Cisco is a perennial leader in delivering state-of-the-art firewall appliances for the broadest possible variety of deployments. Cisco's Firepower NGFWs Firewalls provide an advanced cybersecurity solution that marshals sophisticated hardware, cloud-based services, and machine learning to block, discover, and mitigate cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can help your organization to plan and carry out an efficient migration to Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you enhance Firepower appliances with Cisco's cloud-based services to create and centrally manage IT environments that include branch offices, data centers, and cloud resources. Progent's firewall consultants can also help you to manage and troubleshoot older-generation Cisco security appliances. Progent's certified network security experts can assist you with policy creation driven by industry best practices in order to establish a consistent and effective security profile that applies to all your networked devices anywhere.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower NGFWs Firewalls deliver a major performance boost compared to Cisco's previous-generation ASA 5500-X firewalls and include centralized management of modern security features like application visibility, next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection (AMP), URL filtering, and multi-node sandboxing. For details about Cisco's Firepower portfolio of NGFWs Firewalls, see Cisco Firepower Series firewalls integration services.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances offer combined firewall, IPsec VPN, and IPS services in single-box devices, delivering a broad range of features to meet the security and compliance needs of companies ranging from small businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances allow IT security staffs to defend their network perimeter and provide safe remote connectivity while utilizing advanced management tools built on Cisco's world-class firewall products.
Cisco’s ASA 5500 and PIX firewall appliances have arrived at end-of-life (EOL) but remain widely deployed in small and mid-size businesses and in some enterprise networks. The ASA 5500-X Next-Generation Firewalls deliver significantly more bang for the buck and have superseded the ASA 5500 and PIX 500 families of firewalls for new installations. Still, Cisco's older model firewall appliances, if properly maintained, can offer a high degree of security by supplying a variety of features such as stateful firewall, VPN tunneling, and IPS.
Following Cisco's purchase of Sourcefire, the entire line of Cisco ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort technology, which is the market's most deployed intrusion protection system. Firepower services provide enhanced capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco-premier network engineers can help your organization to maintain and debug older ASA 5500 Series and PIX firewall appliances and can also help you to design and implement a smooth migration to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also assist you to design, configure, tune, manage and troubleshoot new firewall ecosystems based on Cisco's latest ASA 5500-X firewalls with Firepower Services. Progent can also help you to migrate from your Cisco ASA 5500-X deployment to Cisco's latest Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive family of ASA 5500-X firewalls features an enhanced replacement for each rack-mountable model in the previous ASA 5500 generation of firewalls. Each ASA 5500-X firewall targets the identical environment as the associated earlier models, which offers most ample choice for selecting a solution that meets their security requirements and budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful protection services. All devices in Cisco's ASA 5500-X family deliver consistent protection across any combination of physical, virtual, and cloud deployments.
For additional information about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's consulting for Cisco ASA security appliances, see Firepower configuration and debugging expertise
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with software or hardware modules that support Cisco's Firepower Services, which offer layered protection against sophisticated attacks. Cisco's Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA firewalls include:
- Multi-layer defense against both familiar and zero-day threats
- Advanced Malware Protection (AMP) that uses big data to discover and remediate security breaches
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at users, infrastructure, apps, and content to discover attacks that use simultaneous vectors
- High-resolution Application Visibility and Control (AVC that is aware of thousands of apps and can automatically activate both standard and custom IPS policies based on the degree of threats
Firepower Services for Cisco ASA firewalls offer advanced multi-layered protection
Smaller deployments of Cisco ASA 5500-X firewalls can be efficiently administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool provided with all ASA 5500-X models. ASDM provides a simple web dashboard for configuring, administering, and troubleshooting ASA 5500-X appliances and service modules.
For more complex environments, ASA 5500-X firewalls with Firepower can be managed using Firepower Management Center, available as one or more physical units or virtual appliances. Firepower Management Center provides unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection. Because of frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under several names that include Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center unifies event and policy control for Cisco Firepower firewalls
Cisco's Firepower Management Center offers capabilities beyond those available with Cisco's on-device Adaptive Security Device Manager tool. Additional capabilities include greater context awareness, Advanced Malware Protection with mitigation for client devices, a dashboard that offers dynamic infrastructure visualization, automated policy tuning driven by risk evaluation of attacks, comprehensive IPS, custom application discovery for Application Visibility and Control, customized health alerts, enhanced reporting options, and application interfaces for host input and database access. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's ASA 5500-X on-device ASDM or the ASA CLI.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls build on engineering developed for the Cisco PIX 500 family firewall, the IPS 4200 Series sensor, and the Cisco VPN 3000 Series concentrator. These technologies enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to offer a firewall that stops the widest variety of threats. Cisco Adaptive Security Appliances (ASA) Firewalls deliver program protection, network containment, and safe Virtual Private Network connectivity throughout the entire product portfolio. This broad scope of protection enables defense of any network segment, which includes the most common attack conduits such as remote locations, locally-connected inside users, and remote access VPNs.
The scalable design of the ASA 5500 Series allows you to add more security services via security service modules and security service cards (SSCs). These user-installable enhancements give you the ability to add Intrusion Protection and content protection functions such as filtering virus, worms, and phishing assaults and executing file and URL filtering. Beside enabling your IT staff to respond quickly to new threat environments, the extensible design of the Cisco ASA 5500 Series also protects your hardware investment by prolonging the life of your firewalls. The ASA 5500 family also protects your investment in administrative team training by utilizing the familiar set of PIX management utilities and protocols such as the Cisco Adaptive Security Device Manager platform, secure command-line interface (CLI) access, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances firewalls provide a high-level of application protection via smart, application-sensitive inspection engines that examine network flows at Layers 4-7. The result is a better protected environment covering Web, voice, and mobile wireless services. To protect against application-layer assaults and to offer better policing of the programs and protocols used in their networks, these inspection engines incorporate extensive application and protocol knowledgebases and employ security enforcement solutions such as protocol anomaly sensing and state monitoring. Also included are attack detection and remediation technology including application/protocol command filters and URL deobfuscation. Cisco ASA firewall inspection engines also provide control over instant messaging and tunneling applications, enabling businesses to police usage policies and recover bandwidth for vital business processes.
For more information about Progent's support services for ASA 5500 firewalls, go to Cisco ASA 5500 series firewalls configuration and debugging services.
Cisco PIX Firewalls
Based upon a tested, purpose-built operating system that delivers a wealth of security features, PIX firewall appliances provide excellent protection and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security certification. Cisco PIX security appliances offer protection for a wide range of Voice over IP and additional mixed-media conventions such as H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, enabling organizations to safeguard deployments of a broad range of contemporary and upcoming IP voice and video applications.
PIX firewall appliances offer a wealth of configuration, monitoring, and analysis features, providing businesses the flexibility to use the methods that most closely meet their needs. Administrative solutions include common, policy-based administration utilities, integrated web-accessible management, and compatibility with remote-monitoring protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a powerful Web-based control solution that significantly simplifies the installation, ongoing configuration, and tracking of a single Cisco PIX firewall without the need of any additional software beyond a standard Web browser and Java applet to be installed on an administrator's PC.
IT managers can furthermore remotely set up, track, and troubleshoot Cisco PIX firewall appliances using a CLI interface. Safe command-line interface access is available through a number of methods such as Secure Shell Protocol, Telnet through IPsec, and out-of-band via a console port. Cisco PIX security appliances also have robust auto-update features, a collection of revolutionary protected remote-management options that make sure that firewall settings and software images are kept current.
For additional details about Progent's support services for PIX 500 firewalls, see PIX 500 firewalls integration and debugging support.
Progent's Migration Consulting Services for Cisco Firewalls
Because Cisco has discontinued offering the PIX and ASA 5500 product lines, many companies are concerned about relying on a key security component that might stop being supported by Cisco. ASA 5500-X and Firepower Series security appliances offer the benefit of being current products and also offer several functions and economic advantages in comparison to PIX 500 firewalls. These benefits include substantially higher performance, optional SSL VPN capability, and an expandable design that guards your investment by enabling you to self-install more security services whenever you require them. Progent's Cisco certified experts can help you to determine the business case for upgrading from PIX 500 or Cisco ASA 5500 security appliances, create a migration plan that allows for a quick and non-disruptive upgrade, help your IT staff to install new ASA 5500-x Series or Firepower NGFW Series appliances, and provide remote training, consulting, and technical support services.
Other Ways Progent Can Help You with Cisco ASA and PIX Security Appliances
Cisco Firepower Series, ASA Series, and PIX family firewalls incorporate a wealth of configuration, monitoring, and troubleshooting options that give you the ability to set up these firewalls to match your business needs. Progent's CCIE certified network experts can help you to configure and support a cost-effective network infrastructure that incorporates Cisco security appliances and that provides advanced protection, resilience, performance, and manageability. Progent's CISA and CISSP-ISSP-certified information security professionals can help your business to create a security policy appropriate for your environment and can set up your PIX or ASA firewall to enforce your security strategy. Progent's risk assessment engineers can evaluate the effectiveness of your current firewall solution and audit the security of your whole information system environment. Progent’s Help Desk support team can deliver emergency remote technical support for Cisco products and offer quick access to a Cisco CCIE network engineer.
To find out additional details concerning Progent's professional support for Cisco technology, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To ask Progent about professional expertise for Cisco technology, call 1-800-993-9400 or refer to Contact Progent.