Cisco is a perennial leader in developing state-of-the-art firewall appliances for the widest possible variety of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) represent a modern cybersecurity platform that combines dedicated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to block, discover, and mitigate cyber attacks automatically. Progent's Cisco-certified CCIE firewall experts can assist your organization to plan and carry out an efficient upgrade to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and show you how to enhance Firepower appliances with Cisco's cloud-based services to build and centrally control network environments that include local offices, data centers, private clouds and public clouds. Progent can also assist you to maintain and troubleshoot older-generation Cisco firewalls. Progent's certified cybersecurity consultants can help you with policy creation and tuning driven by leading best practices in order to establish a consistent cybersecurity posture across all your networked endpoints anywhere.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower Next Generation Firewalls deliver a major performance boost compared to Cisco's popular ASA 5500-X security appliances and offer centralized management of advanced security capabilities like application visibility, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection, distributed denial of service (DDoS) mitigation, and sandboxing. For details about Cisco's Firepower line of Next Generation Firewalls, see Firepower Series firewalls integration experts.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500, and PIX firewall appliances offer integrated firewall, IPsec VPN, and intrusion prevention system (IPS) capabilities in compact single-box devices, delivering a broad array of features to match the security requirements of companies ranging from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances enable IT security teams to protect their network edge and offer secure remote connectivity while utilizing advanced management tools built on Cisco's world-class firewall products.
Ciscoís ASA 5500 and PIX firewall appliances have reached end-of-life but are still commonly used in smaller organizations and in some enterprise networks. Ciscoís ASA 5500-X Next-Generation Firewalls deliver significantly more bang for the buck and have superseded Cisco's ASA 5500 and PIX 500 families of firewalls for new deployments. Still, Cisco's older model firewall appliances, if carefully maintained, continue to deliver a high level of protection by supplying multiple features such as stateful firewall, Virtual Private Network (VPN) connections, and IPS.
Since Cisco's acquisition of Sourcefire, the whole line of ASA 5500-X firewalls can be provisioned to enable Firepower Services, built on Sourcefire's Snort technology, which is the world's most popular network intrusion protection system. Firepower services provide enhanced capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco-certified network consultants can assist your organization to maintain and troubleshoot legacy ASA 5500 Series and PIX 500 firewall appliances and can also help you to design and implement an efficient upgrade to Ciscoís ASA 5500-X Series firewalls with Firepower. Progent can also help you to design, integrate, tune, manage and debug new firewall solutions based on Cisco's current ASA 5500-X firewalls with Firepower. Progent's firewall consultants can also help you to upgrade from your Cisco ASA 5500-X Series solution to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive line of ASA 5500-X security appliances includes an improved replacement for each rack-mountable unit in the previous ASA 5500 line of firewalls. Each ASA 5500-X firewall targets the identical market as the corresponding earlier models, which gives most plenty of room for selecting a solution that aligns with their security needs and budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and support Cisco's powerful protection services. All devices in Cisco's ASA 5500-X product line provide consistent protection across any mix of physical, virtual, and cloud environments.
For additional details about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's support for Cisco ASA 5500-X security appliances, see Firepower configuration and troubleshooting expertise
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with software or physical modules that support Cisco's Firepower Services, which offer layered protection against sophisticated attacks. Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA 5500-X security appliances include:
- Multi-layer protection against familiar and new attacks
- Advanced Malware Protection (AMP) that uses big data to discover and mitigate security breaches
- A Next-Generation Intrusion Prevention System that performs contextual analysis that looks at users, infrastructure, software applications, and content to discover attacks that use multiple vectors
- Fine-grained Application Visibility and Control that is familiar with thousands of applications and can automatically activate both standard and custom IPS policies based on the degree of risk
Firepower Services for Cisco ASA firewalls offer advanced multi-layered security
Smaller deployments of ASA firewalls can be effectively administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all ASA 5500-X versions. ASDM includes an easy-to-use web dashboard for deploying, managing, and troubleshooting ASA 5500-X devices and service modules.
For more complex deployments, ASA 5500-X firewalls with Firepower can be managed with Cisco's Firepower Management Center, available as one or several physical or virtual devices. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection. Because of ongoing rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center centralizes event and policy management for Cisco Firepower firewalls
Cisco's Firepower Management Center offers features beyond those available with Cisco's on-box ASDM tool. Additional features include expanded context awareness, Advanced Malware Protection (AMP) with remediation for user devices, a console that offers real-time network visualization, automated policy optimization driven by impact assessment of attacks, advanced IPS, custom application detectors for Application Visibility and Control, customized health alerts, improved reporting features, and application interfaces for host input and database access. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be managed via the on-device ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage engineering developed for the PIX 500 Series firewall, Cisco's IPS 4200 Series sensor, and Cisco's VPN 3000 model concentrator. These solutions enable the Cisco ASA Firewall family to offer a platform that defends against the broadest range of threats. Cisco ASA Firewalls deliver program protection, local containment, and safe Virtual Private Network connectivity across Cisco's product line. This breadth of protection allows defense of any network section, including the most typical attack conduits such as remote locations, locally-attached internal users, and off-site connected Virtual Private Networks.
