Cisco’s ASA 5500-X, ASA 5500, and PIX 500 firewalls provide integrated firewall, VPN, and intrusion prevention system services in single-box devices, delivering a broad range of features to match the security and compliance requirements of companies from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500, and PIX firewall appliances allow network security teams to defend their network edge and offer secure remote access while utilizing powerful management mechanisms built on Cisco's industry-leading firewall products.
Cisco’s ASA 5500 Series and PIX firewalls have reached end-of-life status but remain widely deployed in smaller organizations and in some larger data centers. The ASA 5500-X Next-Generation Firewalls deliver significantly more value and have superseded the ASA 5500 and PIX lines of firewalls for new installations. Still, Cisco's older model firewalls, if properly maintained, can offer a high degree of security by providing a variety of features such as firewall, IPsec VPN, and IPS.
Following Cisco's acquisition of Sourcefire, the whole line of Cisco ASA 5500-X devices can be provisioned to enable Firepower Services, based on Sourcefire's Snort technology, which is the world's most deployed intrusion protection system. Firepower services provide powerful new features including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco-certified network engineers can assist your organization to support and troubleshoot older ASA 5500 and PIX 500 firewalls and can also help you to design and carry out an efficient migration to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also assist you to design, deploy, tune, administer and debug new firewall ecosystems built on Cisco's latest ASA 5500-X models with Firepower Services.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X security appliances includes an enhanced substitute for every rack-mountable unit in the previous ASA 5500 series of devices. Each ASA 5500-X firewall targets the same environment as the corresponding previous models, which gives small and midsize businesses ample choice for selecting a solution that aligns with their security needs and budgets. All ASA 5500-X products build on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and support Cisco's powerful security services. All devices in Cisco's ASA 5500-X family provide consistent security across any mix of physical, virtual, and cloud environments.
For additional information about ASA 5500-X firewalls, Cisco Firepower services, and Progent's support for Cisco ASA security appliances, see Firepower configuration and troubleshooting expertise
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances accept either software or hardware modules that support Firepower Services, which offer layered defense against sophisticated threats. Cisco's Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA security appliances include:
- Multi-layer defense against both familiar and new threats
- Cisco's Advanced Malware Protection that utilizes big data to discover and mitigate security breaches
- Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that looks at clients, infrastructure, apps, and content to detect threats that incorporate multiple approaches
- Fine-grained Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically activate both standard and customized IPS policies depending on the severity of risk
Firepower Services for ASA firewalls offer multi-layered threat protection
Simpler deployments of ASA 5500-X firewalls can be effectively managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility provided with all ASA 5500-X versions. ASDM provides a convenient web dashboard for deploying, managing, and troubleshooting ASA 5500-X devices and modules.
For more complex deployments, ASA 5500-X appliances with Firepower can be administered with Firepower Management Center, implemented as one or more physical or virtual devices. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under several names that include Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Firepower Management Center provides features unavailable with Cisco's on-box Adaptive Security Device Manager utility. Additional features include expanded context awareness, Cisco's Advanced Malware Protection with mitigation for user devices, a dashboard that provides dynamic infrastructure visualization, automated policy tuning driven by risk assessment of attacks, advanced IPS, custom app detectors for Application Visibility and Control (AVC), customized health alerts, enhanced reporting options, and application interfaces for host input and databases. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be managed using either the on-box ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances Firewalls build on engineering developed for Cisco's PIX 500 Series Security Appliance, the Cisco IPS 4200 Series sensor, and the Cisco VPN 3000 Series concentrator. These solutions converge on the Cisco ASA 5500 Series Firewall family to deliver a firewall that stops the widest variety of attacks. Cisco Adaptive Security Appliances Firewalls deliver program security, local containment and control, and safe VPN connectivity throughout Cisco's product line. This breadth of security enables defense of any network area, which includes the most common attack conduits such as remote locations, locally-attached internal users, and off-site access Virtual Private Networks.
