Cisco is a long-time leader in delivering state-of-the-art firewall appliances for the broadest possible variety of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) represent an advanced firewall platform that combines dedicated hardware, cloud-based services, and machine learning to anticipate, discover, and mitigate threats automatically. Progent's Cisco-certified CCIE firewall consultants can assist your organization to plan and carry out a smooth migration to Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and help you integrate Firepower appliances with Cisco's subscription-based security services to build and centrally manage network environments that span local offices, data centers, and cloud resources. Progent's firewall consultants can also help you to manage and troubleshoot older-generation Cisco firewalls. Progent's certified cybersecurity consultants can assist you with policy creation based on industry best practices in order to establish a consistent cybersecurity posture that applies to all your endpoints at any location.
Cisco's Firepower NGFW Firewalls
Cisco's Firepower NGFWs Firewalls deliver a significant performance boost compared to Cisco's popular ASA 5500-X firewalls and offer centralized management and automation of modern cybersecurity features like application visibility and control, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection, URL filtering, and multi-node sandboxing. For details about Cisco's Firepower family of Next Generation Firewalls (NGFWs), see Firepower firewalls consulting expertise.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco's ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances offer integrated firewall, IPsec VPN, and IPS services in single-box packages, delivering a broad array of features to match the security and compliance needs of organizations ranging from small and mid-size businesses to enterprises and Internet service providers. Cisco's ASA 5500-X, ASA 5500, and PIX 500 firewall appliances allow IT security staffs to protect their network perimeter and offer safe remote access while utilizing powerful management mechanisms based on Cisco's world-class firewall products.
Cisco's ASA 5500 and PIX firewalls have arrived at end-of-life (EOL) but are still widely deployed in small and mid-size businesses and in a few larger data centers. The ASA 5500-X Next-Generation Firewalls represent significantly more value and have superseded the ASA 5500 and PIX 500 lines of firewalls for new deployments. However, Cisco's legacy firewalls, if carefully maintained, continue to offer a high level of security by supplying multiple features including firewall, VPN, and IPS.
After Cisco's acquisition of Sourcefire, the entire line of Cisco ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort product, which is the market's most deployed intrusion protection system (IPS). Firepower services bring powerful new features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco-premier infrastructure consultants can help you to maintain and troubleshoot older ASA 5500 and PIX 500 firewall appliances and can also assist you to plan and carry out an efficient upgrade to Cisco's ASA 5500-X firewalls with Firepower. Progent can also help you to design, integrate, optimize, manage and debug new firewall ecosystems based on Cisco's latest ASA 5500-X models with Firepower. Progent's firewall consultants can also assist your organization to upgrade from your Cisco ASA 5500-X Series solution to Cisco's Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X security appliances includes an improved substitute for every rack-mountable unit in the older ASA 5500 line of devices. Each ASA 5500-X firewall is suited for the identical environment as the corresponding previous models, which offers most ample room for picking a solution that meets their security requirements and IT budgets. All ASA 5500-X products build on Cisco's proven stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore processors and support Cisco's advanced security services. All devices in Cisco's ASA 5500-X product line deliver consistent protection across any combination of physical, virtual, and cloud deployments.
For additional information about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's consulting for Cisco ASA 5500-X firewalls, go to Firepower configuration and debugging consulting
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls work with software or physical modules that enable Firepower Services, which offer layered protection against sophisticated threats. Firepower Services are based on technology adopted by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA security appliances include:
- Multi-layer protection against both familiar and zero-day attacks
- Cisco's Advanced Malware Protection (AMP) that uses big data techniques to discover and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that looks at users, infrastructure, software applications, and content to discover threats that use simultaneous approaches
- High-resolution Application Visibility and Control that is aware of thousands of applications and can automatically activate standard and customized IPS policies based on the degree of risk
Firepower Services for Cisco ASA 5500-X firewalls offer multi-layered security
Smaller deployments of ASA firewalls can be effectively administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool provided with all ASA 5500-X models. ASDM includes a simple web console for configuring, managing, and debugging ASA 5500-X devices and service modules.
For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower can be administered with Cisco's Firepower Management Center, available as one or more physical or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of ongoing rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under several names including Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center centralizes event and policy management for Cisco Firepower firewalls
Firepower Management Center provides capabilities unavailable with Cisco's on-device Adaptive Security Device Manager tool. Extra features include greater context awareness, Advanced Malware Protection (AMP) with mitigation for client devices, a dashboard that provides real-time network infrastructure visualization, automated policy optimization based on risk assessment of attacks, comprehensive IPS, custom app discovery for Application Visibility and Control, customized health notifications, improved reporting options, and application interfaces for host input and databases. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be handled using either the on-box ASDM or the ASA CLI.