The expandable design of the ASA 5500 family enables you to add features via service modules and security service cards (SSCs). These user-installable options provide the option of adding IPS and content protection services like blocking virus, worms, and phishing attacks and executing file and web filtering. Beside allowing you to respond quickly to the latest threat environments, the extensible design of the Cisco ASA 5500 Series also protects your hardware investment by increasing the life of your firewalls. The ASA 5500 Series also leverages your investment in IT staff training by utilizing the familiar library of PIX security management utilities and protocols such as the Cisco Adaptive Security Device Manager platform, protected command-line interface availability, verbose syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide a high-level of application security via intelligent, application-aware inspection engines that examine traffic at Layers 4-7. This results in a better protected environment including Web, voice, and mobile wireless connectivity. To protect against application-layer attacks and to offer stronger policing of the programs and protocols used in their networks, Cisco's inspection engines incorporate broad application and protocol knowledgebases and employ security enforcement solutions that include protocol anomaly detection and state tracking. Also included are assault detection and remediation technology including application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver control over instant messaging and peer-to-peer file sharing, allowing organizations to police usage policies and recover bandwidth for important business processes.
For more information about Progent's support services for Cisco's ASA 5500 firewalls, go to Cisco ASA 5500 firewalls integration and debugging services.
Based upon a tested, purpose-built OS that offers rich security features, Cisco PIX firewalls provide a high level of protection and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IPsec qualification. Cisco PIX firewalls provide security for a broad array of VoIP and additional multimedia conventions such as H.323 v. 4, SIP, Cisco Skinny Client Control Protocol (SCCP), RTSP, and MGCP, enabling businesses to protect installations of a wide array of current and upcoming IP voice and multimedia applications.
Cisco PIX firewalls feature a variety of setup, tracking, and troubleshooting features, giving IT managers the flexibility to use the methods that most closely meet their needs. Management solutions include common, policy-based administration utilities, integrated web-accessible management, and compatibility with remote-tracking standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a powerful Web-based management platform that significantly simplifies the deployment, ongoing modification, and tracking of a single Cisco PIX firewall appliance without requiring any extra utility beyond a standard browser and Java applet to be installed on an administrator's computer.
Administrators can furthermore remotely configure, monitor, and troubleshoot PIX firewall appliances using a command-line interface. Safe command-line interface (CLI) communication is available through several methods including SSHv2 Protocol, Telnet through IP Security, and out-of-band via a console port. PIX firewall appliances also have dependable automatic-update features, a set of revolutionary protected remote-administration options that make sure that security settings and software images are kept current.
For more information about Progent's consulting services for PIX security appliances, go to PIX 500 firewalls configuration and troubleshooting support.
Progent's Migration Support Services for Cisco Firewalls
Because Cisco has stopped offering the PIX and ASA 5500 product lines, many companies are concerned about depending on a key infrastructure mechanism that might stop being supported. Cisco ASA 5500-X and Firepower NGFW Series security appliances offer the benefit of being current products and also offer several functions and financial benefits in comparison to PIX 500 devices. These advantages include substantially higher throughput, optional SSL tunneling capability, and a modular architecture that guards your investment by enabling you to add new security services when and if you require them. Progent's Cisco experts can assist your company to assess the strategic value of for migrating from PIX or ASA 5500 firewalls, create a migration process that allows for a fast and non-disruptive changeover, assist your IT staff to install new ASA 5500-x or Firepower NGFW Series appliances, and provide remote training, consulting, and troubleshooting services.
Other Ways Progent Can Assist Your Business with Cisco Firewalls
Cisco Firepower NGFW Series, ASA 5500 Series, and PIX firewalls incorporate an array of configuration, tracking, and troubleshooting options that offer you the flexibility to set up these firewalls to match your business requirements. Progent's CCIE authorized network consultants can assist you to design a cost-effective infrastructure that includes Cisco security appliances and that offers advanced protection, resilience, performance, and manageability. Progent's CISA and CISSP-ISSP-premier IS security experts can assist you to develop a security policy that makes sense for your situation and can configure your security appliance to support your security policies. Progent's risk evaluation consultants can evaluate the strength of your existing firewall solution and help determine the security of your entire IT network. Progentís Technical Response Center can deliver urgent remote technical support for Cisco products and can give you fast access to a Cisco network engineer.
To learn additional information concerning Progent's professional support for Cisco products, choose a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To ask Progent about engineering support for Cisco technology, phone 1-800-993-9400 or go to Contact Progent.