Cisco is a perennial leader in delivering state-of-the-art firewall appliances for the widest possible range of environments. Cisco's Firepower Next Generation Firewalls represent a modern cybersecurity solution that marshals sophisticated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to block, identify, and respond to cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can help you to plan and carry out an efficient migration to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and help you enhance Firepower appliances with Cisco's security services to build and centrally manage network ecosystems that span branch offices, data centers, private clouds and public clouds. Progent can also help you to manage and troubleshoot legacy Cisco security appliances. Progent's certified network security consultants can help you with policy creation based on industry best practices in order to build a consistent security posture that applies to all your endpoints anywhere.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls provide a major performance boost over Cisco's previous-generation ASA 5500-X security appliances and include unified management of advanced security capabilities like application visibility and control (AVC), next-generation intrusion protection with risk prioritization, advanced malware protection, distributed denial of service (DDoS) mitigation, and multi-node sandboxing. For more information about Cisco's Firepower line of NGFWs Firewalls, refer to Cisco Firepower firewalls integration services.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco’s ASA 5500-X Series, ASA 5500, and PIX 500 firewall appliances offer integrated firewall, VPN, and intrusion prevention system capabilities in compact single-box packages, delivering a broad array of features to match the security needs of companies ranging from small businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances allow IT security staffs to defend their network edge and offer secure remote connectivity while utilizing powerful administration tools based on Cisco's world-class firewall technology.
Cisco’s ASA 5500 Series and PIX firewalls have arrived at end-of-life status but remain commonly used in smaller organizations as well as in some larger data centers. Cisco’s ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have supplanted Cisco's ASA 5500 and PIX 500 lines of firewalls for new deployments. Still, Cisco's legacy firewalls, if properly managed, can offer a high degree of protection by supplying multiple features such as firewall, VPN tunneling, and IPS.
Following Cisco's purchase of Sourcefire, the entire family of Cisco ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort product, which is the world's most deployed intrusion protection system (IPS). Firepower services provide enhanced capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-premier infrastructure engineers can assist you to maintain and troubleshoot legacy ASA 5500 and PIX firewalls and can also assist you to plan and carry out a smooth migration to Cisco’s ASA 5500-X firewalls with Firepower. Progent can also assist you to plan, integrate, tune, administer and troubleshoot new firewall ecosystems based on Cisco's latest ASA 5500-X models with Firepower Services. Progent can also assist you to migrate from your Cisco ASA 5500-X Series deployment to Cisco's latest Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive line of ASA 5500-X firewalls features an improved substitute for each rack-mountable model in the previous ASA 5500 line of devices. Each ASA 5500-X model targets the identical market as the corresponding previous models, which gives most ample room for picking a firewall that aligns with their security needs and budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and support Cisco's advanced protection services. All models in Cisco's ASA 5500-X product line deliver consistent protection across any combination of physical, virtual, and cloud environments.
For more information about ASA 5500-X firewalls, Cisco Firepower services, and Progent's support for ASA 5500-X security appliances, visit Firepower configuration and troubleshooting expertise
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls accept software or hardware modules that support Cisco's Firepower Services, which provide layered protection against multi-vector attacks. Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA firewalls include:
- Layered defense against familiar and zero-day threats
- Advanced Malware Protection (AMP) that utilizes big data to discover and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers clients, network infrastructure, apps, and content to discover threats that use multiple approaches
- Fine-grained Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically launch both standard and custom IPS policies based on the degree of risk
Firepower Services for ASA firewalls offer advanced multi-layered protection
Smaller implementations of ASA 5500-X firewalls can be efficiently administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool which is provided with all ASA 5500-X models. ASDM includes a simple web dashboard for deploying, administering, and troubleshooting ASA 5500-X firewalls and modules.
For multi-device and multi-site deployments, ASA 5500-X appliances with Firepower Services can be administered with Cisco's Firepower Management Center, implemented as one or several physical units or virtual appliances. Firepower Management Center provides unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection. Due to frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under various names that include Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Cisco Firepower Management Center centralizes event and policy control for Firepower firewalls
Cisco's Firepower Management Center provides capabilities beyond those available with Cisco's on-box Adaptive Security Device Manager tool. Extra capabilities include greater context awareness, Advanced Malware Protection with remediation for client devices, a dashboard that offers real-time network infrastructure visualization, automated policy optimization driven by impact assessment of attacks, comprehensive IPS, custom app detectors for Application Visibility and Control, customized health alerts, enhanced reporting features, and application interfaces for host input and database access. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be handled using the on-device ASDM or the ASA command line interface.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls leverage engineering behind the Cisco PIX 500 family firewall, Cisco's IPS 4200 sensor, and the VPN 3000 model concentrator. These technologies enable the Cisco Adaptive Security Appliances Firewall product line to deliver a firewall that defends against the broadest range of threats. Cisco ASA Firewalls deliver application protection, local containment, and safe Virtual Private Network connectivity throughout the entire product portfolio. This breadth of protection enables defense of any network section, including the most common attack conduits such as remote sites, LAN-connected internal users, and remote access Virtual Private Networks.
