenty of choice for selecting a firewall that meets their security requirements and IT budgets. All ASA 5500-X products build on Cisco's tested stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and are capable of running Cisco's powerful security services. All devices in Cisco's ASA 5500-X family deliver consistent security across any combination of physical, virtual, and cloud deployments.
For additional details about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's consulting for Cisco ASA 5500-X security appliances, see Firepower configuration and debugging consulting
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances accept either software or hardware modules that enable Cisco's Firepower Services, which offer layered protection against multi-vector threats. Firepower Services are based on technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA security appliances include:
- Multi-layer protection against familiar and new threats
- Cisco's Advanced Malware Protection (AMP) that uses big data techniques to discover and mitigate intrusions
- A Next-Generation Intrusion Prevention System that provides contextual analysis that looks at clients, infrastructure, software applications, and content to detect threats that use simultaneous vectors
- Fine-grained Application Visibility and Control that is familiar with thousands of apps and can automatically activate standard and custom IPS policies based on the degree of threats
Firepower Services for ASA firewalls provide multi-layered protection
Smaller deployments of ASA firewalls can be efficiently managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool provided with all ASA 5500-X models. ASDM provides a simple web dashboard for configuring, managing, and debugging ASA 5500-X devices and modules.
For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower Services can be managed using Cisco's Firepower Management Center, implemented as one or more physical units or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection. Because of frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under several names including Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Cisco's Firepower Management Center offers capabilities unavailable with Cisco's on-box ASDM utility. Additional features include expanded context awareness, Advanced Malware Protection (AMP) with remediation for user devices, a console that provides real-time infrastructure visualization, automated policy optimization driven by impact assessment of threats, comprehensive IPS, custom application discovery for Application Visibility and Control, customized health notifications, enhanced reporting features, and APIs for host input and database access. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's ASA 5500-X on-device ASDM or the ASA CLI.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on technology developed for the Cisco PIX 500 firewall, Cisco's IPS 4200 Intrusion Prevention System, and Cisco's VPN 3000 Series concentrator. These technologies converge on the Cisco Adaptive Security Appliances Firewall family to offer a firewall that defends against the broadest range of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver program security, local containment and control, and clean VPN connectivity throughout Cisco's product portfolio. This breadth of security allows defense of any network area, including the most common attack vectors such as remote sites, LAN-connected inside users, and off-site connected VPNs.
The scalable design of the Cisco ASA 5500 Series permits you to add more security services via service modules and security service cards (SSCs). These easy-to-install enhancements give you the ability to add Intrusion Protection and content protection functions like blocking virus, worms, and phishing attacks and executing data and web filtering. In addition to enabling your IT staff to respond rapidly to new risk vectors, the extensible architecture of the ASA 5500 family also leverages your capital investment by increasing the life of your firewalls. The ASA 5500 Series also protects your investment in administrative staff education by utilizing the familiar library of PIX management tools and protocols including the Cisco Adaptive Security Device Manager (ASDM) platform, secure command-line interface availability, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco ASA firewalls provide a high-level of application security through smart, application-aware inspection processes that examine traffic at Layers 4-7. This produces a safer environment covering Web, voice, and mobile wireless connectivity. To defend networks against application-layer attacks and to provide better control over the applications and protocols utilized in their networks, Cisco's inspection engines incorporate broad application and protocol knowledge and employ protection enforcement technologies that include anomaly sensing and application and protocol state tracking. Also incorporated are attack detection and mitigation techniques such as application and protocol command filtering and URL deobfuscation. Cisco ASA firewall inspection engines also provide management of instant messaging and peer-to-peer file sharing, enabling organizations to police usage policies and free up network bandwidth for vital business applications.
For additional details about Progent's support services for ASA 5500 security appliances, see Cisco ASA 5500 firewalls configuration and troubleshooting consulting.
PIX Security Appliance Series
Built around a tested, specialized operating system that delivers a wealth of security services, Cisco PIX firewalls provide excellent security and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security certification. Cisco PIX firewall appliances offer protection for a wide array of VoIP and additional mixed-media conventions such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping businesses to protect installations of a wide range of contemporary and upcoming IP voice and mixed-media applications.
Cisco PIX security appliances feature a variety of configuration, tracking, and analysis features, giving IT managers the flexibility to utilize the techniques that most closely meet their requirements. Administrative solutions include common, policy-based administration tools, integrated web-based administration, and compatibility with remote-monitoring standards like SNMP and syslog. The integrated Adaptive Security Device Manager interface provides a world-class Web-accessible control solution that greatly simplifies the deployment, in-place modification, and tracking of a single Cisco PIX firewall without the need of any additional software beyond an ordinary browser and Java plug-in to be installed on a manager's computer.
IT managers can also remotely set up, monitor, and troubleshoot Cisco PIX firewalls via a command-line interface (CLI). Safe CLI interface communication is available using several techniques such as Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. Cisco PIX firewall appliances also have dependable auto-update features, a collection of revolutionary protected remote-administration options that make sure that security settings and software images are always up to date.
For more details about Progent's consulting services for Cisco PIX 500 firewalls, visit PIX 500 firewalls configuration and troubleshooting consulting.
Progent's PIX to ASA Migration Consulting
Because Cisco has discontinued selling the PIX 500 family of firewalls, many companies are uncomfortable with relying on a key infrastructure component that may no longer be supported. ASA 5500 firewalls offer the benefit of being current devices and also bring a number of functions and budgetary advantages in comparison to PIX devices. These benefits include substantially better throughput, optional Secure Sockets Layer VPN capability, and a modular design that guards your investment by allowing you to self-install more security services when and if you need them. Progent's Cisco network engineers can help you to assess the strategic case for upgrading from PIX to ASA 5500 security appliances, design a migration plan that permits a fast and seamless changeover, assist your IT staff to set up new ASA 5500 Series firewalls, and offer online, consulting, and technical support services.
Additional Ways Progent Can Assist Your Business with Cisco ASA and PIX Security Appliances
Cisco's Cisco ASA 5500 Series adaptive security appliances and PIX firewalls provide an array of setup, monitoring, and troubleshooting options that offer you the flexibility to set up these security appliances to match your company's requirements. Progent's CCIE authorized network professionals can assist you to design an efficient network infrastructure that includes Cisco ASA and/or PIX security appliances and that provides world-class security, resilience, throughput, and recoverability. Progent's GISA and CISSP-ISSP-certified IS security professionals can help you to develop a security strategy that makes sense for your business and can configure your PIX or ASA firewall to enforce your security policies. Progent's risk assessment engineers can assess the effectiveness of your existing firewall deployment and validate the security of your whole IS network. Progentís Help Desk support team can provide urgent remote technical support for Cisco products and can give you quick access to a Cisco CCIE expert.
For more information concerning Progent's engineering expertise for Cisco solutions, choose a topic:
To see more details concerning Progent's consulting assistance for Cisco technology, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to contact Progent about technical help for Cisco technology, call 1-800-993-9400 or see Contact Progent.