Ciscoís ASA 5500-X, ASA 5500 Series, and PIX firewall appliances provide combined firewall, VPN, and intrusion prevention system (IPS) capabilities in single-box devices, delivering a broad array of features to meet the security requirements of organizations from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X Series, ASA 5500, and PIX 500 firewalls allow IT security teams to defend their network edge and offer safe remote access while utilizing powerful management mechanisms built on Cisco's world-class firewall products.

Ciscoís ASA 5500 Series and PIX firewalls have arrived at end-of-life (EOL) status but remain widely deployed in smaller organizations and in a few enterprise networks. The ASA 5500-X Next-Generation Firewalls represent significantly more bang for the buck and have superseded the ASA 5500 and PIX lines of firewalls for new deployments. However, Cisco's older model firewall appliances, if carefully maintained, continue to offer a high level of security by supplying multiple security functions including stateful firewall, Virtual Private Network (VPN) connections, and IPS.

After Cisco's purchase of Sourcefire, the whole family of ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort product, which is the market's most deployed network intrusion protection system (IPS). Firepower services provide enhanced features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.

Progent's Cisco-certified infrastructure consultants can help you to maintain and debug legacy ASA 5500 and PIX firewall appliances and can also help you to design and carry out an efficient migration to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also help you to design, deploy, tune, manage and troubleshoot new firewall ecosystems built on Cisco's current ASA 5500-X firewalls with Firepower Services.

Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X firewalls includes an enhanced substitute for every rack-mountable model in the previous ASA 5500 line of devices. Each ASA 5500-X firewall is suited for the identical environment as the associated previous models, which offers small and midsize businesses plenty of choice for selecting a solution that meets their security needs and IT budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and support Cisco's advanced protection services. All devices in Cisco's ASA 5500-X product line provide consistent protection across any combination of physical, virtual, and cloud deployments.

Cisco ASA 5500-X Firepower Consultants

For additional information about ASA 5500-X firewalls, Cisco Firepower services, and Progent's support for ASA firewalls, see Cisco Firepower integration and troubleshooting consulting

Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with either software or physical modules that support Cisco's Firepower Services, which provide layered protection against multi-vector threats. Cisco's Firepower Services are powered by technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA security appliances include:

  • Layered protection against both familiar and zero-day attacks
  • Advanced Malware Protection that utilizes big data techniques to discover and mitigate intrusions
  • A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that covers users, infrastructure, apps, and content to detect threats that incorporate simultaneous vectors
  • High-resolution Application Visibility and Control that is familiar with thousands of applications and can automatically activate both standard and customized IPS policies depending on the severity of threats
Cisco Firepower Integration Expertise

Firepower Services for ASA 5500-X firewalls offer advanced multi-layered protection

Simpler implementations of Cisco ASA firewalls can be effectively managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool provided with all ASA 5500-X versions. ASDM provides a convenient web console for deploying, managing, and troubleshooting ASA 5500-X appliances and modules.

For more complex deployments, ASA 5500-X firewalls with Firepower Services can be administered with Cisco's Firepower Management Center, implemented as one or more physical units or virtual appliances. Firepower Management Center offers centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to ongoing rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under several names including Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.

Firepower Management Center offers capabilities unavailable with Cisco's on-device ASDM tool. Additional capabilities include expanded context awareness, Cisco's Advanced Malware Protection with remediation for client devices, a dashboard that offers real-time infrastructure visualization, automated policy optimization based on risk assessment of attacks, comprehensive IPS, custom application discovery for Application Visibility and Control, customized health notifications, enhanced reporting options, and APIs for host input and databases. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be managed using Cisco's ASA 5500-X on-box ASDM or the ASA CLI.

Cisco ASA 5500 Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) Firewalls leverage engineering developed for the PIX 500 Series Security Appliance, the Cisco IPS 4200 Series Intrusion Prevention System, and the VPN 3000 family concentrator. These solutions enable the Cisco Adaptive Security Appliances (ASA) Firewall family to deliver a firewall that stops the broadest range of attacks. Cisco ASA 5500 Series Firewalls deliver application protection, local containment, and safe VPN connectivity across Cisco's product line. This breadth of security enables defense of any network segment, which includes the most common threat conduits like remote locations, LAN-attached inside users, and off-site access Virtual Private Networks.