Cisco ASA 5500 Firewalls
Cisco ASA Firewalls build on technology behind the PIX 500 firewall, the Cisco IPS 4200 sensor, and Cisco's VPN 3000 family concentrator. These technologies converge on the Cisco Adaptive Security Appliances Firewall family to offer a platform that defends against the broadest range of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls provide program protection, network containment and control, and safe VPN connectivity across Cisco's product line. This breadth of security enables defense of any network area, including the most typical attack vectors like remote locations, locally-connected inside users, and remote connected Virtual Private Networks.
The expandable design of the ASA 5500 Series enables you to add services via security service modules and security service cards. These user-installable enhancements provide the option of adding IPS and content protection functions such as filtering virus, spyware, and phishing attacks and performing file and URL screening. Beside enabling your IT staff to respond rapidly to new threat vectors, the extensible architecture of the Cisco ASA 5500 Series also leverages your capital investment by increasing the life of your security appliances. The Cisco ASA 5500 Series also protects your investment in IT staff education by supporting the familiar set of PIX management tools and protocols including the Cisco Adaptive Security Device Manager (ASDM) system, secure command-line interface (CLI) access, syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances 5500 Series firewalls deliver robust application security via intelligent, application-sensitive inspection engines that examine traffic at Layers 4-7. The result is a safer network covering Web, voice, and mobile wireless access. To protect networks against application-layer attacks and to offer better policing of the applications and protocols used in their networks, Cisco's inspection engines incorporate broad application and protocol knowledgebases and employ security enforcement solutions such as anomaly sensing and state tracking. Also included are assault sensing and mitigation technology including application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide management of instant messaging and tunneling applications, enabling organizations to police usage policies and conserve bandwidth for important business applications.
For more details about Progent's support services for ASA 5500 security appliances, visit ASA 5500 series firewalls integration and troubleshooting services.
PIX Security Appliance Series
Based upon a tested, specialized software platform that delivers a wealth of security services, Cisco PIX firewall appliances offer excellent security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security qualification. PIX security appliances offer security for a broad array of VoIP and additional multimedia conventions such as H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol, helping organizations to safeguard installations of a broad array of current and next-generation IP voice and mixed-media applications.
PIX firewall appliances feature a variety of setup, tracking, and analysis options, giving IT managers the versatility to use the techniques that best meet their requirements. Administrative solutions include centralized, policy-based administration utilities, integrated web-accessible administration, and support for remote-tracking standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a powerful Web-accessible control platform that greatly streamlines the installation, in-place configuration, and monitoring of a single PIX security appliance without requiring any additional software beyond a standard browser and Java applet to be running on a manager's computer.
IT managers can furthermore remotely set up, track, and analyze PIX firewalls using a command-line interface. Secure command-line interface access is possible using several methods including Secure Shell (SSHv2) Protocol, Telnet over IPsec, and out-of-band via a console port. PIX security appliances also include dependable automatic-update capabilities, a set of revolutionary secure remote-management services that make sure that security configurations and software images are always up to date.
For additional information about Progent's consulting services for Cisco PIX 500 firewalls, visit Cisco PIX 500 firewalls configuration and debugging support.
Progent's Migration Support Services for Cisco Firewalls
Because Cisco has ceased offering the PIX and ASA 5500 product lines, many businesses are uncomfortable with relying on a critical security mechanism that might no longer be supported. Cisco ASA 5500-X and Firepower Series security appliances offer the benefit of being new devices and also offer a number of functions and financial advantages in comparison to PIX 500 firewalls. These benefits include significantly better throughput, optional Secure Sockets Layer tunneling capability, and a modular architecture that protects your investment by enabling you to add new security features whenever you require them. Progent's CCIE-certified network engineers can help you to determine the business value of for migrating from PIX or Cisco ASA 5500 security appliances, create a migration process that permits a fast and seamless upgrade, assist your IT staff to set up new ASA 5500-x or Firepower Series firewalls, and provide remote training, consulting, and troubleshooting services.
Additional Ways Progent Can Assist Your Business with Cisco ASA and PIX Firewalls
Cisco Firepower NGFW Series, ASA 5500 Series, and PIX family security appliances provide an array of setup, monitoring, and troubleshooting options that offer you the flexibility to set up these security appliances to align optimally with your business needs. Progent's CCIE certified network professionals can show you how to configure and support an efficient network infrastructure that incorporates Cisco firewall technology and that provides world-class security, resilience, performance, and recoverability. Progent's GISA and CISM-premier IS security consultants can assist your business to create a security policy appropriate for your business and can set up your firewall to support your security policies. Progent's security assessment professionals can evaluate the effectiveness of your existing firewall deployment and audit the overall security of your whole information system environment. Progent's Technical Response Center (TRC) can provide emergency online troubleshooting for Cisco technology and offer quick access to a Cisco CCIE network engineer.
To find out more details concerning Progent's engineering assistance for Cisco solutions, choose a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To get in touch with Progent about technical support for Cisco networking, phone 1-800-993-9400 or refer to Contact Progent.