Ciscoís ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances provide integrated firewall, IPsec VPN, and intrusion prevention system capabilities in compact single-box devices, delivering a broad range of features to match the security needs of companies from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewalls allow IT security staffs to protect their network edge and provide safe remote access while using powerful management tools built on Cisco's industry-leading firewall technology.
Ciscoís ASA 5500 and PIX 500 firewall appliances have arrived at end-of-life (EOL) but remain widely deployed in smaller businesses and in some enterprise data centers. The ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have superseded Cisco's ASA 5500 and PIX 500 lines of firewalls for new deployments. However, Cisco's older model firewalls, if carefully maintained, continue to offer a high level of security by providing multiple security functions including stateful firewall, IPsec VPN, and IPS.
After Cisco's purchase of Sourcefire, the whole line of ASA 5500-X firewalls can be configured to support Firepower Services, built on Sourcefire's Snort product, which is the world's most popular intrusion protection system (IPS). Firepower services bring powerful new features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco CCIE-certified network consultants can assist you to maintain and troubleshoot legacy ASA 5500 Series and PIX 500 firewall appliances and can also help you to design and implement an efficient migration to Ciscoís ASA 5500-X Series firewalls with Firepower. Progent can also assist you to design, integrate, tune, administer and debug new firewall solutions built on Cisco's current ASA 5500-X firewalls with Firepower Services.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive family of ASA 5500-X security appliances includes an enhanced replacement for every rack-mountable unit in the previous ASA 5500 line of firewalls. Each ASA 5500-X model targets the identical environment as the associated earlier models, which gives most plenty of choice for picking a solution that meets their security needs and IT budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and support Cisco's powerful security services. All models in Cisco's ASA 5500-X product line deliver dependable protection across any combination of physical, virtual, and cloud deployments.
For more details about ASA 5500-X security appliances, Firepower services, and Progent's support for ASA firewalls, go to Firepower configuration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances accept software or physical modules that support Firepower Services, which offer layered protection against sophisticated attacks. Cisco's Firepower Services are based on technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA security appliances include:
- Layered protection against familiar and zero-day attacks
- Cisco's Advanced Malware Protection (AMP) that utilizes big data to find and remediate security breaches
- Cisco's Next-Generation Intrusion Prevention System that performs contextual analysis that looks at clients, network infrastructure, apps, and content to discover threats that incorporate simultaneous vectors
- High-resolution Application Visibility and Control (AVC that is aware of thousands of applications and can automatically activate both standard and custom IPS policies based on the degree of risk
Firepower Services for ASA 5500-X firewalls provide multi-layered security
Smaller deployments of ASA firewalls can be effectively administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility which is provided with all ASA 5500-X versions. ASDM includes a simple web console for deploying, administering, and debugging ASA 5500-X firewalls and modules.
For more complex deployments, ASA 5500-X appliances with Firepower can be administered with Firepower Management Center, available as one or more physical units or virtual devices. Firepower Management Center offers centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names including Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center provides features unavailable with Cisco's on-box Adaptive Security Device Manager tool. Extra capabilities include expanded context awareness, Advanced Malware Protection with remediation for user devices, a console that provides dynamic network infrastructure visualization, automated policy optimization based on impact assessment of attacks, comprehensive IPS, custom app detectors for Application Visibility and Control (AVC), customized health alerts, improved reporting features, and application interfaces for host input and database access. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be handled using Cisco's ASA 5500-X on-box ASDM or the ASA CLI.
Cisco ASA 5500 Firewalls
Cisco ASA 5500 Series Firewalls leverage technology developed for the Cisco PIX 500 Security Appliance, the IPS 4200 Intrusion Prevention System, and Cisco's VPN 3000 family concentrator. These technologies converge on the Cisco ASA 5500 Series Firewall product line to deliver a firewall that stops the widest range of attacks. Cisco ASA Firewalls provide application protection, local containment, and safe Virtual Private Network connectivity throughout Cisco's product portfolio. This broad scope of security allows defense of any network area, including the most common attack conduits such as remote locations, locally-attached internal users, and remote connected Virtual Private Networks.