The scalable architecture of the Cisco ASA 5500 family permits you to add more security services via security service modules and security service cards. These easy-to-install enhancements give you the ability to add IPS and content protection functions such as filtering virus, worms, and phishing assaults and executing file and web filtering. Beside allowing you to react quickly to new threat vectors, the extensible architecture of the Cisco ASA 5500 family also protects your hardware investment by prolonging the life of your firewalls. The Cisco ASA 5500 Series also leverages your investment in administrative staff training by supporting the rich set of PIX security management utilities and protocols such as the Cisco Adaptive Security Device Manager platform, protected command-line interface availability, syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances (ASA) firewalls deliver a high-level of application security via smart, application-aware inspection processes that examine network flows at Layers 4-7. This results in a safer environment covering Web, voice, and mobile wireless services. To defend against application-layer attacks and to offer stronger policing of the applications and protocols used in their networks, Cisco's inspection engines incorporate extensive application and protocol knowledge and employ protection enforcement technologies such as protocol anomaly detection and application and protocol state tracking. Also included are attack sensing and remediation techniques including application/protocol command filters and content verification. Cisco Adaptive Security Appliances firewall inspection engines also deliver management of IM and peer-to-peer file sharing, enabling organizations to police usage policies and recover bandwidth for vital business processes.
For additional details about Progent's support services for Cisco's ASA 5500 firewalls, visit ASA 5500 series firewalls configuration and troubleshooting services.
Cisco PIX Firewalls
Built around a tested, purpose-built operating system that delivers a wealth of protection features, PIX firewall appliances offer a high level of protection and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. Cisco PIX firewall appliances provide protection for a wide range of VoIP and additional multimedia standards such as H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol, enabling businesses to protect deployments of a wide array of contemporary and upcoming IP voice and video applications.
PIX firewall appliances offer a variety of configuration, monitoring, and analysis features, providing businesses the flexibility to use the techniques that best match their needs. Management solutions include common, policy-based administration tools, integrated web-accessible administration, and support for remote-tracking protocols like SNMP and syslog. The integrated Adaptive Security Device Manager system offers a powerful Web-accessible control platform that greatly simplifies the deployment, in-place modification, and tracking of a single PIX firewall appliance without the need of any extra software other than an ordinary browser and Java applet to be running on a manager's PC.
Administrators can also remotely set up, monitor, and analyze PIX firewalls via a CLI interface. Safe command-line interface (CLI) communication is possible through a number of methods such as Secure Shell Protocol, Telnet over IP Security, and out-of-band through a console port. Cisco PIX firewall appliances also include robust automatic-update capabilities, a set of advanced secure remote-administration options that make sure that security settings and software images/ are kept up to date.
For more information about Progent's support services for PIX 500 security appliances, visit PIX 500 firewalls configuration and debugging services.
Progent's PIX to ASA Migration Consulting Services
Because Cisco has stopped offering the PIX 500 product line, many companies are uncomfortable with relying on a critical infrastructure component that may no longer be supported. ASA 5500 firewalls have the advantage of being current devices and also bring a number of technical and budgetary benefits in comparison to PIX 500 devices. These advantages include significantly better performance, optional Secure Sockets Layer tunneling support, and an expandable design that protects your investment by enabling you to self-install more security services whenever you require them. Progent's Cisco certified network engineers can assist your company to assess the business case for moving from PIX to ASA 5500 firewalls, design a migration plan that permits a quick and seamless changeover, help your IT staff to install new ASA 5500 Series appliances, and provide online, consulting, and technical support services.
Additional Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco's Cisco ASA Series firewalls and PIX security appliances provide an array of configuration, monitoring, and analysis options that offer you the ability to configure these firewalls to align optimally with your company's requirements. Progent's CCIE authorized network consultants can show you how to and support an efficient infrastructure that includes Cisco ASA or PIX security appliances and that offers advanced security, resilience, throughput, and manageability. Progent's GISA and CISSP-ISSP-certified IS security consultants can help you to develop a security strategy that makes sense for your situation and can configure your security appliance to support your security strategy. Progent's security assessment engineers can evaluate the strength of your current firewall deployment and validate the security of your entire information system network. Progent’s Help Desk support team can deliver urgent online troubleshooting for Cisco products and offer quick access to a Cisco CCIE network engineer.
To find out more details concerning Progent's professional help for Cisco products, choose a topic:
To find out additional details concerning Progent's engineering assistance for Cisco solutions, select a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to contact Progent about consulting support for Cisco products, phone 1-800-993-9400 or see Contact Progent.