Cisco is a perennial leader in developing cutting-edge firewalls for the widest possible range of environments. Cisco's Firepower NGFWs Firewalls provide an advanced firewall platform that marshals sophisticated hardware, cloud services, and machine learning to block, identify, and respond to threats automatically. Progent's Cisco-certified CCIE firewall experts can help your organization to design and carry out a smooth migration to Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and show you how to integrate Firepower appliances with Cisco's cloud-based services to build and centrally manage IT environments that span local offices, data centers, private clouds and public clouds. Progent's firewall consultants can also help you to maintain and troubleshoot older-generation Cisco firewalls. Progent's certified cybersecurity experts can help you with policy creation and tuning driven by industry best practices so you can establish a consistent and effective security profile that applies to all your devices anywhere.

Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls provide a major performance improvement over Cisco's popular ASA 5500-X security appliances and offer centralized management and automation of advanced cybersecurity features like application visibility and control, next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection, distributed denial of service (DDoS) mitigation, and multi-node sandboxing. For details about Cisco's Firepower portfolio of Next Generation Firewalls, refer to Cisco Firepower Series firewalls consulting services.

Cisco Firepower 4100 Series Firewalls Consulting

Cisco's ASA 5500-X Series and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500, and PIX 500 firewall appliances provide integrated firewall, VPN, and intrusion prevention system services in single-box devices, delivering a wide range of features to meet the security and compliance requirements of organizations from small and mid-size businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X, ASA 5500, and PIX 500 firewalls allow IT security teams to protect their network perimeter and provide secure offsite and mobile access while using powerful management tools based on Cisco's world-class firewall technology.

Ciscoís ASA 5500 and PIX 500 firewalls have arrived at end-of-life (EOL) but remain widely deployed in smaller businesses as well as in a few larger networks. Ciscoís ASA 5500-X Series Next-Generation Firewalls represent substantially more value and have superseded Cisco's ASA 5500 and PIX 500 lines of firewalls for new deployments. Still, Cisco's legacy firewall appliances, if carefully managed, continue to offer a high degree of security by supplying multiple features such as firewall, IPsec VPN, and IPS.

Following Cisco's acquisition of Sourcefire, the entire line of ASA 5500-X devices can be provisioned to support Firepower Services, built on Sourcefire's Snort product, which is the world's most popular intrusion protection system (IPS). Firepower services bring enhanced capabilities such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.

Progent's Cisco CCIE-certified network consultants can assist your organization to support and troubleshoot legacy ASA 5500 Series and PIX 500 firewalls and can also help you to plan and carry out an efficient migration to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to plan, deploy, tune, administer and troubleshoot new firewall solutions built on Cisco's current ASA 5500-X models with Firepower. Progent's firewall consultants can also assist your organization to upgrade from your Cisco ASA 5500-X Series solution to Cisco's Firepower NGFWs Firewalls.

Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive family of ASA 5500-X firewalls includes an improved replacement for every rack-mountable unit in the older ASA 5500 line of devices. Each ASA 5500-X firewall targets the same market as the corresponding previous models, which offers most ample choice for picking a solution that aligns with their security requirements and IT budgets. All ASA 5500-X firewalls are based on Cisco's tested stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and are capable of running Cisco's advanced security services. All devices in Cisco's ASA 5500-X product line provide consistent protection across any combination of physical, virtual, and cloud environments.

Cisco ASA 5500-X Firepower Consultants

For more details about ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA 5500-X security appliances, see Cisco Firepower configuration and troubleshooting consulting

Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls accept either software or hardware modules that support Cisco's Firepower Services, which provide layered defense against sophisticated threats. Cisco's Firepower Services are powered by innovative technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X firewalls include:

  • Layered protection against familiar and new threats
  • Advanced Malware Protection (AMP) that utilizes big data techniques to find and remediate intrusions
  • Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that covers users, infrastructure, apps, and content to detect threats that use simultaneous approaches
  • High-resolution Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically activate standard and custom IPS policies based on the degree of threats
Cisco Firepower Configuration Expertise

Firepower Services for Cisco ASA firewalls offer multi-layered security

Simpler implementations of Cisco ASA 5500-X firewalls can be efficiently managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all ASA 5500-X models. ASDM includes an easy-to-use web dashboard for deploying, administering, and debugging ASA 5500-X firewalls and service modules.

For more complex environments, ASA 5500-X appliances with Firepower can be administered with Cisco's Firepower Management Center, available as one or several physical or virtual devices. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names that include Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.

Firepower Management Center Consultants

Cisco Firepower Management Center centralizes event and policy management for Firepower firewall appliances

Cisco's Firepower Management Center offers capabilities beyond those available with Cisco's on-box Adaptive Security Device Manager tool. Additional capabilities include greater context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for user devices, a console that offers dynamic network visualization, automated policy tuning driven by risk assessment of attacks, advanced IPS, custom app discovery for Application Visibility and Control, customized health alerts, improved reporting options, and application interfaces for host input and database access. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed using Cisco's ASA 5500-X on-device ASDM or the ASA CLI.