ASA 5500 Consulting and Troubleshooting
The scalable design of the ASA 5500 family enables you to add services via service modules and security service cards. These easy-to-install options provide the ability to add IPS and content protection functions like blocking virus, spyware, and phishing attacks and performing file and web filtering. Beside allowing your IT staff to respond quickly to new risk vectors, the extensible architecture of the ASA 5500 Series also protects your capital investment by increasing the life of your firewalls. The ASA 5500 Series also leverages your investment in administrative team education by supporting the rich set of PIX security management utilities and protocols such as the Cisco ASDM platform, protected command-line interface availability, syslog, and Simple Network Management Protocol (SNMP).

Cisco Adaptive Security Appliances (ASA) firewalls provide robust application protection through smart, application-sensitive inspection processes that examine traffic at Layers 4-7. The result is a more secure environment including Web, voice, and mobile wireless access. To protect against application-layer assaults and to provide better control over the programs and protocols utilized in their networks, these inspection engines incorporate extensive application and protocol knowledgebases and employ protection enforcement technologies such as anomaly sensing and application and protocol state tracking. Also included are assault detection and remediation technology including application and protocol command filtering and URL deobfuscation. Cisco ASA 5500 Series firewall inspection engines also deliver control over instant messaging and peer-to-peer file sharing, allowing organizations to enforce usage policies and conserve network bandwidth for vital business applications.

For additional information about Progent's support services for Cisco's ASA 5500 security appliances, go to ASA 5500 series firewalls configuration and troubleshooting consulting.

PIX Firewalls
Built upon a hardened, specialized software platform that delivers rich security services, PIX firewall appliances provide excellent security and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security certification. Cisco PIX security appliances provide security for a broad array of Voice over IP and other multimedia standards including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol, helping businesses to protect installations of a broad range of contemporary and upcoming VoIP and mixed-media applications.

PIX Firewalls Consulting
PIX firewalls feature a variety of setup, tracking, and troubleshooting options, providing businesses the versatility to utilize the techniques that most closely meet their requirements. Management options include centralized, policy-based management utilities, integrated web-based management, and compatibility with remote-tracking protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a world-class Web-based management solution that significantly simplifies the installation, ongoing configuration, and monitoring of a specific PIX security appliance without the need of any extra utility beyond an ordinary Web browser and Java applet to be installed on an administrator's computer.

Administrators can also remotely configure, track, and troubleshoot PIX firewalls via a command-line interface. Safe command-line interface (CLI) communication is available through a number of methods including Secure Shell Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. PIX firewall appliances also have dependable auto-update features, a collection of revolutionary protected remote-administration options that ensure security settings and software images are kept up to date.

For more details about Progent's support services for Cisco PIX 500 security appliances, visit PIX 500 firewalls integration and troubleshooting support.

Progent's PIX to ASA Migration Consulting
Because Cisco has discontinued selling the PIX product line, many companies are uncomfortable with depending on a critical infrastructure component that may no longer be supported by Cisco. Cisco ASA 5500 firewalls offer the benefit of being current devices and also bring several functions and financial advantages in comparison to PIX 500 devices. These benefits include significantly better performance, optional Secure Sockets Layer VPN support, and a modular design that protects your investment by enabling you to self-install more security services when and if you require them. Progent's Cisco network engineers can help your company to assess the business value of for migrating from PIX to ASA 5500 firewalls, create a migration plan that allows for a fast and non-disruptive changeover, help your IT staff to install new ASA 5500 firewalls, and provide online, consulting, and troubleshooting services.

Additional Ways Progent Can Help You with Cisco ASA and PIX Security Appliances
Cisco ASA 5500 Series firewalls and PIX family security appliances provide an array of configuration, monitoring, and troubleshooting options that offer you the flexibility to configure these security appliances to align optimally with your company's requirements. Progent's CCIE certified network experts can show you how to design an efficient infrastructure that incorporates Cisco ASA or PIX security appliances and that offers advanced security, resilience, performance, and manageability. Progent's GISA and CISSP-ISSP-premier IS security professionals can assist you to create a security policy that makes sense for your situation and can set up your security appliance to enforce your security policies. Progent's risk assessment professionals can evaluate the effectiveness of your current firewall deployment and validate the overall security of your whole IS environment. Progentís Help Desk Call Center can provide emergency online technical support for Cisco technology and offer fast access to a Cisco CCIE network engineer.

To find out more details about Progent's consulting expertise for Cisco solutions, select a topic:

To find out additional information concerning Progent's professional assistance for Cisco technology, choose a subject:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

In order to get in touch with Progent about professional support for Cisco products, call 1-800-993-9400 or refer to Contact Progent.