Cisco’s ASA 5500-X, ASA 5500, and PIX firewalls provide combined firewall, IPsec VPN, and IPS capabilities in single-box packages, delivering a wide range of features to match the security requirements of companies from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewalls enable IT security teams to defend their network perimeter and provide safe offsite and mobile connectivity while utilizing powerful administration mechanisms built on Cisco's world-class firewall products.
Cisco’s ASA 5500 Series and PIX firewall appliances have arrived at end-of-life (EOL) status but are still commonly used in small and mid-size businesses as well as in some enterprise data centers. The ASA 5500-X Series Next-Generation Firewalls deliver significantly more bang for the buck and have supplanted Cisco's ASA 5500 and PIX 500 lines of firewalls for new deployments. Still, Cisco's older model firewalls, if properly maintained, continue to offer a high degree of security by supplying multiple security functions such as stateful firewall, VPN, and IPS.
Since Cisco's acquisition of Sourcefire, the whole line of ASA 5500-X devices can be configured to enable Firepower Services, based on Sourcefire's Snort technology, which is the world's most popular network intrusion protection system. Firepower services provide enhanced features including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco CCIE-qualified network engineers can help your organization to support and debug older ASA 5500 and PIX 500 firewalls and can also help you to plan and implement an efficient upgrade to Cisco’s ASA 5500-X firewalls with Firepower. Progent can also assist you to design, integrate, optimize, administer and troubleshoot new firewall solutions based on Cisco's latest ASA 5500-X models with Firepower Services.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X firewalls includes an improved substitute for each rack-mountable model in the older ASA 5500 series of firewalls. Each ASA 5500-X model targets the identical environment as the associated previous models, which offers most ample room for selecting a solution that meets their security needs and budgets. All ASA 5500-X firewalls are based on Cisco's tested stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and are capable of running Cisco's advanced protection services. All models in Cisco's ASA 5500-X product line deliver dependable protection across any combination of physical, virtual, and cloud deployments.
For additional information about ASA 5500-X firewalls, Firepower services, and Progent's support for ASA security appliances, see Firepower integration and debugging consulting
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with either software or physical modules that support Firepower Services, which provide layered defense against sophisticated threats. Cisco's Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA 5500-X security appliances include:
- Layered defense against familiar and zero-day attacks
- Cisco's Advanced Malware Protection that utilizes big data to find and mitigate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at users, network infrastructure, software applications, and content to discover attacks that use multiple vectors
- Fine-grained Application Visibility and Control (AVC that is familiar with thousands of apps and can automatically activate standard and custom IPS policies based on the degree of threats
Firepower Services for ASA 5500-X firewalls offer advanced multi-layered security
Simpler implementations of Cisco ASA firewalls can be efficiently administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility included with all ASA 5500-X versions. ASDM includes a simple web console for configuring, administering, and debugging ASA 5500-X devices and modules.
For more complex deployments, ASA 5500-X firewalls with Firepower Services can be administered using Firepower Management Center, implemented as one or several physical units or virtual devices. Firepower Management Center provides centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection. Because of ongoing rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under various names including Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Cisco's Firepower Management Center provides features beyond those available with Cisco's on-box Adaptive Security Device Manager tool. Extra features include greater context awareness, Advanced Malware Protection (AMP) with mitigation for user devices, a dashboard that offers real-time network visualization, automated policy tuning based on impact assessment of attacks, comprehensive IPS, custom application discovery for Application Visibility and Control (AVC), customized health notifications, improved reporting features, and application interfaces for host input and databases. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be handled via the on-device ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Series Firewalls
Cisco ASA Firewalls build on technology behind Cisco's PIX 500 Security Appliance, the IPS 4200 family sensor, and Cisco's VPN 3000 Series concentrator. These technologies enable the Cisco ASA 5500 Series Firewall family to offer a firewall that defends against the widest variety of attacks. Cisco ASA Firewalls deliver application security, local containment and control, and safe VPN functionality throughout the entire product line. This broad scope of protection allows defense of any network section, including the most typical threat vectors like remote sites, locally-attached inside users, and off-site access Virtual Private Networks.
