Cisco is a perennial leader in delivering state-of-the-art firewalls for the broadest possible variety of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) provide an advanced firewall platform that marshals sophisticated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to anticipate, identify, and respond to cyber attacks without manual intervention. Progent's Cisco-certified CCIE firewall consultants can assist you to plan and carry out an efficient upgrade to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and help you enhance Firepower appliances with Cisco's cloud-based services to build and centrally manage IT ecosystems that include branch offices, data centers, and cloud resources. Progent can also assist you to manage and debug older-generation Cisco security appliances. Progent's certified cybersecurity experts can help you with policy creation based on leading best practices so you can build a consistent security profile across all your endpoints at any location.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls provide a significant performance boost over Cisco's popular ASA 5500-X security appliances and offer unified control of modern security features such as application visibility, next-generation intrusion protection with risk prioritization, advanced malware protection (AMP), distributed denial of service (DDoS) mitigation, and multi-node sandboxing. For more information about Cisco's Firepower portfolio of NGFWs Firewalls, see Cisco Firepower Series firewalls consulting experts.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances offer combined firewall, VPN, and IPS services in single-box devices, delivering a wide array of features to match the security and compliance requirements of organizations from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X Series, ASA 5500, and PIX firewall appliances allow IT security teams to protect their network edge and offer safe remote connectivity while utilizing advanced administration mechanisms based on Cisco's industry-leading firewall technology.
Ciscoís ASA 5500 Series and PIX firewalls have arrived at end-of-life status but remain widely used in smaller businesses and in a few enterprise networks. The ASA 5500-X Series Next-Generation Firewalls deliver substantially more bang for the buck and have supplanted the ASA 5500 and PIX 500 lines of firewalls for new deployments. Still, Cisco's legacy firewall appliances, if properly managed, can offer a high level of protection by providing multiple security functions including stateful firewall, VPN tunneling, and IPS.
Following Cisco's acquisition of Sourcefire, the whole family of Cisco ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort technology, which is the market's most popular network intrusion protection system (IPS). Firepower services provide enhanced capabilities including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco CCIE-premier infrastructure consultants can assist you to support and debug older ASA 5500 and PIX 500 firewall appliances and can also help you to design and implement an efficient migration to Ciscoís ASA 5500-X firewalls with Firepower. Progent can also help you to plan, integrate, tune, manage and debug new firewall solutions built on Cisco's current ASA 5500-X models with Firepower Services. Progent's firewall consultants can also assist your organization to upgrade from your Cisco ASA 5500-X solution to Cisco's latest Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X firewalls includes an improved replacement for each rack-mountable unit in the previous ASA 5500 series of firewalls. Each ASA 5500-X model targets the identical market as the associated earlier models, which gives small and midsize businesses ample room for picking a firewall that meets their security needs and budgets. All ASA 5500-X products build on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and are capable of running Cisco's advanced security services. All models in Cisco's ASA 5500-X product line deliver consistent security across any combination of physical, virtual, and cloud deployments.
For additional details about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's support for Cisco ASA firewalls, go to Firepower configuration and debugging consulting
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls accept either software or physical modules that enable Firepower Services, which provide layered defense against advanced threats. Cisco's Firepower Services are based on technology adopted by Cisco from Sourcefire. Major features of Firepower Services for ASA security appliances include:
- Multi-layer defense against both familiar and new attacks
- Cisco's Advanced Malware Protection that utilizes big data techniques to discover and mitigate security breaches
- Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that covers clients, infrastructure, apps, and content to discover attacks that use simultaneous vectors
- High-resolution Application Visibility and Control (AVC that is aware of thousands of applications and can automatically launch standard and customized IPS policies depending on the severity of threats
Firepower Services for Cisco ASA 5500-X firewalls offer advanced multi-layered security
Smaller deployments of ASA firewalls can be efficiently administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool included with all ASA 5500-X versions. ASDM includes an easy-to-use web console for configuring, administering, and troubleshooting ASA 5500-X appliances and service modules.
For more complex deployments, ASA 5500-X firewalls with Firepower can be managed using Firepower Management Center, implemented as one or more physical units or virtual devices. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under several names including Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Cisco Firepower Management Center unifies event and policy control for Firepower firewall appliances
Firepower Management Center offers capabilities unavailable with Cisco's on-device ASDM utility. Extra features include greater context awareness, Cisco's Advanced Malware Protection with remediation for client devices, a console that offers dynamic infrastructure visualization, automated policy tuning driven by impact evaluation of attacks, comprehensive IPS, custom application discovery for Application Visibility and Control (AVC), customized health alerts, improved reporting options, and application interfaces for host input and databases. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's ASA 5500-X on-device ASDM or the ASA command line interface.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) Firewalls leverage engineering behind the PIX 500 Series Security Appliance, the Cisco IPS 4200 Series Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These technologies converge on the Cisco ASA Firewall family to offer a platform that stops the widest variety of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide program protection, local containment, and safe Virtual Private Network functionality across the entire product portfolio. This breadth of security allows defense of any network section, including the most common attack vectors like remote locations, locally-attached inside users, and remote access VPNs.
