Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewalls provide combined firewall, IPsec VPN, and intrusion prevention system capabilities in compact single-box packages, delivering a wide range of features to meet the security needs of companies from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500, and PIX 500 firewall appliances enable IT security teams to defend their network perimeter and provide secure offsite and mobile access while using powerful administration mechanisms based on Cisco's world-class firewall technology.
Cisco’s ASA 5500 and PIX 500 firewall appliances have arrived at end-of-life but are still commonly deployed in small and mid-size organizations and in some larger data centers. Cisco’s ASA 5500-X Series Next-Generation Firewalls represent substantially more bang for the buck and have supplanted Cisco's ASA 5500 and PIX families of firewalls for new installations. Still, Cisco's older model firewalls, if properly managed, continue to deliver a high level of protection by supplying a variety of security functions such as stateful firewall, VPN tunneling, and IPS.
Following Cisco's purchase of Sourcefire, the whole family of Cisco ASA 5500-X firewalls can be configured to enable Firepower Services, based on Sourcefire's Snort product, which is the market's most popular network intrusion protection system. Firepower services provide enhanced capabilities such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco CCIE-certified infrastructure consultants can help your organization to support and debug older ASA 5500 and PIX firewall appliances and can also help you to plan and implement a smooth upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also assist you to plan, configure, optimize, administer and debug new firewall ecosystems built on Cisco's current ASA 5500-X models with Firepower Services.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive family of ASA 5500-X firewalls features an enhanced replacement for every rack-mountable unit in the previous ASA 5500 series of firewalls. Each ASA 5500-X model is suited for the identical environment as the associated previous models, which gives small and midsize businesses plenty of room for picking a firewall that meets their security requirements and budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore processors and support Cisco's powerful security services. All devices in Cisco's ASA 5500-X family provide dependable security across any combination of physical, virtual, and cloud deployments.
For more information about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's consulting for ASA 5500-X security appliances, visit Firepower configuration and debugging expertise
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls accept software or physical modules that support Firepower Services, which offer layered protection against advanced attacks. Cisco's Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA security appliances include:
- Multi-layer defense against familiar and zero-day threats
- Cisco's Advanced Malware Protection that uses big data to discover and mitigate intrusions
- A Next-Generation Intrusion Prevention System that performs contextual analysis that covers users, infrastructure, apps, and content to discover threats that use multiple vectors
- Fine-grained Application Visibility and Control that is familiar with thousands of apps and can automatically launch standard and custom IPS policies based on the degree of threats
Firepower Services for Cisco ASA firewalls provide multi-layered protection
Simpler deployments of ASA 5500-X firewalls can be effectively administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool provided with all ASA 5500-X models. ASDM provides a convenient web dashboard for deploying, administering, and troubleshooting ASA 5500-X appliances and modules.
For multi-device and multi-site environments, ASA 5500-X appliances with Firepower Services can be administered using Cisco's Firepower Management Center, available as one or more physical units or virtual appliances. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Due to frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names including Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Cisco's Firepower Management Center provides features beyond those available with Cisco's on-box ASDM tool. Additional capabilities include greater context awareness, Cisco's Advanced Malware Protection with remediation for user devices, a dashboard that offers dynamic network infrastructure visualization, automated policy optimization based on impact assessment of threats, comprehensive IPS, custom app detectors for Application Visibility and Control, customized health notifications, enhanced reporting features, and APIs for host input and databases. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be handled using the on-device ASDM or the ASA command line interface.
Cisco ASA 5500 Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on engineering developed for the Cisco PIX 500 family Security Appliance, the Cisco IPS 4200 family sensor, and the VPN 3000 Series concentrator. These solutions converge on the Cisco Adaptive Security Appliances Firewall family to offer a firewall that stops the broadest range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver application security, network containment, and safe VPN functionality across the entire product line. This broad scope of protection enables defense of any network section, including the most typical threat conduits like remote locations, LAN-attached inside users, and off-site connected VPNs.
