Cisco is a long-time leader in developing cutting-edge firewalls for the widest possible range of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) represent a modern cybersecurity solution that combines dedicated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to block, discover, and mitigate threats automatically. Progent's Cisco-certified CCIE-certified firewall experts can assist you to plan and execute a smooth upgrade to Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and show you how to integrate Firepower firewalls with Cisco's cloud-based services to create and centrally control network ecosystems that include branch offices, data centers, private clouds and public clouds. Progent's firewall consultants can also assist you to maintain and debug legacy Cisco firewalls. Progent's certified cybersecurity consultants can assist you with policy creation and tuning driven by industry best practices in order to build a consistent and effective cybersecurity profile across all your networked endpoints at any location.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls deliver a major performance boost over Cisco's popular ASA 5500-X firewalls and offer unified management and automation of advanced security capabilities such as application visibility and control (AVC), next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection, DDoS mitigation, and multi-node sandboxing. For details about Cisco's Firepower line of NGFWs Firewalls, see Firepower Series firewalls consulting experts.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewall appliances provide combined firewall, VPN, and intrusion prevention system services in compact single-box devices, delivering a wide array of features to meet the security and compliance requirements of companies ranging from small and mid-size businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X Series, ASA 5500, and PIX firewall appliances enable IT security teams to protect their network edge and provide safe offsite and mobile connectivity while utilizing powerful administration tools built on Cisco's world-class firewall products.
Cisco’s ASA 5500 Series and PIX 500 firewalls have arrived at end-of-life (EOL) but remain widely used in small and mid-size businesses as well as in some larger networks. The ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have supplanted the ASA 5500 and PIX families of firewalls for new deployments. However, Cisco's legacy firewalls, if properly managed, continue to offer a high degree of protection by providing a variety of services such as firewall, Virtual Private Network (VPN) connections, and IPS.
Since Cisco's acquisition of Sourcefire, the whole family of ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort product, which is the world's most popular intrusion protection system. Firepower services provide powerful new features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco CCIE-premier infrastructure engineers can assist your organization to maintain and debug legacy ASA 5500 and PIX 500 firewall appliances and can also assist you to design and implement a smooth migration to Cisco’s ASA 5500-X firewalls with Firepower Services. Progent can also help you to plan, configure, tune, administer and debug new firewall solutions based on Cisco's latest ASA 5500-X models with Firepower Services. Progent can also assist you to upgrade from your Cisco ASA 5500-X Series deployment to Cisco's latest Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X firewalls includes an enhanced replacement for every rack-mountable unit in the older ASA 5500 series of devices. Each ASA 5500-X model targets the identical environment as the corresponding previous models, which offers small and midsize businesses plenty of room for picking a solution that aligns with their security needs and IT budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore processors and support Cisco's advanced security services. All devices in Cisco's ASA 5500-X family deliver consistent security across any mix of physical, virtual, and cloud environments.
For more details about ASA 5500-X security appliances, Firepower services, and Progent's support for ASA firewalls, go to Cisco Firepower integration and debugging consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls accept either software or hardware modules that enable Cisco's Firepower Services, which offer layered defense against multi-vector attacks. Cisco's Firepower Services are based on technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA 5500-X firewalls include:
- Layered protection against both familiar and new attacks
- Cisco's Advanced Malware Protection that utilizes big data techniques to discover and mitigate security breaches
- Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that covers users, infrastructure, software applications, and content to detect attacks that incorporate multiple vectors
- Fine-grained Application Visibility and Control (AVC that is familiar with thousands of apps and can automatically launch standard and customized IPS policies depending on the severity of threats
Firepower Services for ASA firewalls provide advanced multi-layered threat protection
Simpler deployments of Cisco ASA firewalls can be effectively managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all ASA 5500-X models. ASDM provides an easy-to-use web dashboard for deploying, administering, and troubleshooting ASA 5500-X firewalls and modules.
For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower can be administered using Cisco's Firepower Management Center, available as one or several physical units or virtual devices. Firepower Management Center offers unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection. Because of frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been delivered under various names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center centralizes event and policy management for Firepower firewalls
Cisco's Firepower Management Center provides capabilities beyond those available with Cisco's on-box Adaptive Security Device Manager utility. Additional capabilities include expanded context awareness, Cisco's Advanced Malware Protection with mitigation for client devices, a console that provides dynamic network infrastructure visualization, automated policy optimization driven by impact evaluation of threats, comprehensive IPS, custom app detectors for Application Visibility and Control, customized health alerts, improved reporting features, and application interfaces for host input and databases. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed via Cisco's ASA 5500-X on-device ASDM or the ASA command line interface.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances Firewalls build on engineering behind the PIX 500 family Security Appliance, the IPS 4200 sensor, and the VPN 3000 model concentrator. These technologies converge on the Cisco Adaptive Security Appliances Firewall product line to deliver a firewall that stops the broadest range of threats. Cisco Adaptive Security Appliances 5500 Series Firewalls provide program security, network containment and control, and clean VPN functionality throughout the entire product portfolio. This broad scope of security enables defense of any network segment, which includes the most common threat vectors such as remote locations, locally-attached inside users, and remote connected VPNs.
