Cisco is a perennial leader in developing cutting-edge firewall appliances for the broadest possible variety of deployments. Cisco's Firepower NGFWs Firewalls represent an advanced firewall platform that combines sophisticated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to anticipate, discover, and respond to cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can assist you to plan and carry out an efficient migration to Cisco Firepower firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you enhance Firepower firewalls with Cisco's cloud-based services to create and centrally control network environments that include branch offices, data centers, private clouds and public clouds. Progent's firewall consultants can also help you to maintain and troubleshoot older-generation Cisco firewalls. Progent's certified cybersecurity experts can assist you with policy creation driven by leading best practices in order to build a consistent and effective cybersecurity posture across all your devices anywhere.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls deliver a significant performance boost compared to Cisco's previous-generation ASA 5500-X firewalls and include unified management of modern security features like application visibility, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection (AMP), distributed denial of service (DDoS) mitigation, and sandboxing. For details about Cisco's Firepower line of Next Generation Firewalls (NGFWs), visit Firepower Series firewalls integration services.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls provide integrated firewall, IPsec VPN, and intrusion prevention system capabilities in single-box packages, delivering a broad array of features to meet the security requirements of companies ranging from small and mid-size businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X Series, ASA 5500, and PIX 500 firewalls enable IT security staffs to defend their network perimeter and offer safe offsite and mobile access while utilizing powerful management mechanisms built on Cisco's industry-leading firewall technology.
Cisco’s ASA 5500 and PIX 500 firewalls have arrived at end-of-life status but are still widely deployed in small and mid-size businesses and in some enterprise data centers. Cisco’s ASA 5500-X Series Next-Generation Firewalls represent significantly more bang for the buck and have superseded Cisco's ASA 5500 and PIX 500 lines of firewalls for new deployments. Still, Cisco's legacy firewalls, if properly maintained, can deliver a high level of protection by providing multiple security functions including stateful firewall, VPN, and IPS.
Following Cisco's acquisition of Sourcefire, the entire family of ASA 5500-X devices can be configured to enable Firepower Services, built on Sourcefire's Snort product, which is the world's most deployed intrusion protection system (IPS). Firepower services bring powerful new capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco-premier infrastructure engineers can help your organization to support and troubleshoot legacy ASA 5500 and PIX 500 firewalls and can also help you to design and implement an efficient upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also help you to plan, configure, optimize, administer and troubleshoot new firewall solutions built on Cisco's current ASA 5500-X firewalls with Firepower. Progent's firewall consultants can also assist you to upgrade from your Cisco ASA 5500-X Series deployment to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive family of ASA 5500-X firewalls features an enhanced replacement for every rack-mountable model in the older ASA 5500 line of firewalls. Each ASA 5500-X model is suited for the identical market as the associated earlier models, which offers small and midsize businesses plenty of choice for selecting a firewall that aligns with their security requirements and IT budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and are capable of running Cisco's advanced security services. All devices in Cisco's ASA 5500-X family deliver consistent protection across any mix of physical, virtual, and cloud deployments.
For additional information about ASA 5500-X security appliances, Firepower services, and Progent's support for Cisco ASA 5500-X firewalls, see Cisco Firepower integration and debugging consulting
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with software or physical modules that enable Firepower Services, which offer layered protection against sophisticated attacks. Cisco's Firepower Services are powered by innovative technology adopted by Cisco from Sourcefire. Major features of Firepower Services for ASA security appliances include:
- Multi-layer defense against familiar and new attacks
- Cisco's Advanced Malware Protection that uses big data techniques to discover and mitigate intrusions
- Cisco's Next-Generation Intrusion Prevention System that performs contextual analysis that covers users, network infrastructure, software applications, and content to detect attacks that incorporate multiple approaches
- Fine-grained Application Visibility and Control that is aware of thousands of applications and can automatically activate standard and customized IPS policies based on the degree of risk
Firepower Services for Cisco ASA 5500-X firewalls offer multi-layered security
Smaller deployments of Cisco ASA 5500-X firewalls can be effectively managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all ASA 5500-X models. ASDM includes a simple web console for configuring, managing, and troubleshooting ASA 5500-X devices and modules.
For more complex environments, ASA 5500-X firewalls with Firepower Services can be administered with Cisco's Firepower Management Center, implemented as one or more physical or virtual devices. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection. Due to ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names that include Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center centralizes event and policy control for Cisco Firepower firewall appliances
Firepower Management Center offers features beyond those available with Cisco's on-box ASDM utility. Extra capabilities include greater context awareness, Advanced Malware Protection (AMP) with remediation for client devices, a dashboard that offers dynamic infrastructure visualization, automated policy optimization driven by impact assessment of attacks, advanced IPS, custom application detectors for Application Visibility and Control (AVC), customized health alerts, enhanced reporting options, and application interfaces for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be handled using the on-device ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls leverage technology developed for the Cisco PIX 500 Series Security Appliance, the Cisco IPS 4200 Series sensor, and the Cisco VPN 3000 model concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to deliver a platform that stops the broadest range of threats. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver application protection, local containment, and clean Virtual Private Network functionality throughout the entire product line. This breadth of protection enables defense of any network area, including the most typical threat vectors like remote locations, locally-attached internal users, and off-site connected VPNs.
