Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewalls offer integrated firewall, IPsec VPN, and intrusion prevention system services in single-box packages, delivering a wide array of features to match the security and compliance needs of companies from small and mid-size businesses to enterprises and ISPs. Ciscoís ASA 5500-X, ASA 5500, and PIX firewalls allow IT security staffs to defend their network edge and provide secure offsite and mobile access while utilizing powerful administration tools based on Cisco's world-class firewall products.
Ciscoís ASA 5500 and PIX 500 firewall appliances have reached end-of-life status but remain commonly used in small and mid-size organizations as well as in a few larger data centers. The ASA 5500-X Series Next-Generation Firewalls represent significantly more bang for the buck and have superseded Cisco's ASA 5500 and PIX lines of firewalls for new deployments. Still, Cisco's older model firewall appliances, if carefully maintained, continue to offer a high degree of security by supplying multiple features including stateful firewall, VPN, and IPS.
Since Cisco's purchase of Sourcefire, the whole family of ASA 5500-X devices can be configured to support Firepower Services, based on Sourcefire's Snort product, which is the market's most popular intrusion protection system (IPS). Firepower services bring enhanced capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-certified network engineers can help you to maintain and troubleshoot legacy ASA 5500 Series and PIX 500 firewall appliances and can also assist you to design and implement an efficient migration to Ciscoís ASA 5500-X firewalls with Firepower Services. Progent can also assist you to plan, configure, optimize, administer and debug new firewall ecosystems built on Cisco's latest ASA 5500-X firewalls with Firepower Services.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive family of ASA 5500-X security appliances includes an enhanced substitute for each rack-mountable model in the previous ASA 5500 line of devices. Each ASA 5500-X firewall is suited for the same environment as the associated previous models, which offers most plenty of choice for picking a firewall that aligns with their security needs and IT budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and support Cisco's powerful security services. All devices in Cisco's ASA 5500-X product line deliver dependable protection across any combination of physical, virtual, and cloud environments.
For more details about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's support for Cisco ASA 5500-X firewalls, see Cisco Firepower configuration and troubleshooting expertise
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls accept either software or physical modules that enable Cisco's Firepower Services, which offer layered protection against multi-vector threats. Firepower Services are based on technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA firewalls include:
- Layered defense against both familiar and zero-day attacks
- Cisco's Advanced Malware Protection (AMP) that uses big data techniques to find and remediate security breaches
- A Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at clients, network infrastructure, apps, and content to detect attacks that use multiple vectors
- High-resolution Application Visibility and Control (AVC that is aware of thousands of applications and can automatically activate both standard and customized IPS policies depending on the severity of threats
Firepower Services for ASA 5500-X firewalls provide multi-layered threat protection
Smaller implementations of ASA 5500-X firewalls can be effectively administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool included with all ASA 5500-X versions. ASDM includes a simple web dashboard for deploying, administering, and debugging ASA 5500-X devices and modules.
For more complex environments, ASA 5500-X firewalls with Firepower can be administered using Cisco's Firepower Management Center, available as one or several physical or virtual devices. Cisco's Firepower Management Center offers unified firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of ongoing rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under various names including Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Firepower Management Center offers capabilities beyond those available with Cisco's on-device Adaptive Security Device Manager tool. Additional features include expanded context awareness, Advanced Malware Protection (AMP) with remediation for client devices, a dashboard that offers real-time infrastructure visualization, automated policy tuning driven by risk evaluation of threats, advanced IPS, custom application detectors for Application Visibility and Control, customized health alerts, enhanced reporting options, and application interfaces for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be managed using the on-device ASDM or the ASA command line interface.
Cisco ASA 5500 Series Firewalls
Cisco ASA Firewalls leverage engineering behind the Cisco PIX 500 Series firewall, Cisco's IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 Series concentrator. These technologies converge on the Cisco ASA Firewall product line to deliver a firewall that defends against the widest range of threats. Cisco ASA Firewalls deliver application protection, local containment and control, and clean Virtual Private Network connectivity across the entire product portfolio. This breadth of security allows the guarding of any network segment, including the most typical attack conduits like remote sites, locally-connected inside users, and remote access Virtual Private Networks.