The expandable architecture of the ASA 5500 family enables you to add features by installing security service modules and security service cards (SSCs). These user-installable enhancements provide the ability to add IPS and content protection services such as filtering virus, worms, and phishing attacks and performing file and web filtering. Beside allowing your IT staff to respond quickly to new threat vectors, the extensible design of the Cisco ASA 5500 family also protects your capital investment by prolonging the life of your security appliances. The Cisco ASA 5500 family also leverages your investment in IT staff training by supporting the rich library of PIX 500 security management utilities and protocols such as the Cisco Adaptive Security Device Manager platform, secure command-line interface (CLI) availability, verbose syslog, and Simple Network Management Protocol.
Cisco ASA firewalls provide robust application security via intelligent, application-sensitive inspection engines that examine traffic at Layers 4-7. This results in a better protected network covering Web, voice, and 3G-mobile wireless connectivity. To protect networks against application-layer assaults and to offer better control over the applications and protocols utilized in their networks, these inspection engines integrate broad application and protocol knowledgebases and rely on protection enforcement solutions such as protocol anomaly detection and state tracking. Also incorporated are assault sensing and remediation technology such as application and protocol command filtering and content verification. Cisco ASA firewall inspection engines also provide management of IM and tunneling applications, allowing organizations to enforce usage policies and free up bandwidth for critical business applications.
For more details about Progent's support services for Cisco's ASA 5500 firewalls, go to Cisco ASA 5500 series firewalls integration and troubleshooting services.
Based upon a hardened, purpose-built software platform that offers a wealth of security features, Cisco PIX firewall appliances offer a high level of protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security qualification. PIX firewall appliances offer protection for a wide array of Voice over IP and additional mixed-media conventions including H.323 Version 4, SIP, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and MGCP, helping organizations to safeguard deployments of a broad range of contemporary and next-generation IP voice and video applications.
PIX firewalls feature a variety of setup, monitoring, and analysis features, giving IT managers the flexibility to utilize the methods that best meet their requirements. Administrative options include centralized, policy-based administration utilities, integrated web-accessible administration, and support for remote-monitoring protocols like Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager interface provides a world-class Web-based management platform that greatly simplifies the deployment, ongoing modification, and monitoring of a single PIX firewall appliance without requiring any extra utility beyond an ordinary browser and Java plug-in to be installed on an administrator's computer.
IT managers can furthermore remotely configure, monitor, and troubleshoot PIX firewall appliances using a command-line interface (CLI). Secure CLI interface communication is possible through several methods including Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. PIX firewalls also include dependable automatic-update capabilities, a set of advanced secure remote-administration services that ensure firewall settings and software images are always up to date.
For additional information about Progent's support services for Cisco PIX firewalls, see Cisco PIX 500 firewalls configuration and troubleshooting consulting.
Progent's Migration Consulting Services for Cisco Firewalls
Because Cisco has ceased offering the PIX 500 and ASA 5500 product lines, many companies are uncomfortable with relying on a key infrastructure component that may no longer be supported by Cisco. ASA 5500-X and Firepower NGFW Series security appliances offer the advantage of being current products and also offer several functions and budgetary advantages in comparison to PIX 500 firewalls. These advantages include significantly higher performance, optional Secure Sockets Layer tunneling support, and a modular architecture that protects your investment by allowing you to add new security features whenever you need them. Progent's CCIE-certified network engineers can assist your company to determine the business case for moving from PIX or ASA 5500 firewalls, create a migration process that allows for a quick and seamless changeover, assist you to deploy new ASA 5500-x Series or Firepower Series appliances, and provide online, consulting, and troubleshooting services.
Other Ways Progent Can Help You with Cisco ASA and PIX Security Appliances
Cisco Firepower Series, ASA 5500 Series, and PIX firewalls incorporate a wealth of configuration, monitoring, and analysis features which give you the ability to configure these firewalls to align optimally with your company's needs. Progent's CCIE authorized network experts can assist you to configure and support a cost-effective network infrastructure that includes Cisco firewall technology and that offers advanced security, resilience, performance, and manageability. Progent's CISA and CISSP-ISSP-premier information security experts can help you to develop a security strategy that makes sense for your environment and can configure your PIX or ASA firewall to enforce your security strategy. Progent's risk evaluation experts can evaluate the effectiveness of your existing firewall deployment and help determine the security of your whole IS environment. Progent’s Technical Response Center can deliver urgent remote technical support for Cisco technology and offer fast access to a Cisco expert.
To find out more details about Progent's professional assistance for Cisco products, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to ask Progent about professional help for Cisco networking, phone 1-800-993-9400 or go to Contact Progent.