Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances provide combined firewall, VPN, and intrusion prevention system (IPS) capabilities in compact single-box devices, delivering a broad range of features to meet the security and compliance needs of companies from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewalls allow network security staffs to defend their network perimeter and provide secure remote connectivity while using powerful administration tools built on Cisco's world-class firewall technology.
Cisco’s ASA 5500 Series and PIX firewall appliances have reached end-of-life but are still widely deployed in small and mid-size businesses and in some larger data centers. The ASA 5500-X Next-Generation Firewalls represent significantly more value and have superseded Cisco's ASA 5500 and PIX families of firewalls for new installations. Still, Cisco's legacy firewall appliances, if properly managed, continue to offer a high level of security by supplying multiple services including firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's acquisition of Sourcefire, the whole line of ASA 5500-X firewalls can be provisioned to support Firepower Services, built on Sourcefire's Snort technology, which is the market's most deployed intrusion protection system. Firepower services provide powerful new features including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco-certified network engineers can help your organization to maintain and debug older ASA 5500 Series and PIX 500 firewalls and can also assist you to design and carry out a smooth migration to Cisco’s ASA 5500-X firewalls with Firepower. Progent can also help you to design, configure, tune, administer and debug new firewall solutions built on Cisco's latest ASA 5500-X models with Firepower.
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive line of ASA 5500-X security appliances includes an enhanced substitute for every rack-mountable model in the older ASA 5500 series of devices. Each ASA 5500-X model is suited for the same environment as the associated previous models, which offers most plenty of choice for picking a firewall that aligns with their security needs and budgets. All ASA 5500-X firewalls are based on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and support Cisco's advanced security services. All models in Cisco's ASA 5500-X product line provide consistent security across any combination of physical, virtual, and cloud environments.
For more information about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA 5500-X firewalls, go to Cisco Firepower configuration and troubleshooting consulting
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances accept either software or physical modules that enable Firepower Services, which offer layered defense against multi-vector attacks. Firepower Services are based on innovative technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA 5500-X security appliances include:
- Layered protection against familiar and new attacks
- Cisco's Advanced Malware Protection that uses big data to discover and mitigate security breaches
- A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at clients, network infrastructure, software applications, and content to detect attacks that incorporate simultaneous vectors
- High-resolution Application Visibility and Control (AVC that is aware of thousands of applications and can automatically launch both standard and custom IPS policies based on the severity of risk
Firepower Services for Cisco ASA firewalls provide advanced multi-layered security
Smaller implementations of ASA 5500-X firewalls can be efficiently managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool provided with all ASA 5500-X versions. ASDM provides an easy-to-use web dashboard for configuring, administering, and troubleshooting ASA 5500-X appliances and modules.
For multi-device and multi-site environments, ASA 5500-X appliances with Firepower Services can be administered with Cisco's Firepower Management Center, available as one or more physical units or virtual devices. Firepower Management Center offers centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names including Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Cisco's Firepower Management Center offers features beyond those available with Cisco's on-device Adaptive Security Device Manager utility. Extra features include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for client devices, a dashboard that offers dynamic network infrastructure visualization, automated policy optimization based on risk evaluation of threats, comprehensive IPS, custom app discovery for Application Visibility and Control (AVC), customized health notifications, enhanced reporting features, and application interfaces for host input and databases. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be managed via the on-box ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances Firewalls build on engineering behind the Cisco PIX 500 Series firewall, the Cisco IPS 4200 family sensor, and the Cisco VPN 3000 model concentrator. These technologies enable the Cisco ASA Firewall product line to deliver a firewall that defends against the widest variety of threats. Cisco ASA 5500 Series Firewalls provide program protection, network containment, and safe Virtual Private Network functionality throughout Cisco's product portfolio. This breadth of protection allows the guarding of any network section, which includes the most common attack vectors such as remote sites, locally-connected internal users, and off-site connected VPNs.