The scalable design of the Cisco ASA 5500 Series enables you to add services via service modules and security service cards. These easy-to-install enhancements give you the option of adding Intrusion Protection and content protection services like blocking virus, worms, and phishing attacks and executing data and URL screening. Beside allowing your IT staff to react quickly to the latest risk vectors, the extensible architecture of the ASA 5500 family also leverages your capital investment by prolonging the useful life of your firewalls. The Cisco ASA 5500 Series also leverages your investment in administrative staff training by utilizing the rich library of PIX security management utilities and protocols such as the Cisco Adaptive Security Device Manager (ASDM) platform, secure command-line interface access, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances (ASA) firewalls provide robust application security via intelligent, application-sensitive inspection engines that examine traffic at Layers 4-7. The result is a more secure network including Web, voice, and 3G-mobile wireless access. To defend networks against application-layer assaults and to provide stronger policing of the applications and protocols used in their networks, Cisco's inspection engines incorporate broad application and protocol knowledge and employ security enforcement solutions such as anomaly sensing and application and protocol state monitoring. Also included are attack sensing and remediation techniques such as application and protocol command filtering and content verification. Cisco ASA 5500 Series firewall inspection engines also provide control over instant messaging and tunneling applications, enabling businesses to enforce usage policies and preserve network bandwidth for crucial business processes.
For more information about Progent's support services for ASA 5500 firewalls, see ASA 5500 firewalls configuration and debugging support.
Cisco PIX Firewalls
Based around a tested, purpose-built OS that offers rich security services, Cisco PIX firewalls offer a high level of security and have received EAL 4 status and ICSA Firewall and IP Security certification. PIX security appliances provide security for a broad range of VoIP and other mixed-media standards including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping businesses to protect installations of a broad range of current and upcoming IP voice and multimedia applications.
Cisco PIX firewalls offer a variety of setup, tracking, and analysis features, giving businesses the flexibility to use the techniques that best match their needs. Administrative solutions include centralized, policy-based administration utilities, integrated web-accessible management, and support for remote-monitoring standards like Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a world-class Web-accessible control solution that significantly streamlines the deployment, in-place configuration, and monitoring of a single Cisco PIX firewall without requiring any extra software other than a standard Web browser and Java plug-in to be running on an administrator's PC.
Administrators can also remotely set up, monitor, and troubleshoot Cisco PIX firewalls using a command-line interface (CLI). Safe command-line interface (CLI) communication is possible using a number of techniques including SSHv2 Protocol, Telnet over IPsec, and out-of-band via a console port. PIX firewall appliances also include dependable auto-update features, a set of advanced secure remote-management services that ensure firewall configurations and software images are kept current.
For more details about Progent's support services for Cisco PIX 500 security appliances, see PIX 500 firewalls integration and troubleshooting consulting.
Progent's PIX to ASA Migration Consulting
Since Cisco has stopped selling the PIX 500 family of firewalls, many businesses are uncomfortable with relying on a key infrastructure mechanism that might stop being supported. Cisco ASA 5500 security appliances have the advantage of being current products and also bring several functions and financial advantages in comparison to PIX 500 firewalls. These advantages include substantially higher performance, optional SSL tunneling support, and a modular architecture that protects your investment by enabling you to self-install more security features when and if you need them. Progent's Cisco experts can assist your company to assess the business case for upgrading from PIX to ASA 5500 security appliances, create a migration process that allows for a quick and non-disruptive changeover, help you to configure new ASA 5500 Series firewalls, and offer remote training, consulting, and technical support services.
Other Ways Progent Can Assist Your Business with Cisco ASA and PIX Firewalls
Cisco's ASA Series adaptive security appliances and PIX firewalls provide a wealth of setup, tracking, and troubleshooting options which give you the flexibility to configure these security appliances to align optimally with your company's needs. Progent's CCIE authorized network experts can show you how to and support a cost-effective network infrastructure that includes Cisco ASA and/or PIX firewall technology and that offers world-class protection, resilience, performance, and manageability. Progent's CISA and CISM-premier information security experts can assist your business to develop a security policy appropriate for your situation and can configure your security appliance to support your security policies. Progent's security assessment consultants can evaluate the strength of your current firewall deployment and audit the security of your whole IT environment. Progentís Technical Response Center (TRC) can deliver urgent remote troubleshooting for Cisco technology and can give you quick access to a Cisco expert.
For more information concerning Progent's consulting assistance for Cisco solutions, pick a topic:
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
To learn additional information about Progent's professional support for Cisco technology, select a subject:
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.