Ciscoís ASA 5500-X Series, ASA 5500, and PIX 500 firewall appliances offer combined firewall, VPN, and intrusion prevention system (IPS) capabilities in compact single-box devices, delivering a broad range of features to match the security and compliance requirements of organizations ranging from small and mid-size businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X, ASA 5500, and PIX 500 firewalls enable network security teams to defend their network edge and provide secure offsite and mobile access while using powerful management mechanisms based on Cisco's world-class firewall technology.
Ciscoís ASA 5500 Series and PIX 500 firewall appliances have arrived at end-of-life but are still widely deployed in small and mid-size businesses as well as in a few larger networks. The ASA 5500-X Next-Generation Firewalls represent substantially more value and have supplanted Cisco's ASA 5500 and PIX 500 families of firewalls for new deployments. However, Cisco's legacy firewalls, if carefully maintained, can offer a high degree of security by supplying a variety of security functions including stateful firewall, VPN tunneling, and IPS.
After Cisco's purchase of Sourcefire, the whole family of ASA 5500-X devices can be configured to enable Firepower Services, based on Sourcefire's Snort product, which is the world's most deployed network intrusion protection system. Firepower services bring powerful new features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-certified network consultants can help you to maintain and debug older ASA 5500 and PIX 500 firewall appliances and can also assist you to plan and implement an efficient migration to Ciscoís ASA 5500-X firewalls with Firepower Services. Progent can also assist you to plan, configure, optimize, administer and troubleshoot new firewall solutions based on Cisco's latest ASA 5500-X firewalls with Firepower.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X firewalls features an enhanced substitute for each rack-mountable unit in the previous ASA 5500 line of firewalls. Each ASA 5500-X firewall targets the same environment as the associated earlier models, which gives small and midsize businesses plenty of choice for selecting a solution that aligns with their security requirements and budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and support Cisco's advanced protection services. All models in Cisco's ASA 5500-X product line deliver dependable security across any combination of physical, virtual, and cloud environments.
For more details about Cisco's ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for ASA 5500-X firewalls, go to Cisco Firepower integration and debugging expertise
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with software or physical modules that support Cisco's Firepower Services, which offer layered protection against sophisticated attacks. Cisco's Firepower Services are based on technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA firewalls include:
- Multi-layer defense against familiar and new attacks
- Cisco's Advanced Malware Protection (AMP) that uses big data to find and mitigate security breaches
- A Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at users, network infrastructure, software applications, and content to discover attacks that use multiple vectors
- High-resolution Application Visibility and Control (AVC that is aware of thousands of applications and can automatically activate standard and customized IPS policies depending on the degree of risk
Firepower Services for ASA firewalls provide advanced multi-layered protection
Simpler deployments of ASA 5500-X firewalls can be effectively administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility provided with all ASA 5500-X versions. ASDM provides a simple web console for configuring, managing, and troubleshooting ASA 5500-X appliances and modules.
For more complex environments, ASA 5500-X firewalls with Firepower Services can be managed using Cisco's Firepower Management Center, implemented as one or several physical units or virtual appliances. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection. Because of frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Firepower Management Center provides capabilities unavailable with Cisco's on-device Adaptive Security Device Manager tool. Extra features include greater context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for client devices, a dashboard that offers dynamic network infrastructure visualization, automated policy optimization driven by impact evaluation of threats, comprehensive IPS, custom application discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting features, and APIs for host input and databases. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be managed via Cisco's ASA 5500-X on-box ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls leverage engineering behind Cisco's PIX 500 family firewall, the IPS 4200 sensor, and the Cisco VPN 3000 model concentrator. These solutions enable the Cisco Adaptive Security Appliances 5500 Series Firewall family to offer a platform that defends against the broadest range of attacks. Cisco ASA 5500 Series Firewalls provide application protection, local containment, and safe VPN connectivity across Cisco's product portfolio. This breadth of protection enables the guarding of any network segment, including the most common attack conduits like remote locations, LAN-attached inside users, and off-site connected Virtual Private Networks.