The expandable architecture of the ASA 5500 Series allows you to add more services by installing service modules and security service cards. These user-installable enhancements give you the ability to add Intrusion Protection and content protection functions like blocking virus, worms, and phishing assaults and executing data and URL filtering. Beside allowing your IT staff to respond quickly to the latest risk environments, the expandable design of the ASA 5500 Series also protects your capital investment by prolonging the useful life of your firewalls. The Cisco ASA 5500 family also leverages your investment in IT staff education by utilizing the familiar library of PIX 500 management tools and protocols including the Cisco Adaptive Security Device Manager system, protected command-line interface access, verbose syslog, and SNMP.
Cisco Adaptive Security Appliances 5500 Series firewalls deliver a high-level of application security via smart, application-aware inspection engines that analyze traffic at Layers 4-7. The result is a better protected environment including Web, voice, and mobile wireless access. To defend against application-layer assaults and to offer stronger policing of the programs and protocols utilized in their networks, these inspection engines incorporate broad application and protocol knowledge and employ security enforcement solutions such as anomaly detection and application and protocol state tracking. Also incorporated are attack sensing and mitigation technology such as application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide management of instant messaging and tunneling applications, allowing organizations to enforce usage policies and conserve bandwidth for vital business processes.
For additional details about Progent's consulting services for Cisco's ASA 5500 firewalls, visit ASA 5500 series firewalls integration and troubleshooting services.
Cisco PIX Firewall Appliances
Built around a tested, purpose-built operating system that delivers a wealth of security services, Cisco PIX firewall appliances provide excellent security and have been awarded EAL 4 status and ICSA Labs Firewall and IPsec qualification. PIX firewalls offer protection for a wide range of Voice over IP and additional multimedia standards such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, helping businesses to safeguard installations of a broad range of contemporary and upcoming IP voice and video applications.
Cisco PIX firewalls offer a wealth of setup, monitoring, and analysis features, giving businesses the versatility to utilize the methods that most closely meet their requirements. Management solutions include centralized, policy-based management tools, integrated web-accessible administration, and support for remote-tracking protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM interface provides a world-class Web-accessible management platform that greatly simplifies the installation, in-place configuration, and tracking of a specific PIX security appliance without the need of any additional software beyond a standard browser and Java applet to be installed on a manager's PC.
IT managers can also remotely configure, monitor, and analyze PIX firewall appliances via a command-line interface. Secure command-line interface communication is possible through a number of methods such as SSHv2 Protocol, Telnet through IP Security, and out-of-band via a console port. PIX firewall appliances also have robust automatic-update capabilities, a set of revolutionary protected remote-administration options that make sure that security settings and software images are kept up to date.
For additional information about Progent's consulting services for PIX 500 firewalls, see Cisco PIX firewalls integration and troubleshooting services.
Progent's Migration Consulting Support for Cisco Firewalls
Because Cisco has ceased offering the PIX and ASA 5500 product lines, many companies are uncomfortable with depending on a critical security component that may stop being supported. ASA 5500-X and Firepower Series security appliances offer the advantage of being new devices and also offer several technical and economic advantages in comparison to PIX 500 firewalls. These advantages include significantly higher performance, optional SSL tunneling capability, and a modular architecture that guards your investment by allowing you to add new security features whenever you require them. Progent's CCIE-certified network engineers can assist your company to determine the strategic value of for moving from PIX or Cisco ASA 5500 security appliances, create a migration plan that permits a quick and seamless changeover, help your IT staff to install new ASA 5500-x Series or Firepower NGFW Series appliances, and offer online, consulting, and technical support services.
Additional Ways Progent Can Assist Your Business with Cisco Firewalls
Cisco Firepower NGFW Series, ASA Series, and PIX security appliances incorporate an array of setup, monitoring, and troubleshooting features that give you the ability to configure these security appliances to match your business requirements. Progent's CCIE authorized network consultants can show you how to configure and support an efficient infrastructure that includes Cisco security appliances and that provides world-class security, fault tolerance, throughput, and manageability. Progent's CISA and CISSP-ISSP-premier information security consultants can help you to develop a security strategy that makes sense for your business and can set up your firewall to support your security policies. Progent's security assessment professionals can evaluate the effectiveness of your existing firewall solution and validate the security of your entire information system environment. Progentís Technical Response Center (TRC) can deliver emergency remote technical support for Cisco products and can give you fast access to a Cisco expert.
To see more information concerning Progent's professional expertise for Cisco products, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To ask Progent about consulting expertise for Cisco products, phone 1-800-993-9400 or go to Contact Progent.