The scalable architecture of the ASA 5500 family enables you to add features via service modules and cards. These easy-to-install enhancements provide the ability to add Intrusion Protection and content protection functions such as filtering virus, spyware, and phishing assaults and performing file and web screening. In addition to enabling your IT staff to respond quickly to new risk environments, the extensible architecture of the ASA 5500 Series also leverages your hardware investment by increasing the useful life of your firewalls. The ASA 5500 family also protects your investment in administrative staff education by utilizing the rich library of PIX management utilities and protocols including the Cisco Adaptive Security Device Manager (ASDM) system, secure command-line interface (CLI) availability, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances firewalls provide a high-level of application protection through intelligent, application-aware inspection processes that examine traffic at Layers 4-7. This results in a safer environment including Web, voice, and mobile wireless services. To defend networks against application-layer attacks and to offer better policing of the applications and protocols used in their networks, Cisco's inspection engines incorporate broad application and protocol knowledgebases and employ security enforcement technologies that include anomaly detection and state tracking. Also included are attack sensing and remediation technology such as application/protocol command filters and content verification. Cisco ASA firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, enabling businesses to enforce usage policies and preserve network bandwidth for crucial business processes.
For more information about Progent's support services for ASA 5500 firewalls, see Cisco ASA 5500 firewalls configuration and debugging consulting.
PIX Security Appliance Series
Built around a tested, specialized operating system that delivers rich security features, PIX firewall appliances provide excellent security and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec certification. PIX security appliances provide protection for a wide array of Voice over IP and other multimedia conventions such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and MGCP, helping organizations to protect deployments of a wide range of contemporary and next-generation VoIP and video applications.
Cisco PIX security appliances offer a variety of setup, tracking, and troubleshooting options, providing businesses the flexibility to utilize the techniques that most closely meet their needs. Administrative solutions include centralized, policy-based management utilities, integrated web-accessible administration, and support for remote-monitoring standards like SNMP and syslog. The integrated ASDM interface offers a powerful Web-based control solution that greatly streamlines the installation, in-place modification, and monitoring of a single PIX firewall appliance without the need of any extra utility beyond a standard Web browser and Java applet to be installed on a manager's computer.
IT managers can furthermore remotely configure, track, and troubleshoot Cisco PIX firewall appliances using a command-line interface. Secure command-line interface (CLI) access is possible using a number of methods such as Secure Shell Protocol, Telnet over IPsec, and out-of-band through a console port. Cisco PIX security appliances also have robust auto-update features, a collection of advanced secure remote-management options that make sure that firewall settings and software images are kept current.
For additional details about Progent's consulting services for Cisco PIX 500 firewalls, go to PIX 500 firewalls configuration and debugging support.
Progent's PIX to ASA Migration Consulting
Because Cisco has discontinued offering the PIX product line, many businesses are uncomfortable with relying on a critical infrastructure mechanism that might stop being supported by Cisco. ASA 5500 firewalls offer the advantage of being current devices and also offer several functions and financial advantages in comparison to PIX 500 firewalls. These advantages include substantially better throughput, optional SSL VPN capability, and a modular design that protects your investment by enabling you to self-install more security features when and if you need them. Progent's Cisco certified experts can assist your company to determine the business case for moving from PIX to Cisco ASA 5500 security appliances, design a migration process that allows for a fast and seamless changeover, assist you to configure new ASA 5500 Series firewalls, and provide online, consulting, and troubleshooting services.
Additional Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco Cisco ASA Series firewalls and PIX firewalls incorporate a wealth of setup, monitoring, and analysis options which give you the flexibility to deploy these security appliances to align optimally with your business requirements. Progent's CCIE certified network consultants can help you to install a cost-effective infrastructure that includes Cisco ASA or PIX firewall technology and that provides world-class security, fault tolerance, performance, and recoverability. Progent's CISA and CISSP-ISSP-premier information security experts can help you to develop a security policy appropriate for your environment and can set up your firewall to support your security strategy. Progent's security assessment professionals can assess the effectiveness of your current firewall deployment and validate the overall security of your whole information system environment. Progentís Technical Response Center can deliver emergency remote troubleshooting for Cisco products and can give you fast access to a Cisco CCIE network engineer.
To find out additional details concerning Progent's engineering support for Cisco solutions, choose a subject:
For more information concerning Progent's engineering assistance for Cisco solutions, select a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To ask Progent about engineering expertise for Cisco technology, phone 1-800-993-9400 or go to Contact Progent.