Ciscoís ASA 5500-X Series, ASA 5500, and PIX 500 firewall appliances provide combined firewall, IPsec VPN, and intrusion prevention system capabilities in single-box packages, delivering a wide range of features to meet the security requirements of companies ranging from small and mid-size businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X, ASA 5500, and PIX firewalls enable network security staffs to defend their network edge and provide safe offsite and mobile connectivity while using powerful management tools built on Cisco's industry-leading firewall products.

Ciscoís ASA 5500 Series and PIX firewall appliances have reached end-of-life status but remain commonly deployed in small and mid-size organizations as well as in some larger data centers. The ASA 5500-X Next-Generation Firewalls represent substantially more bang for the buck and have supplanted the ASA 5500 and PIX 500 families of firewalls for new installations. Still, Cisco's legacy firewall appliances, if carefully maintained, can offer a high degree of security by providing multiple services including stateful firewall, IPsec VPN, and IPS.

After Cisco's purchase of Sourcefire, the entire line of ASA 5500-X firewalls can be provisioned to enable Firepower Services, based on Sourcefire's Snort product, which is the world's most popular intrusion protection system. Firepower services provide enhanced capabilities such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.

Progent's Cisco CCIE-certified infrastructure engineers can help your organization to maintain and troubleshoot older ASA 5500 Series and PIX firewalls and can also assist you to design and implement a smooth upgrade to Ciscoís ASA 5500-X firewalls with Firepower Services. Progent can also assist you to plan, configure, optimize, administer and troubleshoot new firewall ecosystems based on Cisco's latest ASA 5500-X models with Firepower.

Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive family of ASA 5500-X security appliances features an improved substitute for every rack-mountable model in the older ASA 5500 generation of firewalls. Each ASA 5500-X model targets the identical environment as the associated earlier models, which offers small and midsize businesses ample choice for picking a firewall that aligns with their security requirements and budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful protection services. All devices in Cisco's ASA 5500-X family deliver consistent security across any combination of physical, virtual, and cloud deployments.

Cisco ASA 5500-X Firepower Consultants

For additional information about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's support for ASA 5500-X firewalls, go to Cisco Firepower configuration and debugging expertise

Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls accept either software or hardware modules that support Cisco's Firepower Services, which offer layered defense against multi-vector threats. Cisco's Firepower Services are powered by innovative technology adopted by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA 5500-X firewalls include:

  • Layered defense against both familiar and new attacks
  • Advanced Malware Protection that utilizes big data to discover and mitigate security breaches
  • Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that covers users, network infrastructure, software applications, and content to discover threats that incorporate simultaneous approaches
  • High-resolution Application Visibility and Control that is aware of thousands of apps and can automatically launch both standard and custom IPS policies based on the severity of risk
Cisco Firepower Configuration Expertise

Firepower Services for ASA firewalls provide multi-layered protection

Simpler deployments of ASA 5500-X firewalls can be effectively administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility which is provided with all ASA 5500-X models. ASDM includes a simple web dashboard for configuring, administering, and debugging ASA 5500-X appliances and modules.

For multi-device and multi-site environments, ASA 5500-X firewalls with Firepower can be managed with Cisco's Firepower Management Center, available as one or more physical or virtual devices. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Advanced Malware Protection. Due to frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names that include Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.

Firepower Management Center provides features unavailable with Cisco's on-box ASDM tool. Extra capabilities include greater context awareness, Advanced Malware Protection (AMP) with remediation for user devices, a dashboard that provides real-time network infrastructure visualization, automated policy optimization based on risk evaluation of attacks, advanced IPS, custom application detectors for Application Visibility and Control (AVC), customized health alerts, improved reporting options, and APIs for host input and database access. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be handled via the on-device ASDM or the ASA command line interface.

Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls leverage engineering developed for the PIX 500 firewall, Cisco's IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 family concentrator. These technologies enable the Cisco ASA Firewall product line to deliver a platform that stops the widest range of threats. Cisco Adaptive Security Appliances Firewalls deliver program protection, network containment, and clean VPN connectivity throughout the entire product portfolio. This broad scope of security enables the guarding of any network area, including the most typical attack vectors such as remote locations, locally-connected internal users, and off-site access Virtual Private Networks.