The scalable architecture of the Cisco ASA 5500 family permits you to add more security services by installing security service modules and security service cards. These easy-to-install options give you the ability to add IPS and content protection services such as blocking virus, spyware, and phishing assaults and performing file and web filtering. Beside enabling you to respond rapidly to new threat environments, the expandable design of the ASA 5500 Series also protects your capital investment by prolonging the life of your security appliances. The ASA 5500 family also leverages your investment in administrative team education by supporting the familiar set of PIX 500 management tools and protocols such as the Cisco Adaptive Security Device Manager system, protected command-line interface (CLI) availability, verbose syslog, and SNMP.
Cisco Adaptive Security Appliances 5500 Series firewalls deliver a high-level of application protection via smart, application-aware inspection processes that examine network flows at Layers 4-7. This produces a safer environment covering Web, voice, and mobile wireless services. To defend against application-layer assaults and to offer better policing of the applications and protocols utilized in their networks, these inspection engines incorporate extensive application and protocol knowledge and rely on protection enforcement solutions that include protocol anomaly sensing and state tracking. Also included are attack detection and remediation techniques including application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver management of IM and tunneling applications, allowing organizations to enforce usage policies and free up network bandwidth for vital business applications.
For additional details about Progent's consulting services for Cisco's ASA 5500 security appliances, visit ASA 5500 series firewalls configuration and troubleshooting consulting.
Based upon a tested, purpose-built software platform that offers rich security services, Cisco PIX firewalls offer excellent security and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IPsec certification. Cisco PIX firewalls offer protection for a wide array of Voice over IP and additional multimedia standards including H.323 v. 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), enabling businesses to safeguard installations of a broad array of contemporary and next-generation IP voice and multimedia applications.
Cisco PIX firewalls offer a variety of setup, monitoring, and analysis options, giving businesses the flexibility to utilize the methods that best match their needs. Administrative solutions include centralized, policy-based management tools, integrated web-accessible administration, and compatibility with remote-monitoring standards such as Simple Network Management Protocol and syslog. The integrated ASDM system offers a world-class Web-based management platform that significantly simplifies the deployment, in-place modification, and tracking of a single PIX security appliance without requiring any extra utility beyond a standard browser and Java plug-in to be running on an administrator's PC.
Administrators can also remotely configure, monitor, and analyze PIX firewalls via a CLI interface. Secure CLI interface access is available through several techniques such as Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. PIX security appliances also include dependable auto-update capabilities, a collection of revolutionary secure remote-management services that make sure that firewall settings and software images/ are kept current.
For more information about Progent's support services for Cisco PIX 500 firewalls, go to Cisco PIX 500 firewalls integration and debugging services.
Progent's PIX to ASA Migration Consulting Services
Since Cisco has ceased selling the PIX 500 family of firewalls, many businesses are concerned about depending on a critical infrastructure component that might stop being supported. ASA 5500 firewalls have the advantage of being current devices and also offer several technical and budgetary benefits in comparison to PIX firewalls. These advantages include significantly higher performance, optional Secure Sockets Layer VPN support, and an expandable architecture that protects your investment by enabling you to add more security features whenever you need them. Progent's Cisco network engineers can assist your company to assess the business value of for moving from PIX to ASA 5500 security appliances, create a migration process that allows for a quick and non-disruptive changeover, assist you to set up new ASA 5500 Series appliances, and provide remote training, consulting, and technical support services.
Additional Ways Progent Can Assist Your Business with Cisco ASA and PIX Firewalls
Cisco ASA Series adaptive security appliances and PIX security appliances provide an array of setup, monitoring, and analysis options that offer you the ability to set up these firewalls to align optimally with your business requirements. Progent's CCIE certified network consultants can show you how to install an efficient network infrastructure that includes Cisco ASA or PIX firewall technology and that offers world-class security, fault tolerance, throughput, and recoverability. Progent's CISA and CISSP-ISSP-qualified IS security experts can help your business to develop a security strategy appropriate for your situation and can set up your firewall to support your security strategy. Progent's security evaluation professionals can evaluate the strength of your existing firewall solution and audit the overall security of your entire information system environment. Progent’s Technical Response Center can provide emergency online technical support for Cisco products and can give you fast access to a Cisco CCIE expert.
To see additional information concerning Progent's professional expertise for Cisco products, pick a subject:
For more details about Progent's professional assistance for Cisco technology, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to get in touch with Progent about engineering expertise for Cisco technology, call 1-800-993-9400 or refer to Contact Progent.