The scalable architecture of the Cisco ASA 5500 Series permits you to add more security services via service modules and security service cards (SSCs). These easy-to-install options provide the ability to add IPS and content protection functions like blocking virus, worms, and phishing assaults and performing file and URL filtering. In addition to allowing your IT staff to react quickly to new risk environments, the extensible architecture of the ASA 5500 Series also protects your capital investment by increasing the life of your security appliances. The ASA 5500 Series also protects your investment in administrative team training by utilizing the familiar set of PIX 500 management tools and protocols including the Cisco ASDM system, protected command-line interface (CLI) access, verbose syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances (ASA) firewalls deliver robust application protection through smart, application-sensitive inspection processes that examine traffic at Layers 4-7. The result is a better protected network covering Web, voice, and mobile wireless access. To defend against application-layer assaults and to provide stronger policing of the programs and protocols used in their networks, these inspection engines integrate extensive application and protocol knowledge and rely on security enforcement technologies such as anomaly detection and state tracking. Also included are attack sensing and remediation techniques including application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver control over IM and peer-to-peer file sharing, enabling organizations to enforce usage policies and conserve network bandwidth for important business applications.
For additional details about Progent's support services for ASA 5500 firewalls, visit Cisco ASA 5500 series firewalls integration and debugging services.
Cisco PIX Security Appliance Series
Built upon a tested, specialized software platform that offers a wealth of protection services, Cisco PIX security appliances provide excellent security and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security qualification. PIX firewall appliances offer security for a wide array of Voice over IP and additional multimedia conventions including H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping businesses to safeguard installations of a broad array of contemporary and next-generation Voice over IP and mixed-media applications.
Cisco PIX firewall appliances offer a variety of configuration, tracking, and troubleshooting options, giving IT managers the versatility to utilize the methods that most closely match their requirements. Administrative options include common, policy-based administration utilities, integrated web-based administration, and support for remote-monitoring protocols such as SNMP and syslog. The integrated ASDM interface offers a powerful Web-based management solution that greatly streamlines the installation, in-place configuration, and tracking of a single PIX firewall appliance without requiring any additional software other than a standard browser and Java applet to be running on a manager's computer.
IT managers can also remotely configure, monitor, and analyze PIX firewalls via a command-line interface. Safe command-line interface (CLI) access is possible through a number of methods such as Secure Shell (SSHv2) Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. PIX firewalls also have robust automatic-update features, a set of revolutionary protected remote-administration services that ensure security settings and software images/ are kept up to date.
For more details about Progent's consulting services for PIX firewalls, see Cisco PIX firewalls integration and debugging services.
Progent's PIX to ASA Migration Consulting
Because Cisco has ceased selling the PIX 500 product line, many businesses are concerned about relying on a critical infrastructure component that might no longer be supported. ASA 5500 security appliances offer the advantage of being new devices and also bring a number of functions and budgetary benefits in comparison to PIX firewalls. These benefits include significantly higher throughput, optional SSL tunneling support, and a modular design that guards your investment by enabling you to self-install new security services whenever you need them. Progent's Cisco certified experts can assist you to assess the strategic value of for moving from PIX to Cisco ASA 5500 firewalls, design a migration process that permits a quick and non-disruptive upgrade, assist you to configure new ASA 5500 firewalls, and offer online, consulting, and technical support services.
Other Ways Progent Can Help Your Business with Cisco ASA and PIX Security Appliances
Cisco Cisco ASA 5500 Series adaptive security appliances and PIX family firewalls provide an array of setup, monitoring, and analysis features which offer you the flexibility to configure these firewalls to align optimally with your business requirements. Progent's CCIE certified network professionals can help you to install an efficient infrastructure that includes Cisco ASA and/or PIX firewalls and that provides advanced security, resilience, throughput, and manageability. Progent's GISA and CISM-qualified IS security engineers can help your business to develop a security strategy appropriate for your environment and can set up your firewall to enforce your security policies. Progent's risk assessment experts can evaluate the strength of your current firewall deployment and validate the overall security of your whole IT network. Progent’s Help Desk support team can deliver urgent online troubleshooting for Cisco technology and offer quick access to a Cisco CCIE expert.
To learn additional details concerning Progent's professional help for Cisco solutions, choose a topic:
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
For additional information concerning Progent's professional assistance for Cisco technology, pick a subject:
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.