The scalable architecture of the Cisco ASA 5500 Series permits you to add security services via security service modules (SSMs) and security service cards. These easy-to-install enhancements give you the ability to add Intrusion Protection and content protection functions such as blocking virus, spyware, and phishing attacks and executing file and URL screening. In addition to enabling your IT staff to respond rapidly to new risk vectors, the expandable architecture of the Cisco ASA 5500 Series also leverages your capital investment by prolonging the life of your firewalls. The Cisco ASA 5500 family also leverages your investment in IT staff education by supporting the familiar set of PIX security management tools and protocols such as the Cisco Adaptive Security Device Manager system, secure command-line interface (CLI) access, verbose syslog, and Simple Network Management Protocol.
Cisco ASA firewalls provide robust application security via intelligent, application-sensitive inspection processes that analyze traffic at Layers 4-7. This results in a safer network covering Web, voice, and 3G-mobile wireless access. To defend networks against application-layer assaults and to offer better policing of the applications and protocols utilized in their environments, Cisco's inspection engines integrate broad application and protocol knowledgebases and employ security enforcement technologies that include anomaly sensing and state tracking. Also included are attack sensing and mitigation technology such as application/protocol command filtering and URL deobfuscation. Cisco ASA firewall inspection engines also provide management of IM and tunneling applications, allowing organizations to police usage policies and preserve network bandwidth for crucial business applications.
For more details about Progent's consulting services for ASA 5500 firewalls, visit ASA 5500 firewalls configuration and debugging services.
Based around a tested, purpose-built software platform that offers rich protection services, Cisco PIX firewalls provide excellent security and have earned EAL 4 status and ICSA Labs Firewall and IPsec certification. PIX firewall appliances offer security for a wide range of VoIP and additional multimedia standards including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol, enabling businesses to protect deployments of a broad range of current and next-generation Voice over IP and mixed-media applications.
PIX firewall appliances offer a variety of configuration, monitoring, and analysis features, providing businesses the versatility to use the techniques that best meet their needs. Administrative options include common, policy-based administration tools, integrated web-based administration, and compatibility with remote-monitoring standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a powerful Web-based control platform that significantly streamlines the installation, ongoing configuration, and tracking of a single Cisco PIX firewall appliance without the need of any additional utility other than a standard browser and Java applet to be installed on an administrator's PC.
IT managers can also remotely configure, monitor, and troubleshoot Cisco PIX firewalls via a command-line interface (CLI). Secure command-line interface access is available through a number of techniques such as Secure Shell Protocol, Telnet over IPsec, and out-of-band via a console port. Cisco PIX firewalls also include dependable automatic-update capabilities, a set of revolutionary protected remote-management services that make sure that security configurations and software images are kept current.
For additional information about Progent's consulting services for Cisco PIX 500 firewalls, see Cisco PIX firewalls configuration and troubleshooting consulting.
Progent's PIX to ASA Migration Consulting Support
Because Cisco has discontinued selling the PIX product line, many businesses are concerned about relying on a critical security component that might no longer be supported. Cisco ASA 5500 security appliances have the advantage of being new products and also offer a number of functions and financial benefits in comparison to PIX firewalls. These benefits include substantially higher throughput, optional Secure Sockets Layer VPN support, and an expandable architecture that protects your investment by allowing you to add new security features when and if you require them. Progent's Cisco experts can assist your company to assess the strategic case for upgrading from PIX to Cisco ASA 5500 security appliances, create a migration process that permits a quick and seamless changeover, assist your IT staff to configure new ASA 5500 Series firewalls, and provide remote training, consulting, and technical support services.
Additional Ways Progent Can Assist Your Business with Cisco Firewalls
Cisco's ASA 5500 Series firewalls and PIX family security appliances incorporate an array of setup, monitoring, and troubleshooting options which offer you the flexibility to set up these security appliances to align optimally with your business requirements. Progent's CCIE certified network consultants can help you to and support a cost-effective network infrastructure that includes Cisco ASA or PIX security appliances and that offers world-class protection, resilience, performance, and manageability. Progent's GISA and CISM-premier information security engineers can assist your business to create a security policy appropriate for your situation and can set up your security appliance to enforce your security policies. Progent's security assessment professionals can evaluate the effectiveness of your current firewall solution and audit the security of your whole IS network. Progentís Help Desk support team can provide emergency online troubleshooting for Cisco technology and can give you quick access to a Cisco CCIE network engineer.
To find out more information concerning Progent's engineering expertise for Cisco solutions, choose a topic:
To see more information about Progent's engineering assistance for Cisco solutions, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to get in touch with Progent about professional expertise for Cisco networking, call 1-800-993-9400 or go to Contact Progent.