Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewalls provide combined firewall, VPN, and intrusion prevention system capabilities in single-box devices, delivering a wide array of features to meet the security needs of companies from small businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewalls enable IT security staffs to defend their network edge and provide secure remote connectivity while using advanced administration tools based on Cisco's world-class firewall technology.
Cisco’s ASA 5500 and PIX 500 firewall appliances have arrived at end-of-life status but are still commonly deployed in small and mid-size organizations as well as in some enterprise networks. The ASA 5500-X Series Next-Generation Firewalls deliver substantially more value and have superseded the ASA 5500 and PIX 500 families of firewalls for new installations. Still, Cisco's older model firewall appliances, if carefully maintained, can offer a high degree of protection by supplying multiple features such as firewall, Virtual Private Network (VPN) connections, and IPS.
Since Cisco's acquisition of Sourcefire, the entire line of ASA 5500-X firewalls can be configured to enable Firepower Services, based on Sourcefire's Snort technology, which is the world's most deployed network intrusion protection system (IPS). Firepower services provide powerful new features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco-certified infrastructure engineers can assist you to support and debug legacy ASA 5500 and PIX firewalls and can also help you to plan and implement a smooth upgrade to Cisco’s ASA 5500-X firewalls with Firepower. Progent can also help you to design, integrate, tune, manage and debug new firewall ecosystems built on Cisco's latest ASA 5500-X firewalls with Firepower.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X security appliances features an enhanced replacement for every rack-mountable model in the previous ASA 5500 series of firewalls. Each ASA 5500-X model is suited for the same environment as the associated earlier models, which offers most plenty of room for selecting a solution that aligns with their security requirements and IT budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and are capable of running Cisco's powerful security services. All models in Cisco's ASA 5500-X product line provide consistent protection across any combination of physical, virtual, and cloud deployments.
For additional details about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's consulting for ASA security appliances, visit Cisco Firepower integration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls accept either software or physical modules that support Firepower Services, which provide layered defense against sophisticated threats. Cisco's Firepower Services are based on technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA security appliances include:
- Multi-layer defense against both familiar and zero-day attacks
- Advanced Malware Protection (AMP) that utilizes big data to discover and mitigate security breaches
- A Next-Generation Intrusion Prevention System that performs contextual analysis that covers clients, infrastructure, software applications, and content to discover threats that use simultaneous approaches
- High-resolution Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically launch both standard and custom IPS policies based on the degree of risk
Firepower Services for ASA 5500-X firewalls provide advanced multi-layered threat protection
Simpler deployments of ASA firewalls can be efficiently managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool which is provided with all ASA 5500-X models. ASDM includes a convenient web dashboard for configuring, administering, and troubleshooting ASA 5500-X firewalls and modules.
For more complex deployments, ASA 5500-X appliances with Firepower can be administered with Cisco's Firepower Management Center, available as one or more physical units or virtual appliances. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Firepower Management Center provides capabilities unavailable with Cisco's on-device Adaptive Security Device Manager utility. Additional features include expanded context awareness, Advanced Malware Protection (AMP) with remediation for client devices, a console that provides dynamic network visualization, automated policy optimization driven by impact evaluation of threats, advanced IPS, custom application discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting options, and APIs for host input and databases. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be handled via Cisco's ASA 5500-X on-box ASDM or the ASA CLI.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco ASA 5500 Series Firewalls build on engineering behind the Cisco PIX 500 Security Appliance, the IPS 4200 Intrusion Prevention System, and Cisco's VPN 3000 family concentrator. These technologies enable the Cisco ASA 5500 Series Firewall family to offer a platform that defends against the widest variety of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver application security, local containment, and clean Virtual Private Network connectivity across Cisco's product line. This broad scope of security enables the guarding of any network area, including the most common threat vectors such as remote locations, LAN-connected internal users, and remote access Virtual Private Networks.
