Cisco is a perennial front-runner in delivering cutting-edge firewall appliances for the broadest possible variety of deployments. Cisco's Firepower NGFWs Firewalls provide an advanced cybersecurity solution that marshals dedicated hardware, cloud services, and machine learning to block, identify, and respond to cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can assist you to design and execute an efficient migration to Cisco Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and show you how to enhance Firepower firewalls with Cisco's cloud-based services to build and centrally control IT ecosystems that include local offices, data centers, private clouds and public clouds. Progent can also assist you to maintain and troubleshoot legacy Cisco firewalls. Progent's certified cybersecurity experts can help you with policy creation and tuning driven by industry best practices so you can build a consistent and effective security posture across all your networked devices anywhere.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a significant performance improvement over Cisco's popular ASA 5500-X firewalls and offer unified management of modern security features such as application visibility, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), URL filtering, and multi-node sandboxing. For more information about Cisco's Firepower portfolio of NGFWs Firewalls, see Firepower firewalls integration experts.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500, and PIX 500 firewall appliances provide combined firewall, VPN, and IPS capabilities in single-box packages, delivering a wide range of features to meet the security requirements of organizations ranging from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X Series, ASA 5500, and PIX 500 firewall appliances enable network security teams to defend their network perimeter and offer secure remote connectivity while utilizing powerful management tools based on Cisco's world-class firewall products.
Ciscoís ASA 5500 and PIX firewall appliances have reached end-of-life (EOL) but remain commonly deployed in smaller businesses and in some enterprise data centers. Ciscoís ASA 5500-X Series Next-Generation Firewalls represent significantly more value and have supplanted the ASA 5500 and PIX lines of firewalls for new installations. However, Cisco's legacy firewall appliances, if carefully managed, can deliver a high degree of protection by supplying multiple security functions such as firewall, IPsec VPN, and IPS.
After Cisco's acquisition of Sourcefire, the whole line of ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort product, which is the world's most popular intrusion protection system. Firepower services provide powerful new capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco-certified infrastructure engineers can assist your organization to support and debug older ASA 5500 and PIX firewall appliances and can also help you to plan and implement a smooth migration to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also help you to plan, configure, optimize, manage and debug new firewall ecosystems built on Cisco's current ASA 5500-X models with Firepower Services. Progent's firewall consultants can also help you to upgrade from your Cisco ASA 5500-X Series deployment to Cisco's Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive family of ASA 5500-X security appliances features an enhanced substitute for each rack-mountable model in the previous ASA 5500 series of devices. Each ASA 5500-X model is suited for the identical market as the associated previous models, which gives small and midsize businesses plenty of room for picking a firewall that aligns with their security requirements and budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and are capable of running Cisco's advanced protection services. All models in Cisco's ASA 5500-X family deliver dependable protection across any mix of physical, virtual, and cloud environments.
For more details about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's consulting for Cisco ASA firewalls, go to Cisco Firepower configuration and debugging consulting
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls accept software or physical modules that enable Cisco's Firepower Services, which provide layered defense against sophisticated threats. Firepower Services are powered by technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA security appliances include:
- Multi-layer protection against familiar and new attacks
- Advanced Malware Protection (AMP) that utilizes big data techniques to discover and remediate intrusions
- A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that covers clients, network infrastructure, apps, and content to detect threats that incorporate multiple approaches
- High-resolution Application Visibility and Control that is familiar with thousands of applications and can automatically launch both standard and customized IPS policies based on the degree of risk
Firepower Services for ASA firewalls offer advanced multi-layered threat protection
Simpler deployments of ASA 5500-X firewalls can be effectively administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool included with all ASA 5500-X models. ASDM includes a simple web dashboard for deploying, administering, and debugging ASA 5500-X appliances and modules.
For multi-device and multi-site deployments, ASA 5500-X appliances with Firepower Services can be managed with Firepower Management Center, implemented as one or several physical or virtual devices. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of ongoing rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names that include Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Cisco Firepower Management Center centralizes event and policy management for Cisco Firepower firewall appliances
Firepower Management Center provides capabilities beyond those available with Cisco's on-box Adaptive Security Device Manager tool. Extra features include expanded context awareness, Advanced Malware Protection with mitigation for client devices, a console that offers dynamic network infrastructure visualization, automated policy optimization based on impact evaluation of attacks, advanced IPS, custom application discovery for Application Visibility and Control, customized health notifications, improved reporting options, and application interfaces for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed using the on-device ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Family of Adaptive Security Appliances
Cisco Adaptive Security Appliances Firewalls leverage technology developed for the PIX 500 family Security Appliance, the Cisco IPS 4200 Series Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These technologies converge on the Cisco Adaptive Security Appliances 5500 Series Firewall product line to offer a platform that defends against the widest variety of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver application security, local containment and control, and safe VPN connectivity across the entire product line. This broad scope of security allows the guarding of any network segment, which includes the most common attack conduits like remote locations, LAN-connected inside users, and off-site connected VPNs.