Cisco ASA 5500 Series Consulting and Technical Support
The scalable design of the ASA 5500 family permits you to add more security services by installing service modules and cards. These user-installable enhancements provide the ability to add Intrusion Protection and content protection services like filtering virus, spyware, and phishing attacks and executing data and URL screening. Beside allowing your IT staff to react quickly to new risk environments, the extensible architecture of the Cisco ASA 5500 family also leverages your hardware investment by increasing the life of your security appliances. The Cisco ASA 5500 Series also protects your investment in administrative staff training by supporting the rich set of PIX 500 security management tools and protocols including the Cisco ASDM platform, secure command-line interface access, verbose syslog, and Simple Network Management Protocol (SNMP).

Cisco Adaptive Security Appliances (ASA) firewalls provide robust application protection through intelligent, application-sensitive inspection processes that analyze network flows at Layers 4-7. This results in a more secure environment covering Web, voice, and mobile wireless connectivity. To protect networks against application-layer attacks and to offer better policing of the applications and protocols utilized in their environments, these inspection engines incorporate broad application and protocol knowledge and rely on protection enforcement solutions that include protocol anomaly detection and application and protocol state monitoring. Also incorporated are assault detection and remediation technology including application/protocol command filters and content verification. Cisco ASA firewall inspection engines also deliver management of IM and peer-to-peer file sharing, enabling businesses to enforce usage policies and free up network bandwidth for vital business applications.

For more information about Progent's consulting services for Cisco's ASA 5500 security appliances, see Cisco ASA 5500 series firewalls configuration and debugging support.

PIX Firewalls
Built upon a tested, specialized software platform that delivers rich security features, PIX security appliances provide excellent security and have earned EAL 4 status and ICSA Firewall and IP Security (IPsec) qualification. Cisco PIX firewalls provide security for a broad range of Voice over IP and other multimedia conventions such as H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol, helping businesses to protect deployments of a broad array of current and upcoming IP voice and video applications.

PIX Firewalls Consultants
PIX firewalls offer a wealth of configuration, monitoring, and analysis features, giving businesses the flexibility to utilize the techniques that most closely meet their requirements. Administrative solutions include common, policy-based management utilities, integrated web-accessible management, and support for remote-monitoring standards like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a powerful Web-based control platform that greatly simplifies the installation, in-place modification, and tracking of a single Cisco PIX firewall appliance without the need of any extra utility beyond a standard Web browser and Java applet to be running on an administrator's PC.

IT managers can furthermore remotely set up, monitor, and troubleshoot PIX security appliances using a command-line interface (CLI). Secure command-line interface (CLI) communication is available using a number of techniques including Secure Shell (SSHv2) Protocol, Telnet over IPsec, and out-of-band through a console port. Cisco PIX firewalls also have robust automatic-update capabilities, a collection of advanced secure remote-management services that ensure firewall configurations and software images are always up to date.

For more details about Progent's support services for PIX 500 security appliances, go to Cisco PIX 500 firewalls integration and debugging consulting.

Progent's PIX to ASA Migration Consulting
Because Cisco has discontinued selling the PIX 500 family of firewalls, many businesses are concerned about depending on a critical infrastructure mechanism that may stop being supported. Cisco ASA 5500 firewalls have the benefit of being current devices and also bring several technical and financial benefits in comparison to PIX 500 devices. These benefits include substantially better throughput, optional Secure Sockets Layer VPN support, and a modular design that guards your investment by allowing you to self-install more security features whenever you need them. Progent's Cisco certified experts can assist you to determine the strategic value of for moving from PIX 500 to ASA 5500 firewalls, create a migration process that allows for a fast and seamless changeover, assist you to deploy new ASA 5500 firewalls, and offer remote training, consulting, and troubleshooting services.

Additional Ways Progent Can Help You with Cisco ASA and PIX Firewalls
Cisco ASA 5500 Series adaptive security appliances and PIX family security appliances incorporate a wealth of configuration, tracking, and troubleshooting features that offer you the flexibility to set up these security appliances to match your company's needs. Progent's CCIE certified network experts can assist you to install a cost-effective infrastructure that includes Cisco ASA and/or PIX firewall technology and that provides world-class security, resilience, performance, and recoverability. Progent's GISA and CISSP-ISSP-premier IS security professionals can help you to develop a security strategy appropriate for your business and can set up your PIX or ASA firewall to support your security strategy. Progent's risk evaluation experts can evaluate the effectiveness of your existing firewall deployment and validate the security of your entire information system network. Progentís Help Desk Call Center can deliver urgent remote troubleshooting for Cisco technology and can give you fast access to a Cisco network engineer.

To find out more details about Progent's professional help for Cisco technology, pick a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic: To see more information concerning Progent's engineering help for Cisco technology, choose a topic:

For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.

More topics of interest: