Cisco is a perennial front-runner in developing state-of-the-art firewall appliances for the broadest possible variety of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) represent an advanced cybersecurity solution that marshals dedicated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to block, identify, and respond to cyber attacks without manual intervention. Progent's Cisco-certified CCIE firewall experts can assist your organization to design and execute an efficient upgrade to Cisco Firepower firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you enhance Firepower appliances with Cisco's subscription-based security services to build and centrally manage network environments that include local offices, data centers, private clouds and public clouds. Progent's firewall consultants can also assist you to manage and debug legacy Cisco security appliances. Progent's certified cybersecurity experts can help you with policy creation based on leading best practices in order to establish a consistent cybersecurity profile across all your endpoints at any location.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower NGFWs Firewalls deliver a major performance boost over Cisco's previous-generation ASA 5500-X security appliances and offer unified management and automation of modern security capabilities like application visibility and control (AVC), next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection, DDoS mitigation, and multi-node sandboxing. For details about Cisco's Firepower portfolio of Next Generation Firewalls, see Firepower firewalls integration expertise.
Cisco's ASA 5500-X Series and Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances offer integrated firewall, VPN, and IPS capabilities in single-box packages, delivering a wide range of features to meet the security and compliance requirements of organizations ranging from small businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X, ASA 5500, and PIX firewall appliances enable network security teams to protect their network edge and offer safe offsite and mobile connectivity while utilizing advanced administration mechanisms based on Cisco's world-class firewall technology.
Ciscoís ASA 5500 and PIX firewalls have reached end-of-life (EOL) but remain widely deployed in small and mid-size businesses and in a few enterprise data centers. Ciscoís ASA 5500-X Series Next-Generation Firewalls deliver significantly more value and have superseded Cisco's ASA 5500 and PIX 500 families of firewalls for new installations. Still, Cisco's older model firewall appliances, if properly managed, can offer a high degree of protection by supplying a variety of features such as stateful firewall, VPN, and IPS.
Since Cisco's acquisition of Sourcefire, the whole line of ASA 5500-X devices can be provisioned to support Firepower Services, built on Sourcefire's Snort technology, which is the world's most popular intrusion protection system (IPS). Firepower services provide powerful new features including advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-certified network engineers can assist your organization to support and troubleshoot older ASA 5500 Series and PIX firewall appliances and can also help you to plan and implement an efficient upgrade to Ciscoís ASA 5500-X Series firewalls with Firepower. Progent can also assist you to design, integrate, tune, manage and troubleshoot new firewall ecosystems built on Cisco's latest ASA 5500-X firewalls with Firepower Services. Progent can also help you to upgrade from your Cisco ASA 5500-X deployment to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X security appliances features an improved replacement for each rack-mountable unit in the previous ASA 5500 generation of firewalls. Each ASA 5500-X firewall is suited for the same environment as the corresponding earlier models, which gives small and midsize businesses ample choice for selecting a solution that meets their security requirements and IT budgets. All ASA 5500-X products are based on Cisco's proven stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and support Cisco's powerful security services. All devices in Cisco's ASA 5500-X product line provide consistent security across any combination of physical, virtual, and cloud environments.
For additional information about ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for ASA 5500-X firewalls, visit Firepower configuration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls accept software or physical modules that enable Cisco's Firepower Services, which provide layered protection against advanced attacks. Cisco's Firepower Services are based on technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA 5500-X security appliances include:
- Multi-layer defense against both familiar and zero-day attacks
- Advanced Malware Protection that utilizes big data techniques to discover and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at clients, network infrastructure, software applications, and content to detect threats that use simultaneous vectors
- Fine-grained Application Visibility and Control that is aware of thousands of applications and can automatically launch standard and customized IPS policies depending on the severity of risk
Firepower Services for ASA 5500-X firewalls provide multi-layered security
Simpler implementations of Cisco ASA firewalls can be efficiently managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility included with all ASA 5500-X versions. ASDM provides an easy-to-use web dashboard for deploying, administering, and troubleshooting ASA 5500-X devices and service modules.
For multi-device and multi-site deployments, ASA 5500-X appliances with Firepower Services can be administered with Cisco's Firepower Management Center, available as one or several physical or virtual devices. Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Due to frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names including Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center centralizes event and policy management for Cisco Firepower firewalls
Firepower Management Center provides capabilities unavailable with Cisco's on-box ASDM utility. Additional features include greater context awareness, Advanced Malware Protection with mitigation for user devices, a console that provides dynamic network infrastructure visualization, automated policy tuning driven by impact assessment of threats, advanced IPS, custom app detectors for Application Visibility and Control (AVC), customized health notifications, improved reporting features, and application interfaces for host input and databases. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's ASA 5500-X on-box ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Adaptive Security Appliances
Cisco ASA 5500 Series Firewalls build on engineering behind the PIX 500 family Security Appliance, Cisco's IPS 4200 family sensor, and the VPN 3000 family concentrator. These solutions enable the Cisco ASA Firewall product line to deliver a firewall that defends against the widest variety of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide application protection, local containment, and clean Virtual Private Network functionality throughout the entire product portfolio. This breadth of security enables the guarding of any network segment, including the most typical threat vectors like remote sites, locally-connected inside users, and remote access VPNs.
