Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances offer combined firewall, VPN, and IPS services in single-box devices, delivering a wide range of features to match the security needs of companies from small and mid-size businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X, ASA 5500 Series, and PIX firewalls enable IT security staffs to protect their network perimeter and provide safe remote connectivity while using advanced administration mechanisms based on Cisco's world-class firewall products.
Ciscoís ASA 5500 Series and PIX 500 firewalls have arrived at end-of-life status but are still widely deployed in small and mid-size businesses and in a few enterprise networks. Ciscoís ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have superseded Cisco's ASA 5500 and PIX families of firewalls for new deployments. Still, Cisco's legacy firewalls, if carefully maintained, can offer a high degree of security by supplying multiple features such as firewall, Virtual Private Network (VPN) connections, and IPS.
Since Cisco's acquisition of Sourcefire, the entire line of Cisco ASA 5500-X devices can be configured to enable Firepower Services, based on Sourcefire's Snort product, which is the world's most deployed intrusion protection system. Firepower services bring powerful new features including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco-premier network consultants can assist you to maintain and debug legacy ASA 5500 Series and PIX 500 firewalls and can also assist you to plan and carry out an efficient upgrade to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also help you to design, integrate, tune, administer and troubleshoot new firewall ecosystems based on Cisco's latest ASA 5500-X models with Firepower Services.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive line of ASA 5500-X security appliances includes an improved substitute for every rack-mountable unit in the previous ASA 5500 line of devices. Each ASA 5500-X model targets the identical environment as the associated previous models, which offers most ample choice for selecting a solution that meets their security needs and IT budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and support Cisco's powerful protection services. All devices in Cisco's ASA 5500-X family deliver dependable protection across any mix of physical, virtual, and cloud environments.
For more information about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's consulting for Cisco ASA firewalls, visit Firepower configuration and troubleshooting expertise
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances accept either software or physical modules that support Cisco's Firepower Services, which provide layered defense against sophisticated attacks. Firepower Services are based on innovative technology adopted by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X security appliances include:
- Layered defense against familiar and new attacks
- Cisco's Advanced Malware Protection that uses big data to discover and remediate intrusions
- A Next-Generation Intrusion Prevention System that provides contextual analysis that covers users, infrastructure, apps, and content to discover attacks that use multiple approaches
- Fine-grained Application Visibility and Control (AVC that is aware of thousands of applications and can automatically activate both standard and customized IPS policies based on the severity of risk
Firepower Services for Cisco ASA firewalls offer advanced multi-layered security
Simpler implementations of ASA 5500-X firewalls can be effectively administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility which is provided with all ASA 5500-X models. ASDM includes a simple web console for deploying, administering, and debugging ASA 5500-X firewalls and modules.
For more complex environments, ASA 5500-X appliances with Firepower can be managed with Cisco's Firepower Management Center, available as one or more physical units or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names that include Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Cisco's Firepower Management Center offers capabilities beyond those available with Cisco's on-box Adaptive Security Device Manager tool. Extra capabilities include expanded context awareness, Cisco's Advanced Malware Protection with remediation for client devices, a dashboard that offers dynamic network visualization, automated policy optimization based on risk evaluation of threats, advanced IPS, custom app detectors for Application Visibility and Control (AVC), customized health notifications, improved reporting features, and APIs for host input and database access. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed using either the on-box ASDM or the ASA command line interface.
Cisco ASA 5500 Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) Firewalls leverage technology developed for Cisco's PIX 500 family Security Appliance, the IPS 4200 sensor, and the VPN 3000 Series concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to deliver a firewall that stops the broadest variety of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls deliver application security, local containment, and safe VPN functionality throughout the entire product line. This breadth of protection allows the guarding of any network section, including the most common attack conduits such as remote locations, LAN-attached internal users, and remote connected Virtual Private Networks.
