Ciscoís ASA 5500-X Series, ASA 5500, and PIX firewalls provide integrated firewall, IPsec VPN, and intrusion prevention system (IPS) capabilities in compact single-box packages, delivering a wide array of features to meet the security needs of organizations ranging from small and mid-size businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X, ASA 5500, and PIX 500 firewall appliances enable IT security teams to protect their network edge and offer safe offsite and mobile connectivity while using powerful administration mechanisms based on Cisco's world-class firewall technology.

Ciscoís ASA 5500 Series and PIX firewalls have reached end-of-life but are still commonly deployed in smaller organizations and in a few enterprise data centers. Ciscoís ASA 5500-X Next-Generation Firewalls represent significantly more bang for the buck and have superseded Cisco's ASA 5500 and PIX 500 lines of firewalls for new installations. Still, Cisco's legacy firewall appliances, if carefully managed, continue to deliver a high degree of protection by providing a variety of security functions including stateful firewall, Virtual Private Network (VPN) connections, and IPS.

Since Cisco's acquisition of Sourcefire, the entire family of Cisco ASA 5500-X devices can be configured to enable Firepower Services, based on Sourcefire's Snort product, which is the world's most deployed network intrusion protection system. Firepower services provide powerful new features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.

Progent's Cisco CCIE-certified infrastructure consultants can help you to support and troubleshoot legacy ASA 5500 Series and PIX 500 firewalls and can also help you to design and implement an efficient migration to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to plan, integrate, tune, administer and debug new firewall solutions based on Cisco's latest ASA 5500-X firewalls with Firepower Services.

Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive line of ASA 5500-X firewalls features an improved substitute for every rack-mountable unit in the older ASA 5500 generation of devices. Each ASA 5500-X model targets the identical market as the associated earlier models, which offers small and midsize businesses plenty of room for selecting a solution that aligns with their security requirements and IT budgets. All ASA 5500-X products build on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and are capable of running Cisco's advanced protection services. All devices in Cisco's ASA 5500-X product line deliver consistent protection across any combination of physical, virtual, and cloud deployments.

Cisco ASA 5500-X Firepower Consultants

For more details about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's support for Cisco ASA firewalls, go to Cisco Firepower configuration and troubleshooting consulting

Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls work with software or physical modules that enable Firepower Services, which offer layered defense against sophisticated threats. Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA 5500-X firewalls include:

  • Multi-layer defense against both familiar and new attacks
  • Cisco's Advanced Malware Protection that uses big data to discover and remediate intrusions
  • Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at users, infrastructure, apps, and content to detect attacks that incorporate simultaneous approaches
  • Fine-grained Application Visibility and Control (AVC that is familiar with thousands of apps and can automatically activate both standard and custom IPS policies based on the degree of risk
Cisco Firepower Configuration Expertise

Firepower Services for ASA firewalls offer advanced multi-layered protection

Smaller implementations of ASA 5500-X firewalls can be effectively managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all ASA 5500-X models. ASDM includes a convenient web dashboard for configuring, administering, and troubleshooting ASA 5500-X firewalls and service modules.

For more complex deployments, ASA 5500-X appliances with Firepower Services can be administered using Firepower Management Center, implemented as one or more physical or virtual devices. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection. Due to ongoing rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under various names that include Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.

Firepower Management Center provides features beyond those available with Cisco's on-device ASDM utility. Extra features include expanded context awareness, Cisco's Advanced Malware Protection with mitigation for user devices, a console that offers dynamic infrastructure visualization, automated policy optimization driven by risk assessment of attacks, advanced IPS, custom app detectors for Application Visibility and Control (AVC), customized health alerts, improved reporting features, and APIs for host input and database access. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be managed using Cisco's ASA 5500-X on-device ASDM or the ASA CLI.

Cisco ASA 5500 Adaptive Security Appliances
Cisco ASA 5500 Series Firewalls build on technology behind the Cisco PIX 500 family Security Appliance, the IPS 4200 Series sensor, and the VPN 3000 model concentrator. These technologies enable the Cisco Adaptive Security Appliances (ASA) Firewall product line to offer a platform that defends against the widest variety of threats. Cisco Adaptive Security Appliances (ASA) Firewalls provide application security, local containment and control, and clean VPN functionality across Cisco's product portfolio. This broad scope of protection allows defense of any network section, which includes the most typical threat vectors like remote sites, locally-connected inside users, and off-site connected Virtual Private Networks.