The expandable design of the Cisco ASA 5500 family allows you to add services via service modules and cards. These easy-to-install options provide the option of adding IPS and content protection services like filtering virus, worms, and phishing attacks and executing data and web filtering. In addition to allowing your IT staff to respond rapidly to new risk vectors, the extensible design of the ASA 5500 Series also leverages your capital investment by prolonging the useful life of your firewalls. The Cisco ASA 5500 Series also leverages your investment in administrative staff education by utilizing the rich library of PIX security management utilities and protocols including the Cisco ASDM system, protected command-line interface (CLI) availability, verbose syslog, and SNMP.
Cisco ASA firewalls deliver robust application security via intelligent, application-aware inspection engines that examine traffic at Layers 4-7. The result is a safer environment including Web, voice, and 3G-mobile wireless connectivity. To defend networks against application-layer assaults and to provide stronger control over the applications and protocols used in their networks, Cisco's inspection engines integrate broad application and protocol knowledgebases and employ protection enforcement solutions that include protocol anomaly sensing and application and protocol state tracking. Also included are assault sensing and remediation technology including application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver management of instant messaging and peer-to-peer file sharing, allowing businesses to enforce usage policies and free up network bandwidth for vital business processes.
For additional information about Progent's support services for Cisco's ASA 5500 firewalls, see ASA 5500 firewalls configuration and debugging support.
PIX Firewall Appliances
Based around a hardened, specialized operating system that delivers rich protection services, PIX security appliances provide excellent protection and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IPsec qualification. PIX firewalls offer protection for a broad range of VoIP and other mixed-media standards including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, RTSP, and MGCP, enabling businesses to protect deployments of a wide range of contemporary and upcoming VoIP and mixed-media applications.
PIX security appliances offer a wealth of setup, tracking, and troubleshooting options, giving businesses the versatility to utilize the techniques that most closely meet their requirements. Management solutions include centralized, policy-based administration utilities, integrated web-accessible administration, and compatibility with remote-monitoring standards like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a powerful Web-based control platform that significantly streamlines the installation, ongoing modification, and tracking of a single Cisco PIX firewall appliance without the need of any additional utility beyond a standard Web browser and Java plug-in to be installed on an administrator's computer.
Administrators can also remotely set up, monitor, and analyze PIX firewalls using a command-line interface. Secure command-line interface access is possible through several techniques such as SSHv2 Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewall appliances also include robust automatic-update capabilities, a collection of advanced secure remote-management services that make sure that firewall configurations and software images/ are always current.
For additional information about Progent's support services for PIX security appliances, see PIX 500 firewalls configuration and debugging support.
Progent's PIX to ASA Migration Consulting
Since Cisco has discontinued selling the PIX 500 family of firewalls, many companies are concerned about relying on a key security component that might stop being supported. ASA 5500 security appliances offer the benefit of being current devices and also bring several functions and economic advantages in comparison to PIX firewalls. These advantages include significantly higher performance, optional SSL VPN support, and a modular design that protects your investment by allowing you to add more security features when and if you require them. Progent's Cisco experts can assist your company to assess the strategic value of for upgrading from PIX to ASA 5500 security appliances, create a migration process that permits a fast and seamless upgrade, assist you to deploy new ASA 5500 appliances, and provide online, consulting, and technical support services.
Additional Ways Progent Can Assist Your Business with Cisco ASA and PIX Security Appliances
Cisco's ASA 5500 Series adaptive security appliances and PIX security appliances incorporate a wealth of configuration, tracking, and troubleshooting options that give you the ability to deploy these firewalls to align optimally with your company's needs. Progent's CCIE authorized network consultants can show you how to design an efficient infrastructure that includes Cisco ASA or PIX security appliances and that offers world-class protection, fault tolerance, performance, and manageability. Progent's CISA and CISM-qualified information security professionals can help your business to develop a security policy that makes sense for your business and can configure your security appliance to enforce your security policies. Progent's risk assessment experts can evaluate the effectiveness of your current firewall deployment and validate the security of your whole information system environment. Progent’s Help Desk support team can provide emergency online technical support for Cisco products and offer quick access to a Cisco CCIE network engineer.
To see more information about Progent's professional help for Cisco technology, select a topic:
For more details concerning Progent's engineering expertise for Cisco networking products, choose a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To get in touch with Progent about consulting assistance for Cisco products, phone 1-800-993-9400 or see Contact Progent.