The expandable architecture of the ASA 5500 Series enables you to add services by installing security service modules (SSMs) and security service cards (SSCs). These easy-to-install enhancements give you the ability to add Intrusion Protection and content protection functions like filtering virus, spyware, and phishing assaults and executing file and web filtering. Beside enabling you to respond rapidly to the latest risk vectors, the extensible architecture of the Cisco ASA 5500 family also protects your hardware investment by increasing the useful life of your firewalls. The ASA 5500 family also leverages your investment in administrative team training by supporting the familiar library of PIX management utilities and protocols including the Cisco Adaptive Security Device Manager platform, protected command-line interface (CLI) availability, verbose syslog, and SNMP.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver a high-level of application security via smart, application-aware inspection engines that examine network flows at Layers 4-7. This produces a better protected environment including Web, voice, and mobile wireless connectivity. To defend against application-layer attacks and to offer stronger policing of the programs and protocols used in their environments, these inspection engines integrate extensive application and protocol knowledge and rely on protection enforcement technologies that include anomaly sensing and application and protocol state monitoring. Also included are attack detection and mitigation techniques including application/protocol command filters and URL deobfuscation. Cisco ASA firewall inspection engines also provide control over IM and peer-to-peer file sharing, allowing organizations to enforce usage policies and free up bandwidth for critical business applications.
For additional information about Progent's support services for Cisco's ASA 5500 firewalls, see ASA 5500 series firewalls configuration and debugging services.
PIX Firewall Appliances
Built around a tested, specialized software platform that offers rich security features, Cisco PIX firewalls offer excellent security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. Cisco PIX firewall appliances offer security for a wide array of VoIP and additional mixed-media standards such as H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping organizations to protect deployments of a wide range of contemporary and upcoming VoIP and video applications.
PIX security appliances feature a variety of setup, tracking, and analysis features, giving businesses the versatility to utilize the techniques that best meet their requirements. Management solutions include centralized, policy-based administration tools, integrated web-based management, and compatibility with remote-monitoring standards like Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager interface offers a powerful Web-accessible management platform that greatly simplifies the installation, ongoing configuration, and tracking of a specific PIX security appliance without the need of any additional utility beyond an ordinary Web browser and Java applet to be installed on an administrator's computer.
Administrators can also remotely configure, monitor, and analyze PIX firewall appliances via a command-line interface. Safe command-line interface communication is possible through several methods including SSHv2 Protocol, Telnet through IPsec, and out-of-band via a console port. PIX firewall appliances also include dependable automatic-update features, a collection of advanced protected remote-management options that ensure security configurations and software images are always current.
For additional details about Progent's consulting services for Cisco PIX 500 security appliances, visit PIX firewalls configuration and troubleshooting support.
Progent's Migration Consulting for Cisco Firewalls
Because Cisco has stopped selling the PIX 500 and ASA 5500 product lines, many companies are uncomfortable with relying on a critical infrastructure mechanism that may stop being supported. Cisco ASA 5500-X and Firepower NGFW Series firewalls have the advantage of being new products and also bring a number of technical and economic advantages in comparison to PIX 500 firewalls. These advantages include substantially better throughput, optional SSL tunneling capability, and a modular architecture that protects your investment by enabling you to add new security services whenever you require them. Progent's Cisco certified network engineers can help you to determine the strategic case for migrating from PIX 500 or Cisco ASA 5500 security appliances, create a migration process that permits a fast and seamless upgrade, assist your IT staff to configure new ASA 5500-x or Firepower Series firewalls, and provide online, consulting, and troubleshooting services.
Other Ways Progent Can Help You with Cisco ASA and PIX Security Appliances
Cisco's Firepower Series, ASA Series, and PIX firewalls incorporate an array of setup, monitoring, and troubleshooting options that give you the flexibility to deploy these firewalls to match your business needs. Progent's CCIE authorized network consultants can assist you to build an efficient infrastructure that includes Cisco firewall technology and that provides world-class protection, resilience, performance, and recoverability. Progent's CISA and CISM-certified information security professionals can help your business to develop a security strategy appropriate for your environment and can set up your security appliance to enforce your security policies. Progent's security evaluation professionals can evaluate the effectiveness of your current firewall solution and help determine the security of your whole IS network. Progentís Technical Response Center can deliver emergency remote technical support for Cisco products and offer fast access to a Cisco CCIE network engineer.
To see more details concerning Progent's engineering help for Cisco technology, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to contact Progent about professional support for Cisco products, phone 1-800-993-9400 or refer to Contact Progent.