ASA 5500 Series Consulting and Troubleshooting
The scalable design of the Cisco ASA 5500 family allows you to add features by installing service modules and security service cards (SSCs). These easy-to-install enhancements provide the option of adding Intrusion Protection and content protection functions such as blocking virus, spyware, and phishing attacks and performing data and web filtering. In addition to allowing you to react rapidly to the latest threat environments, the extensible architecture of the ASA 5500 family also protects your capital investment by increasing the life of your security appliances. The Cisco ASA 5500 Series also protects your investment in administrative staff education by supporting the familiar set of PIX security management tools and protocols such as the Cisco Adaptive Security Device Manager (ASDM) platform, secure command-line interface availability, syslog, and SNMP.

Cisco ASA 5500 Series firewalls deliver robust application security through intelligent, application-aware inspection processes that examine network flows at Layers 4-7. This produces a better protected network including Web, voice, and mobile wireless connectivity. To protect against application-layer attacks and to offer better control over the applications and protocols used in their environments, these inspection engines integrate broad application and protocol knowledgebases and rely on security enforcement solutions such as protocol anomaly detection and state tracking. Also included are attack detection and mitigation technology such as application and protocol command filters and content verification. Cisco ASA firewall inspection engines also deliver control over IM and peer-to-peer file sharing, allowing organizations to enforce usage policies and recover network bandwidth for important business applications.

For additional details about Progent's consulting services for ASA 5500 firewalls, go to Cisco ASA 5500 series firewalls configuration and troubleshooting consulting.

Cisco PIX Firewall Appliances
Based around a hardened, specialized operating system that offers a wealth of security services, PIX firewall appliances offer a high level of protection and have been awarded EAL 4 status and ICSA Firewall and IP Security qualification. PIX firewall appliances provide protection for a broad array of Voice over IP and other mixed-media standards such as H.323 Version 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, helping organizations to safeguard installations of a wide array of current and upcoming VoIP and video applications.

PIX Security Support
PIX firewalls feature a variety of configuration, tracking, and troubleshooting options, providing IT managers the versatility to use the techniques that best match their requirements. Administrative options include common, policy-based management utilities, integrated web-accessible management, and compatibility with remote-monitoring protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM system provides a powerful Web-based management solution that significantly streamlines the installation, in-place modification, and tracking of a single Cisco PIX firewall without requiring any additional utility other than an ordinary Web browser and Java applet to be running on an administrator's computer.

Administrators can furthermore remotely configure, monitor, and troubleshoot Cisco PIX security appliances using a command-line interface (CLI). Safe CLI interface communication is possible through several techniques including Secure Shell (SSHv2) Protocol, Telnet through IPsec, and out-of-band via a console port. Cisco PIX firewall appliances also have robust automatic-update capabilities, a collection of advanced secure remote-management options that make sure that firewall settings and software images are kept up to date.

For additional details about Progent's consulting services for Cisco PIX firewalls, see Cisco PIX 500 firewalls integration and debugging services.

Progent's PIX to ASA Migration Support
Because Cisco has stopped offering the PIX 500 product line, many companies are uncomfortable with relying on a critical infrastructure mechanism that might stop being supported by Cisco. ASA 5500 firewalls offer the advantage of being current products and also bring a number of technical and economic benefits in comparison to PIX 500 firewalls. These advantages include significantly higher performance, optional Secure Sockets Layer tunneling capability, and a modular architecture that protects your investment by enabling you to self-install more security services whenever you need them. Progent's Cisco network engineers can assist your company to assess the business case for moving from PIX to ASA 5500 security appliances, design a migration plan that permits a quick and non-disruptive changeover, assist you to install new ASA 5500 firewalls, and offer remote training, consulting, and troubleshooting services.

Additional Ways Progent Can Help You with Cisco ASA and PIX Security Appliances
Cisco's Cisco ASA Series adaptive security appliances and PIX family firewalls incorporate an array of setup, monitoring, and analysis features which offer you the flexibility to deploy these security appliances to align optimally with your company's requirements. Progent's CCIE authorized network professionals can assist you to design an efficient infrastructure that incorporates Cisco ASA or PIX security appliances and that offers advanced security, fault tolerance, throughput, and manageability. Progent's CISA and CISSP-ISSP-certified information security professionals can assist your business to create a security strategy appropriate for your business and can configure your PIX or ASA firewall to enforce your security policies. Progent's risk evaluation professionals can evaluate the strength of your current firewall solution and audit the security of your whole IS environment. Progentís Help Desk support team can deliver urgent remote technical support for Cisco technology and offer fast access to a Cisco CCIE network engineer.

To find out more information concerning Progent's consulting support for Cisco solutions, choose a topic:

For more details about Progent's consulting help for Cisco networking products, choose a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

If you wish to contact Progent about consulting expertise for Cisco products, phone 1-800-993-9400 or refer to Contact Progent.