Cisco is a perennial front-runner in developing cutting-edge firewall appliances for the widest possible range of deployments. Cisco's Firepower Next Generation Firewalls represent a modern cybersecurity platform that marshals dedicated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to block, discover, and mitigate cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can help your organization to design and carry out a smooth upgrade to Cisco Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and help you integrate Firepower appliances with Cisco's subscription-based security services to create and centrally manage network ecosystems that span branch offices, data centers, private clouds and public clouds. Progent can also assist you to maintain and troubleshoot older-generation Cisco security appliances. Progent's certified cybersecurity experts can help you with policy creation based on leading best practices so you can build a consistent security posture that applies to all your networked endpoints anywhere.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls provide a significant performance boost compared to Cisco's previous-generation ASA 5500-X firewalls and include unified management and automation of modern cybersecurity capabilities such as application visibility, next-generation intrusion protection with risk prioritization, advanced malware protection (AMP), URL filtering, and multi-node sandboxing. For details about Cisco's Firepower portfolio of Next Generation Firewalls (NGFWs), refer to Cisco Firepower Series firewalls consulting services.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500, and PIX firewalls provide integrated firewall, VPN, and IPS services in single-box packages, delivering a broad range of features to match the security needs of organizations ranging from small and mid-size businesses to enterprises and ISPs. Ciscoís ASA 5500-X, ASA 5500 Series, and PIX firewalls enable IT security teams to defend their network perimeter and offer safe remote access while utilizing advanced management mechanisms built on Cisco's industry-leading firewall technology.
Ciscoís ASA 5500 Series and PIX firewall appliances have reached end-of-life (EOL) but remain commonly deployed in smaller businesses as well as in some larger networks. The ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have supplanted Cisco's ASA 5500 and PIX lines of firewalls for new deployments. Still, Cisco's legacy firewalls, if carefully maintained, continue to offer a high level of protection by supplying a variety of features including stateful firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's acquisition of Sourcefire, the whole line of ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort product, which is the world's most deployed intrusion protection system (IPS). Firepower services bring enhanced capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-certified network engineers can help your organization to maintain and debug legacy ASA 5500 and PIX firewall appliances and can also assist you to design and implement an efficient upgrade to Ciscoís ASA 5500-X firewalls with Firepower. Progent can also assist you to design, deploy, tune, manage and troubleshoot new firewall ecosystems based on Cisco's current ASA 5500-X firewalls with Firepower. Progent can also help you to upgrade from your Cisco ASA 5500-X solution to Cisco's Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive line of ASA 5500-X firewalls includes an improved replacement for each rack-mountable model in the previous ASA 5500 series of firewalls. Each ASA 5500-X firewall targets the same market as the associated earlier models, which gives small and midsize businesses ample room for selecting a solution that aligns with their security requirements and IT budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and support Cisco's powerful security services. All models in Cisco's ASA 5500-X family deliver consistent protection across any mix of physical, virtual, and cloud deployments.
For more details about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's consulting for Cisco ASA security appliances, visit Firepower configuration and troubleshooting consulting
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with either software or physical modules that enable Firepower Services, which provide layered defense against sophisticated threats. Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA firewalls include:
- Layered protection against familiar and zero-day attacks
- Cisco's Advanced Malware Protection (AMP) that uses big data techniques to find and remediate security breaches
- A Next-Generation Intrusion Prevention System that provides contextual analysis that looks at users, network infrastructure, apps, and content to discover threats that incorporate multiple approaches
- Fine-grained Application Visibility and Control (AVC that is aware of thousands of applications and can automatically launch both standard and customized IPS policies based on the severity of risk
Firepower Services for Cisco ASA firewalls provide multi-layered threat protection
Simpler deployments of Cisco ASA 5500-X firewalls can be efficiently administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility provided with all ASA 5500-X versions. ASDM provides a simple web dashboard for configuring, administering, and troubleshooting ASA 5500-X devices and service modules.
For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower Services can be managed using Cisco's Firepower Management Center, implemented as one or several physical or virtual appliances. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names that include Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center centralizes event and policy control for Firepower firewall appliances
Cisco's Firepower Management Center provides features unavailable with Cisco's on-device ASDM tool. Extra capabilities include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for client devices, a console that offers dynamic network infrastructure visualization, automated policy optimization based on risk evaluation of attacks, comprehensive IPS, custom application discovery for Application Visibility and Control (AVC), customized health notifications, improved reporting features, and application interfaces for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's ASA 5500-X on-device ASDM or the ASA command line interface.
Cisco ASA 5500 Firewalls
Cisco ASA Firewalls build on engineering behind the Cisco PIX 500 family firewall, Cisco's IPS 4200 Series Intrusion Prevention System, and the Cisco VPN 3000 Series concentrator. These technologies enable the Cisco Adaptive Security Appliances Firewall family to offer a firewall that defends against the broadest range of threats. Cisco Adaptive Security Appliances Firewalls provide application protection, local containment and control, and clean Virtual Private Network functionality throughout the entire product line. This breadth of security enables the guarding of any network section, which includes the most typical threat conduits such as remote locations, locally-attached internal users, and remote access VPNs.
