Ciscoís ASA 5500-X, ASA 5500, and PIX 500 firewalls provide combined firewall, VPN, and intrusion prevention system (IPS) capabilities in compact single-box packages, delivering a wide range of features to meet the security needs of organizations from small businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X Series, ASA 5500, and PIX 500 firewall appliances allow network security staffs to defend their network edge and provide safe remote access while using advanced management mechanisms based on Cisco's industry-leading firewall technology.
Ciscoís ASA 5500 Series and PIX 500 firewall appliances have arrived at end-of-life status but are still widely deployed in smaller organizations as well as in some enterprise networks. The ASA 5500-X Next-Generation Firewalls represent substantially more bang for the buck and have superseded the ASA 5500 and PIX 500 families of firewalls for new installations. Still, Cisco's legacy firewalls, if properly maintained, can offer a high level of protection by supplying a variety of security functions including stateful firewall, VPN tunneling, and IPS.
Since Cisco's acquisition of Sourcefire, the entire family of Cisco ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort technology, which is the market's most deployed network intrusion protection system (IPS). Firepower services bring powerful new capabilities such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco CCIE-certified network engineers can help your organization to support and debug legacy ASA 5500 Series and PIX 500 firewalls and can also assist you to design and implement a smooth migration to Ciscoís ASA 5500-X firewalls with Firepower Services. Progent can also assist you to plan, configure, optimize, administer and debug new firewall solutions built on Cisco's latest ASA 5500-X models with Firepower Services.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X firewalls includes an improved substitute for every rack-mountable model in the previous ASA 5500 generation of firewalls. Each ASA 5500-X model targets the identical environment as the associated previous models, which offers most ample room for picking a firewall that meets their security needs and IT budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful security services. All devices in Cisco's ASA 5500-X family provide consistent security across any mix of physical, virtual, and cloud environments.
For more details about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's support for ASA 5500-X security appliances, visit Firepower integration and troubleshooting expertise
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances accept either software or hardware modules that support Firepower Services, which provide layered defense against multi-vector threats. Firepower Services are based on innovative technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X firewalls include:
- Layered protection against familiar and new attacks
- Advanced Malware Protection that uses big data techniques to discover and remediate security breaches
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at clients, infrastructure, software applications, and content to discover threats that incorporate simultaneous vectors
- Fine-grained Application Visibility and Control (AVC that is familiar with thousands of apps and can automatically launch both standard and customized IPS policies based on the degree of risk
Firepower Services for ASA 5500-X firewalls provide advanced multi-layered protection
Simpler implementations of Cisco ASA firewalls can be efficiently managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all ASA 5500-X models. ASDM provides an easy-to-use web dashboard for configuring, managing, and troubleshooting ASA 5500-X appliances and modules.
For multi-device and multi-site environments, ASA 5500-X appliances with Firepower Services can be administered with Firepower Management Center, available as one or several physical units or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names that include Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center provides capabilities unavailable with Cisco's on-box ASDM utility. Extra capabilities include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for user devices, a dashboard that provides real-time network infrastructure visualization, automated policy tuning based on risk assessment of threats, comprehensive IPS, custom application detectors for Application Visibility and Control (AVC), customized health alerts, enhanced reporting features, and APIs for host input and databases. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be handled using either Cisco's ASA 5500-X on-device ASDM or the ASA command line interface.
Cisco ASA 5500 Family of Adaptive Security Appliances
Cisco ASA 5500 Series Firewalls build on engineering developed for the Cisco PIX 500 Security Appliance, Cisco's IPS 4200 family Intrusion Prevention System, and the VPN 3000 family concentrator. These technologies converge on the Cisco ASA 5500 Series Firewall product line to deliver a platform that defends against the broadest range of attacks. Cisco ASA Firewalls provide application security, network containment and control, and safe Virtual Private Network connectivity throughout the entire product line. This breadth of security enables defense of any network area, including the most typical threat conduits such as remote sites, locally-attached internal users, and off-site access Virtual Private Networks.