The scalable architecture of the Cisco ASA 5500 Series enables you to add more security services via security service modules and security service cards (SSCs). These user-installable options provide the option of adding IPS and content protection functions such as blocking virus, worms, and phishing assaults and executing file and URL screening. In addition to allowing you to respond rapidly to the latest threat vectors, the extensible architecture of the Cisco ASA 5500 family also protects your hardware investment by increasing the useful life of your security appliances. The Cisco ASA 5500 family also leverages your investment in IT staff training by supporting the familiar set of PIX security management tools and protocols such as the Cisco ASDM system, protected command-line interface access, verbose syslog, and SNMP.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide robust application protection via smart, application-aware inspection processes that examine network flows at Layers 4-7. This results in a better protected environment including Web, voice, and 3G-mobile wireless connectivity. To defend networks against application-layer assaults and to offer better control over the programs and protocols used in their environments, Cisco's inspection engines incorporate broad application and protocol knowledgebases and rely on protection enforcement technologies that include anomaly detection and application and protocol state monitoring. Also incorporated are assault detection and remediation techniques such as application and protocol command filters and URL deobfuscation. Cisco ASA firewall inspection engines also deliver control over instant messaging and tunneling applications, allowing businesses to police usage policies and recover bandwidth for vital business applications.
For more details about Progent's support services for Cisco's ASA 5500 firewalls, see ASA 5500 firewalls integration and debugging consulting.
Cisco PIX Security Appliance Series
Based around a hardened, specialized software platform that offers a wealth of security services, Cisco PIX firewalls offer excellent protection and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IPsec qualification. PIX firewall appliances offer security for a wide range of Voice over IP and additional multimedia conventions such as H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, RTSP, and MGCP, helping organizations to protect deployments of a wide array of current and next-generation Voice over IP and video applications.
PIX firewalls offer a wealth of setup, tracking, and troubleshooting options, providing IT managers the versatility to utilize the techniques that most closely match their requirements. Administrative solutions include common, policy-based administration utilities, integrated web-based management, and support for remote-tracking protocols like SNMP and syslog. The integrated ASDM system offers a world-class Web-based management platform that greatly simplifies the installation, in-place modification, and tracking of a specific Cisco PIX firewall without the need of any additional utility beyond a standard Web browser and Java plug-in to be installed on an administrator's PC.
Administrators can furthermore remotely configure, monitor, and troubleshoot PIX firewall appliances using a command-line interface (CLI). Secure CLI interface communication is available through a number of techniques including Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. Cisco PIX firewall appliances also include robust auto-update capabilities, a collection of revolutionary secure remote-management services that ensure firewall settings and software images are always up to date.
For more information about Progent's consulting services for Cisco PIX 500 security appliances, see PIX 500 firewalls integration and troubleshooting services.
Progent's PIX to ASA Migration Consulting Support
Because Cisco has ceased selling the PIX 500 family of firewalls, many businesses are concerned about relying on a critical infrastructure component that might no longer be supported. ASA 5500 security appliances offer the benefit of being current devices and also bring a number of functions and budgetary benefits in comparison to PIX 500 firewalls. These benefits include significantly higher throughput, optional SSL VPN support, and an expandable architecture that protects your investment by allowing you to add more security features whenever you require them. Progent's CCIE-certified network engineers can assist you to assess the business value of for upgrading from PIX to ASA 5500 firewalls, design a migration process that permits a quick and seamless changeover, help your IT staff to deploy new ASA 5500 firewalls, and provide remote training, consulting, and technical support services.
Other Ways Progent Can Help You with Cisco Firewalls
Cisco's Cisco ASA 5500 Series firewalls and PIX family firewalls provide a wealth of configuration, monitoring, and analysis features that give you the flexibility to deploy these firewalls to match your company's requirements. Progent's CCIE authorized network professionals can assist you to design a cost-effective network infrastructure that incorporates Cisco ASA or PIX firewall technology and that provides world-class protection, fault tolerance, performance, and manageability. Progent's CISA and CISSP-ISSP-certified IS security engineers can assist your business to create a security strategy that makes sense for your situation and can set up your PIX or ASA firewall to enforce your security policies. Progent's security assessment consultants can evaluate the effectiveness of your current firewall solution and audit the overall security of your whole IS network. Progentís Help Desk support team can deliver urgent online troubleshooting for Cisco technology and can give you quick access to a Cisco network engineer.
To see more information about Progent's professional support for Cisco networking products, select a subject:
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
For more details about Progent's engineering support for Cisco technology, choose a subject:
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.