The expandable architecture of the Cisco ASA 5500 family permits you to add security services via security service modules (SSMs) and cards. These user-installable enhancements give you the option of adding Intrusion Protection and content protection functions like blocking virus, spyware, and phishing attacks and executing file and web filtering. Beside allowing your IT staff to react quickly to new risk vectors, the extensible design of the Cisco ASA 5500 Series also protects your hardware investment by increasing the life of your firewalls. The Cisco ASA 5500 Series also leverages your investment in IT staff education by utilizing the familiar set of PIX security management tools and protocols including the Cisco Adaptive Security Device Manager system, secure command-line interface (CLI) availability, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco ASA 5500 Series firewalls deliver robust application protection via intelligent, application-aware inspection processes that analyze network flows at Layers 4-7. This produces a more secure environment covering Web, voice, and mobile wireless access. To defend networks against application-layer attacks and to provide stronger policing of the programs and protocols used in their networks, Cisco's inspection engines incorporate extensive application and protocol knowledge and employ security enforcement solutions that include protocol anomaly sensing and application and protocol state tracking. Also included are attack sensing and remediation technology including application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also provide control over instant messaging and tunneling applications, allowing organizations to police usage policies and preserve network bandwidth for important business applications.
For more details about Progent's consulting services for Cisco's ASA 5500 firewalls, visit ASA 5500 firewalls configuration and debugging services.
Cisco PIX Firewall Appliances
Built around a tested, purpose-built operating system that offers a wealth of protection services, Cisco PIX firewalls offer a high level of protection and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security (IPsec) certification. PIX security appliances provide protection for a broad range of VoIP and additional multimedia conventions including H.323 Version 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol, helping organizations to safeguard deployments of a wide array of contemporary and upcoming Voice over IP and mixed-media applications.
Cisco PIX firewalls offer a wealth of configuration, monitoring, and troubleshooting features, giving businesses the versatility to use the methods that best meet their requirements. Management solutions include centralized, policy-based management utilities, integrated web-accessible management, and support for remote-monitoring standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system offers a world-class Web-accessible control solution that significantly streamlines the installation, ongoing configuration, and monitoring of a single Cisco PIX firewall without the need of any additional software other than a standard Web browser and Java plug-in to be running on a manager's PC.
Administrators can furthermore remotely configure, track, and troubleshoot Cisco PIX security appliances via a command-line interface. Safe command-line interface (CLI) communication is available using several methods including SSHv2 Protocol, Telnet through IP Security, and out-of-band via a console port. Cisco PIX security appliances also include dependable auto-update features, a collection of revolutionary secure remote-management options that ensure firewall settings and software images are kept up to date.
For additional information about Progent's consulting services for PIX firewalls, see PIX 500 firewalls integration and debugging services.
Progent's Migration Consulting for Cisco Firewalls
Since Cisco has ceased selling the PIX and ASA 5500 families of firewalls, many companies are uncomfortable with depending on a critical security mechanism that may no longer be supported by Cisco. Cisco ASA 5500-X and Firepower Series security appliances offer the benefit of being current devices and also offer a number of functions and budgetary benefits in comparison to PIX firewalls. These benefits include substantially higher throughput, optional SSL tunneling support, and a modular design that guards your investment by allowing you to self-install new security features whenever you require them. Progent's CCIE-certified network engineers can help you to assess the business case for upgrading from PIX 500 or ASA 5500 firewalls, create a migration plan that permits a fast and seamless changeover, assist your IT staff to set up new ASA 5500-x or Firepower Series firewalls, and provide remote training, consulting, and troubleshooting services.
Other Ways Progent Can Assist Your Business with Cisco ASA and PIX Firewalls
Cisco's Firepower NGFW Series, ASA 5500 Series, and PIX firewalls provide an array of setup, tracking, and analysis features which give you the ability to deploy these firewalls to align optimally with your business needs. Progent's CCIE authorized network experts can help you to design an efficient infrastructure that incorporates Cisco firewalls and that provides advanced protection, fault tolerance, performance, and recoverability. Progent's CISA and CISM-premier IS security engineers can assist your business to create a security policy appropriate for your business and can set up your security appliance to support your security strategy. Progent's risk assessment professionals can evaluate the effectiveness of your existing firewall solution and help determine the security of your whole IS network. Progent’s Help Desk support team can provide emergency online technical support for Cisco products and offer fast access to a Cisco expert.
To learn more information concerning Progent's professional support for Cisco solutions, choose a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to ask Progent about engineering expertise for Cisco products, call 1-800-993-9400 or see Contact Progent.