The expandable architecture of the Cisco ASA 5500 family allows you to add features by installing security service modules (SSMs) and security service cards. These user-installable enhancements give you the option of adding Intrusion Protection and content protection functions such as blocking virus, spyware, and phishing assaults and performing data and URL filtering. In addition to allowing you to react quickly to the latest threat environments, the expandable architecture of the ASA 5500 family also leverages your capital investment by increasing the useful life of your firewalls. The Cisco ASA 5500 Series also leverages your investment in IT staff education by utilizing the familiar library of PIX 500 security management utilities and protocols such as the Cisco ASDM platform, secure command-line interface (CLI) access, syslog, and Simple Network Management Protocol (SNMP).
Cisco ASA 5500 Series firewalls deliver robust application protection via intelligent, application-sensitive inspection engines that examine traffic at Layers 4-7. The result is a safer network covering Web, voice, and 3G-mobile wireless services. To protect networks against application-layer assaults and to offer better policing of the applications and protocols utilized in their environments, Cisco's inspection engines incorporate extensive application and protocol knowledge and employ security enforcement solutions that include anomaly detection and state tracking. Also incorporated are attack detection and remediation technology including application/protocol command filtering and content verification. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, enabling organizations to enforce usage policies and preserve network bandwidth for crucial business applications.
For more information about Progent's consulting services for ASA 5500 firewalls, visit ASA 5500 firewalls configuration and troubleshooting support.
Cisco PIX Firewalls
Built upon a hardened, purpose-built software platform that delivers a wealth of security services, Cisco PIX firewall appliances provide a high level of security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec certification. PIX firewall appliances provide protection for a broad range of VoIP and other mixed-media standards such as H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping businesses to protect deployments of a wide range of contemporary and next-generation IP voice and video applications.
Cisco PIX firewalls offer a variety of configuration, monitoring, and analysis features, giving IT managers the flexibility to utilize the techniques that most closely match their requirements. Management options include centralized, policy-based administration utilities, integrated web-accessible administration, and support for remote-monitoring standards like Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface provides a powerful Web-based control platform that greatly streamlines the deployment, ongoing modification, and tracking of a single Cisco PIX security appliance without requiring any additional utility other than an ordinary Web browser and Java plug-in to be running on a manager's computer.
IT managers can also remotely configure, track, and troubleshoot Cisco PIX security appliances using a command-line interface (CLI). Safe command-line interface (CLI) access is available using several methods such as SSHv2 Protocol, Telnet over IPsec, and out-of-band through a console port. Cisco PIX firewalls also have dependable auto-update features, a set of advanced secure remote-administration services that make sure that firewall configurations and software images are kept up to date.
For additional details about Progent's consulting services for Cisco PIX 500 firewalls, see Cisco PIX firewalls configuration and debugging support.
Progent's Migration Consulting Services for Cisco Firewalls
Because Cisco has stopped offering the PIX 500 and ASA 5500 product lines, many companies are uncomfortable with depending on a critical infrastructure component that might stop being supported. Cisco ASA 5500-X and Firepower NGFW Series firewalls offer the benefit of being current products and also bring a number of technical and financial benefits in comparison to PIX 500 devices. These advantages include significantly higher performance, optional SSL tunneling capability, and an expandable design that guards your investment by allowing you to self-install new security services when and if you need them. Progent's CCIE-certified network engineers can assist your company to assess the strategic value of for moving from PIX 500 or Cisco ASA 5500 security appliances, design a migration plan that allows for a quick and seamless changeover, help your IT staff to install new ASA 5500-x Series or Firepower NGFW Series firewalls, and provide remote training, consulting, and troubleshooting services.
Other Ways Progent Can Assist You with Cisco Firewalls
Cisco's Firepower NGFW Series, ASA Series, and PIX security appliances provide a wealth of configuration, tracking, and analysis options which give you the flexibility to deploy these firewalls to match your business needs. Progent's CCIE authorized network consultants can help you to build an efficient infrastructure that incorporates Cisco firewall technology and that provides world-class protection, fault tolerance, performance, and manageability. Progent's CISA and CISSP-ISSP-certified IS security professionals can help you to create a security strategy appropriate for your business and can configure your security appliance to enforce your security strategy. Progent's security assessment engineers can evaluate the strength of your existing firewall solution and validate the overall security of your whole information system network. Progent’s Help Desk support team can provide urgent remote technical support for Cisco technology and can give you quick access to a Cisco CCIE expert.
To see additional information concerning Progent's consulting support for Cisco networking products, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to get in touch with Progent about professional support for Cisco networking, phone 1-800-993-9400 or go to Contact Progent.