The scalable design of the Cisco ASA 5500 Series enables you to add more services by installing security service modules and security service cards (SSCs). These user-installable options give you the ability to add IPS and content protection services like blocking virus, worms, and phishing attacks and performing file and web filtering. Beside allowing you to react rapidly to the latest threat environments, the extensible architecture of the Cisco ASA 5500 Series also protects your hardware investment by prolonging the useful life of your firewalls. The ASA 5500 Series also protects your investment in IT staff education by utilizing the familiar set of PIX management tools and protocols such as the Cisco Adaptive Security Device Manager system, protected command-line interface (CLI) access, syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances (ASA) firewalls provide robust application protection through intelligent, application-sensitive inspection engines that analyze network flows at Layers 4-7. This produces a safer environment covering Web, voice, and 3G-mobile wireless services. To protect against application-layer assaults and to provide stronger policing of the applications and protocols used in their environments, these inspection engines incorporate broad application and protocol knowledgebases and rely on protection enforcement solutions such as protocol anomaly sensing and state monitoring. Also incorporated are assault sensing and mitigation techniques including application and protocol command filtering and URL deobfuscation. Cisco ASA firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, enabling organizations to police usage policies and conserve bandwidth for vital business applications.
For more details about Progent's support services for ASA 5500 firewalls, see ASA 5500 series firewalls integration and debugging services.
Cisco PIX Firewall Appliances
Built around a tested, specialized software platform that offers rich security services, PIX security appliances offer excellent security and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security qualification. Cisco PIX security appliances provide security for a broad range of VoIP and other multimedia standards such as H.323 v. 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), enabling organizations to safeguard deployments of a broad array of current and next-generation Voice over IP and mixed-media applications.
PIX security appliances feature a wealth of configuration, monitoring, and troubleshooting features, providing businesses the flexibility to utilize the methods that best match their needs. Administrative solutions include common, policy-based administration tools, integrated web-based administration, and support for remote-tracking standards such as Simple Network Management Protocol and syslog. The integrated ASDM interface provides a world-class Web-accessible control solution that greatly simplifies the installation, in-place modification, and tracking of a single PIX firewall without requiring any extra utility other than a standard browser and Java applet to be installed on a manager's computer.
Administrators can furthermore remotely configure, track, and troubleshoot Cisco PIX firewalls using a command-line interface. Safe command-line interface (CLI) communication is available using a number of methods such as SSHv2 Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewall appliances also have robust auto-update capabilities, a set of revolutionary secure remote-administration services that make sure that firewall settings and software images are kept current.
For additional details about Progent's consulting services for Cisco PIX firewalls, go to PIX firewalls integration and debugging consulting.
Progent's Migration Consulting Services for Cisco Firewalls
Because Cisco has ceased selling the PIX and ASA 5500 product lines, many businesses are concerned about relying on a key security component that may stop being supported by Cisco. Cisco ASA 5500-X and Firepower Series security appliances have the benefit of being new devices and also bring several technical and financial advantages in comparison to PIX devices. These benefits include substantially better performance, optional SSL tunneling capability, and a modular design that guards your investment by allowing you to self-install new security services whenever you need them. Progent's Cisco certified experts can help you to assess the strategic case for moving from PIX 500 or ASA 5500 firewalls, design a migration plan that allows for a fast and seamless changeover, help you to set up new ASA 5500-x or Firepower Series appliances, and provide online, consulting, and technical support services.
Additional Ways Progent Can Assist Your Business with Cisco ASA and PIX Security Appliances
Cisco Firepower Series, ASA Series, and PIX family security appliances provide a wealth of configuration, tracking, and troubleshooting features that offer you the flexibility to set up these firewalls to match your business requirements. Progent's CCIE certified network consultants can help you to build a cost-effective infrastructure that incorporates Cisco firewalls and that offers advanced protection, fault tolerance, throughput, and recoverability. Progent's CISA and CISSP-ISSP-certified IS security engineers can assist you to create a security policy appropriate for your environment and can set up your security appliance to enforce your security policies. Progent's security evaluation experts can evaluate the strength of your current firewall solution and audit the overall security of your whole IT environment. Progentís Technical Response Center (TRC) can deliver emergency online troubleshooting for Cisco technology and can give you quick access to a Cisco expert.
For additional information concerning Progent's engineering expertise for Cisco technology, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to get in touch with Progent about engineering help for Cisco networking, call 1-800-993-9400 or go to Contact Progent.