The expandable architecture of the Cisco ASA 5500 family permits you to add more services via security service modules and security service cards. These easy-to-install options give you the ability to add Intrusion Protection and content protection functions such as blocking virus, worms, and phishing attacks and performing data and URL screening. In addition to enabling you to react rapidly to the latest risk environments, the expandable design of the Cisco ASA 5500 Series also protects your hardware investment by prolonging the useful life of your firewalls. The ASA 5500 Series also leverages your investment in IT team education by utilizing the familiar set of PIX management tools and protocols including the Cisco Adaptive Security Device Manager (ASDM) platform, secure command-line interface availability, verbose syslog, and SNMP.
Cisco Adaptive Security Appliances firewalls provide robust application protection via smart, application-aware inspection processes that examine network flows at Layers 4-7. This produces a more secure network including Web, voice, and 3G-mobile wireless access. To defend against application-layer attacks and to offer stronger control over the programs and protocols used in their environments, these inspection engines integrate broad application and protocol knowledge and employ security enforcement technologies such as anomaly detection and state monitoring. Also included are attack sensing and mitigation techniques such as application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide management of instant messaging and tunneling applications, enabling businesses to police usage policies and preserve bandwidth for important business processes.
For more details about Progent's consulting services for Cisco's ASA 5500 security appliances, visit Cisco ASA 5500 firewalls integration and debugging consulting.
Based upon a tested, specialized operating system that delivers a wealth of security services, Cisco PIX security appliances provide a high level of protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security certification. PIX firewalls provide protection for a wide array of Voice over IP and additional mixed-media conventions including H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, helping businesses to safeguard installations of a wide array of contemporary and upcoming IP voice and multimedia applications.
Cisco PIX firewall appliances offer a wealth of configuration, monitoring, and analysis features, providing businesses the versatility to utilize the techniques that best meet their requirements. Management options include common, policy-based management tools, integrated web-accessible management, and compatibility with remote-tracking protocols such as SNMP and syslog. The integrated ASDM system offers a powerful Web-based management platform that greatly simplifies the installation, in-place configuration, and monitoring of a single PIX firewall appliance without the need of any extra utility beyond an ordinary browser and Java plug-in to be installed on an administrator's computer.
IT managers can also remotely configure, track, and troubleshoot Cisco PIX firewall appliances via a command-line interface (CLI). Secure command-line interface (CLI) access is possible using several methods including Secure Shell Protocol, Telnet over IP Security, and out-of-band via a console port. Cisco PIX security appliances also have robust automatic-update capabilities, a collection of revolutionary secure remote-management services that ensure firewall settings and software images are kept current.
For additional details about Progent's support services for PIX 500 firewalls, visit PIX firewalls configuration and troubleshooting consulting.
Progent's PIX to ASA Migration Consulting Services
Because Cisco has discontinued offering the PIX 500 family of firewalls, many companies are concerned about relying on a key infrastructure mechanism that may no longer be supported. Cisco ASA 5500 firewalls have the benefit of being current products and also bring a number of functions and economic advantages in comparison to PIX 500 devices. These benefits include substantially higher performance, optional Secure Sockets Layer VPN capability, and an expandable architecture that protects your investment by enabling you to self-install new security features whenever you require them. Progent's CCIE-certified network engineers can help your company to determine the strategic value of for upgrading from PIX to Cisco ASA 5500 security appliances, create a migration process that permits a fast and seamless upgrade, assist your IT staff to deploy new ASA 5500 firewalls, and offer remote training, consulting, and troubleshooting services.
Additional Ways Progent Can Help You with Cisco Firewalls
Cisco Cisco ASA 5500 Series firewalls and PIX family security appliances incorporate an array of configuration, monitoring, and analysis options which offer you the ability to set up these security appliances to align optimally with your company's needs. Progent's CCIE authorized network professionals can show you how to and support a cost-effective network infrastructure that includes Cisco ASA or PIX firewalls and that provides world-class security, resilience, performance, and recoverability. Progent's CISA and CISSP-ISSP-certified information security professionals can help your business to create a security strategy appropriate for your environment and can set up your PIX or ASA firewall to support your security strategy. Progent's risk assessment consultants can evaluate the effectiveness of your current firewall deployment and audit the overall security of your whole information system environment. Progentís Help Desk support team can provide emergency online troubleshooting for Cisco products and offer quick access to a Cisco expert.
To see more details about Progent's engineering support for Cisco technology, choose a topic:
To find out additional details concerning Progent's consulting assistance for Cisco networking products, choose a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to ask Progent about technical expertise for Cisco technology, phone 1-800-993-9400 or refer to Contact Progent.