The scalable architecture of the ASA 5500 Series allows you to add more security services by installing service modules and security service cards (SSCs). These easy-to-install enhancements provide the option of adding Intrusion Protection and content protection functions such as blocking virus, worms, and phishing assaults and executing data and URL filtering. Beside allowing your IT staff to respond quickly to the latest threat environments, the extensible design of the Cisco ASA 5500 Series also protects your hardware investment by increasing the life of your firewalls. The ASA 5500 Series also leverages your investment in administrative staff education by utilizing the familiar set of PIX 500 security management tools and protocols including the Cisco Adaptive Security Device Manager (ASDM) system, protected command-line interface (CLI) availability, syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances firewalls deliver a high-level of application security via intelligent, application-aware inspection engines that examine traffic at Layers 4-7. This produces a better protected network covering Web, voice, and mobile wireless connectivity. To defend against application-layer assaults and to offer better control over the applications and protocols used in their networks, these inspection engines integrate broad application and protocol knowledge and employ security enforcement technologies such as protocol anomaly sensing and state monitoring. Also included are assault detection and remediation techniques including application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, allowing businesses to police usage policies and preserve network bandwidth for critical business applications.
For more information about Progent's support services for ASA 5500 firewalls, see Cisco ASA 5500 firewalls integration and troubleshooting support.
PIX Firewall Appliances
Based upon a tested, purpose-built operating system that delivers rich protection services, PIX firewalls offer excellent protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security (IPsec) certification. PIX firewall appliances provide protection for a broad range of Voice over IP and additional multimedia standards including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), RTSP, and MGCP, enabling organizations to protect deployments of a broad array of contemporary and next-generation IP voice and mixed-media applications.
Cisco PIX security appliances feature a variety of setup, tracking, and troubleshooting features, giving businesses the versatility to use the methods that best match their needs. Administrative solutions include centralized, policy-based management utilities, integrated web-accessible management, and compatibility with remote-tracking protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a powerful Web-based management platform that greatly simplifies the installation, in-place configuration, and tracking of a specific Cisco PIX firewall without requiring any additional software beyond an ordinary Web browser and Java plug-in to be running on an administrator's computer.
Administrators can furthermore remotely set up, monitor, and analyze PIX firewalls via a command-line interface. Secure command-line interface (CLI) communication is possible using several methods such as Secure Shell Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. PIX firewall appliances also include robust automatic-update features, a set of advanced secure remote-administration services that ensure security configurations and software images/ are always up to date.
For additional details about Progent's support services for PIX security appliances, see Cisco PIX 500 firewalls configuration and troubleshooting services.
Progent's PIX to ASA Migration Consulting Support
Since Cisco has stopped selling the PIX 500 family of firewalls, many businesses are uncomfortable with depending on a critical infrastructure component that might stop being supported. Cisco ASA 5500 firewalls offer the advantage of being new products and also offer a number of functions and financial advantages in comparison to PIX firewalls. These benefits include significantly better performance, optional SSL VPN capability, and an expandable design that guards your investment by allowing you to add more security services whenever you need them. Progent's Cisco network engineers can help your company to determine the business case for moving from PIX 500 to ASA 5500 firewalls, create a migration process that permits a quick and seamless changeover, help you to configure new ASA 5500 Series appliances, and provide online, consulting, and technical support services.
Additional Ways Progent Can Help You with Cisco ASA and PIX Firewalls
Cisco Cisco ASA 5500 Series firewalls and PIX family security appliances provide an array of configuration, tracking, and analysis features that give you the ability to configure these firewalls to align optimally with your company's requirements. Progent's CCIE authorized network professionals can assist you to and support a cost-effective network infrastructure that includes Cisco ASA or PIX firewall technology and that offers world-class protection, resilience, performance, and manageability. Progent's CISA and CISSP-ISSP-certified IS security experts can help you to create a security strategy appropriate for your environment and can configure your PIX or ASA firewall to enforce your security policies. Progent's risk evaluation professionals can assess the strength of your current firewall solution and help determine the overall security of your whole IS environment. Progent’s Technical Response Center (TRC) can deliver urgent online technical support for Cisco products and can give you fast access to a Cisco CCIE expert.
To find out additional information concerning Progent's engineering support for Cisco technology, select a topic:
To learn more details about Progent's professional assistance for Cisco products, select a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to ask Progent about consulting help for Cisco networking, call 1-800-993-9400 or see Contact Progent.