Cisco ASA 5500 Family of Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on engineering developed for the PIX 500 family Security Appliance, the IPS 4200 family Intrusion Prevention System, and the VPN 3000 Series concentrator. These solutions enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to offer a platform that stops the widest range of threats. Cisco Adaptive Security Appliances Firewalls provide program security, local containment, and clean Virtual Private Network connectivity across the entire product portfolio. This broad scope of security enables the guarding of any network section, which includes the most common attack conduits such as remote locations, LAN-attached inside users, and remote access Virtual Private Networks.

ASA 5500 Consulting and Technical Support
The expandable design of the ASA 5500 family permits you to add more features via security service modules (SSMs) and security service cards (SSCs). These easy-to-install enhancements provide the option of adding Intrusion Protection and content protection services such as filtering virus, worms, and phishing attacks and performing file and URL screening. Beside enabling your IT staff to react rapidly to new risk environments, the extensible design of the Cisco ASA 5500 family also leverages your capital investment by prolonging the useful life of your firewalls. The Cisco ASA 5500 Series also protects your investment in administrative staff training by supporting the familiar library of PIX security management tools and protocols such as the Cisco Adaptive Security Device Manager (ASDM) system, protected command-line interface (CLI) availability, verbose syslog, and Simple Network Management Protocol (SNMP).

Cisco Adaptive Security Appliances firewalls deliver a high-level of application protection through smart, application-sensitive inspection processes that analyze network flows at Layers 4-7. This produces a safer environment covering Web, voice, and mobile wireless services. To defend networks against application-layer assaults and to offer better control over the applications and protocols used in their environments, these inspection engines incorporate extensive application and protocol knowledgebases and rely on protection enforcement technologies such as anomaly detection and state monitoring. Also included are attack detection and mitigation technology including application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also provide control over IM and tunneling applications, enabling businesses to enforce usage policies and preserve bandwidth for important business processes.

For more details about Progent's consulting services for ASA 5500 firewalls, see ASA 5500 series firewalls configuration and debugging support.

Cisco PIX Security Appliance Series
Built upon a tested, specialized OS that offers a wealth of protection features, Cisco PIX security appliances provide excellent security and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security qualification. PIX firewalls provide security for a broad range of VoIP and other mixed-media conventions including H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), enabling businesses to protect deployments of a broad array of contemporary and next-generation VoIP and multimedia applications.

Cisco PIX Security Help
Cisco PIX firewall appliances feature a wealth of configuration, tracking, and troubleshooting features, giving IT managers the versatility to utilize the techniques that most closely meet their needs. Administrative solutions include common, policy-based administration tools, integrated web-accessible management, and compatibility with remote-monitoring protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM interface provides a powerful Web-accessible control platform that greatly simplifies the deployment, ongoing modification, and monitoring of a specific PIX security appliance without the need of any additional utility other than an ordinary browser and Java plug-in to be running on a manager's PC.

IT managers can furthermore remotely set up, track, and analyze PIX security appliances via a command-line interface. Secure command-line interface access is possible through several methods such as Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewall appliances also include robust automatic-update capabilities, a set of revolutionary protected remote-management services that ensure firewall configurations and software images are always up to date.

For additional details about Progent's consulting services for PIX 500 security appliances, visit PIX firewalls configuration and troubleshooting support.

Progent's Migration Consulting Services for Cisco Firewalls
Because Cisco has stopped offering the PIX 500 and ASA 5500 families of firewalls, many companies are uncomfortable with depending on a key infrastructure component that may no longer be supported. Cisco ASA 5500-X and Firepower Series security appliances have the advantage of being current devices and also offer a number of technical and budgetary benefits in comparison to PIX devices. These benefits include substantially better performance, optional Secure Sockets Layer tunneling capability, and a modular architecture that protects your investment by enabling you to add more security services when and if you need them. Progent's Cisco experts can help you to assess the strategic case for upgrading from PIX or Cisco ASA 5500 security appliances, design a migration process that allows for a fast and seamless changeover, assist your IT staff to deploy new ASA 5500-x Series or Firepower Series appliances, and offer remote training, consulting, and technical support services.

Other Ways Progent Can Help Your Business with Cisco ASA and PIX Security Appliances
Cisco's Firepower NGFW Series, ASA 5500 Series, and PIX firewalls incorporate an array of configuration, tracking, and troubleshooting options which give you the flexibility to deploy these security appliances to match your company's requirements. Progent's CCIE certified network experts can help you to design an efficient infrastructure that includes Cisco firewalls and that provides world-class security, fault tolerance, performance, and recoverability. Progent's CISA and CISSP-ISSP-premier IS security engineers can help you to create a security strategy appropriate for your situation and can configure your PIX or ASA firewall to support your security strategy. Progent's security assessment engineers can assess the strength of your existing firewall deployment and help determine the security of your whole IS environment. Progentís Technical Response Center can deliver urgent remote technical support for Cisco products and offer fast access to a Cisco CCIE network engineer.

To find out additional information concerning Progent's engineering help for Cisco networking products, pick a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

In order to contact Progent about engineering expertise for Cisco networking, call 1-800-993-9400 or visit Contact Progent.