The expandable design of the Cisco ASA 5500 Series permits you to add features via service modules and security service cards. These user-installable options give you the ability to add Intrusion Protection and content protection functions like blocking virus, spyware, and phishing assaults and performing file and URL filtering. Beside allowing your IT staff to respond quickly to the latest risk environments, the extensible architecture of the Cisco ASA 5500 family also protects your hardware investment by increasing the life of your firewalls. The ASA 5500 Series also leverages your investment in administrative staff education by utilizing the rich set of PIX management tools and protocols such as the Cisco ASDM system, secure command-line interface (CLI) access, verbose syslog, and SNMP.
Cisco Adaptive Security Appliances (ASA) firewalls provide a high-level of application security through smart, application-aware inspection engines that analyze network flows at Layers 4-7. The result is a more secure environment including Web, voice, and 3G-mobile wireless services. To protect networks against application-layer assaults and to provide stronger policing of the programs and protocols utilized in their networks, these inspection engines integrate broad application and protocol knowledgebases and employ security enforcement technologies such as anomaly detection and application and protocol state monitoring. Also incorporated are assault detection and remediation techniques such as application and protocol command filtering and content verification. Cisco ASA 5500 Series firewall inspection engines also deliver control over instant messaging and tunneling applications, enabling businesses to enforce usage policies and conserve network bandwidth for crucial business processes.
For additional information about Progent's consulting services for Cisco's ASA 5500 firewalls, see ASA 5500 series firewalls configuration and debugging support.
Cisco PIX Firewalls
Based upon a hardened, purpose-built software platform that delivers rich protection services, Cisco PIX security appliances offer excellent security and have earned EAL 4 status and ICSA Labs Firewall and IP Security qualification. Cisco PIX firewall appliances provide protection for a broad range of Voice over IP and additional mixed-media standards including H.323 Version 4, SIP, SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping businesses to safeguard deployments of a wide range of contemporary and next-generation IP voice and video applications.
PIX security appliances offer a variety of setup, tracking, and analysis features, giving IT managers the flexibility to utilize the methods that most closely match their needs. Management options include common, policy-based administration tools, integrated web-based administration, and compatibility with remote-monitoring protocols like Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager system provides a powerful Web-based management platform that significantly streamlines the deployment, in-place configuration, and tracking of a single Cisco PIX firewall appliance without requiring any additional utility beyond a standard browser and Java applet to be installed on a manager's PC.
IT managers can furthermore remotely configure, monitor, and troubleshoot PIX firewall appliances via a command-line interface (CLI). Safe CLI interface access is possible through a number of techniques including SSHv2 Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. PIX firewall appliances also have dependable automatic-update capabilities, a set of revolutionary secure remote-management options that ensure security settings and software images are kept up to date.
For more information about Progent's consulting services for Cisco PIX 500 security appliances, go to PIX firewalls configuration and troubleshooting support.
Progent's Migration Consulting Support for Cisco Firewalls
Since Cisco has discontinued offering the PIX 500 and ASA 5500 product lines, many companies are concerned about relying on a key infrastructure mechanism that might stop being supported by Cisco. Cisco ASA 5500-X and Firepower Series firewalls have the benefit of being new devices and also offer several technical and economic benefits in comparison to PIX 500 devices. These advantages include significantly higher throughput, optional Secure Sockets Layer tunneling capability, and a modular architecture that protects your investment by enabling you to self-install more security features whenever you need them. Progent's Cisco certified network engineers can help your company to determine the strategic value of for upgrading from PIX 500 or Cisco ASA 5500 security appliances, design a migration process that permits a quick and seamless upgrade, assist you to configure new ASA 5500-x Series or Firepower Series firewalls, and provide remote training, consulting, and technical support services.
Other Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco's Firepower NGFW Series, ASA 5500 Series, and PIX firewalls provide an array of setup, tracking, and analysis features that offer you the flexibility to configure these firewalls to align optimally with your business requirements. Progent's CCIE certified network experts can help you to build a cost-effective infrastructure that includes Cisco firewall technology and that provides advanced security, resilience, performance, and manageability. Progent's CISA and CISM-premier IS security experts can assist you to create a security policy appropriate for your situation and can set up your security appliance to enforce your security strategy. Progent's risk assessment consultants can assess the strength of your existing firewall deployment and help determine the overall security of your whole information system network. Progentís Help Desk support team can provide emergency remote troubleshooting for Cisco products and can give you quick access to a Cisco network engineer.
To see more information about Progent's engineering support for Cisco solutions, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to ask Progent about technical expertise for Cisco networking, phone 1-800-993-9400 or go to Contact Progent.