Cisco is a perennial leader in delivering cutting-edge firewalls for the widest possible variety of deployments. Cisco's Firepower NGFWs Firewalls provide an advanced firewall solution that combines sophisticated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to block, identify, and respond to cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can assist your organization to design and carry out an efficient migration to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and show you how to enhance Firepower appliances with Cisco's security services to create and centrally control IT environments that span branch offices, data centers, and cloud resources. Progent's firewall consultants can also help you to manage and debug older-generation Cisco firewalls. Progent's certified network security experts can assist you with policy creation and tuning driven by industry best practices in order to establish a consistent cybersecurity profile across all your endpoints anywhere.
Cisco's Firepower NGFW Firewalls
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a major performance improvement over Cisco's previous-generation ASA 5500-X security appliances and offer unified management and automation of modern cybersecurity features like application visibility, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), distributed denial of service (DDoS) mitigation, and multi-node sandboxing. For more information about Cisco's Firepower family of NGFWs Firewalls, refer to Cisco Firepower firewalls consulting services.
Cisco's ASA 5500-X Series and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500, and PIX firewalls provide integrated firewall, IPsec VPN, and intrusion prevention system capabilities in compact single-box packages, delivering a wide array of features to match the security and compliance needs of companies from small and mid-size businesses to enterprises and ISPs. Ciscoís ASA 5500-X, ASA 5500, and PIX 500 firewall appliances enable network security staffs to protect their network edge and offer secure offsite and mobile access while using advanced administration mechanisms built on Cisco's world-class firewall products.
Ciscoís ASA 5500 and PIX 500 firewalls have reached end-of-life status but remain commonly used in small and mid-size businesses and in some larger data centers. Ciscoís ASA 5500-X Series Next-Generation Firewalls deliver significantly more bang for the buck and have superseded the ASA 5500 and PIX families of firewalls for new deployments. Still, Cisco's older model firewalls, if properly maintained, continue to offer a high degree of protection by providing a variety of features such as firewall, VPN tunneling, and IPS.
Following Cisco's acquisition of Sourcefire, the entire family of Cisco ASA 5500-X firewalls can be provisioned to enable Firepower Services, based on Sourcefire's Snort technology, which is the world's most popular intrusion protection system (IPS). Firepower services bring powerful new features including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco CCIE-certified network consultants can help your organization to maintain and troubleshoot legacy ASA 5500 Series and PIX 500 firewall appliances and can also help you to plan and implement a smooth migration to Ciscoís ASA 5500-X firewalls with Firepower. Progent can also help you to design, integrate, optimize, manage and troubleshoot new firewall solutions based on Cisco's latest ASA 5500-X models with Firepower Services. Progent's firewall consultants can also assist you to migrate from your Cisco ASA 5500-X Series solution to Cisco's latest Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive line of ASA 5500-X security appliances features an enhanced substitute for each rack-mountable unit in the previous ASA 5500 line of firewalls. Each ASA 5500-X model is suited for the same market as the associated earlier models, which gives small and midsize businesses ample room for selecting a solution that aligns with their security needs and budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and are capable of running Cisco's advanced security services. All models in Cisco's ASA 5500-X family provide consistent protection across any combination of physical, virtual, and cloud deployments.
For additional information about Cisco's ASA 5500-X security appliances, Cisco Firepower services, and Progent's support for ASA firewalls, go to Firepower configuration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with either software or hardware modules that enable Cisco's Firepower Services, which provide layered defense against advanced threats. Firepower Services are based on technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X firewalls include:
- Multi-layer protection against both familiar and zero-day threats
- Advanced Malware Protection (AMP) that uses big data to find and mitigate security breaches
- A Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers users, network infrastructure, software applications, and content to discover attacks that use simultaneous approaches
- High-resolution Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically activate standard and customized IPS policies depending on the degree of threats
Firepower Services for Cisco ASA firewalls provide multi-layered security
Smaller deployments of ASA 5500-X firewalls can be effectively administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool included with all ASA 5500-X models. ASDM provides an easy-to-use web dashboard for deploying, managing, and debugging ASA 5500-X appliances and service modules.
For more complex environments, ASA 5500-X firewalls with Firepower Services can be managed using Cisco's Firepower Management Center, available as one or several physical or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under several names that include Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center unifies event and policy control for Cisco Firepower firewall appliances
Firepower Management Center offers features unavailable with Cisco's on-device ASDM utility. Additional capabilities include expanded context awareness, Cisco's Advanced Malware Protection with mitigation for user devices, a dashboard that provides dynamic network infrastructure visualization, automated policy optimization based on impact assessment of threats, advanced IPS, custom app discovery for Application Visibility and Control, customized health notifications, improved reporting options, and application interfaces for host input and databases. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be handled using the on-box ASDM or the ASA CLI.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances Firewalls build on engineering developed for the PIX 500 Series firewall, Cisco's IPS 4200 Intrusion Prevention System, and the VPN 3000 Series concentrator. These technologies enable the Cisco Adaptive Security Appliances Firewall family to offer a firewall that stops the broadest variety of threats. Cisco ASA Firewalls provide program security, local containment, and clean VPN functionality across Cisco's product portfolio. This broad scope of protection allows the guarding of any network section, which includes the most typical threat conduits like remote locations, locally-attached inside users, and off-site connected VPNs.
The scalable architecture of the ASA 5500 family enables you to add features by installing service modules and security service cards (SSCs). These easy-to-install enhancements provide the ability to add IPS and content protection services such as blocking virus, spyware, and phishing assaults and executing file and URL screening. In addition to allowing your IT staff to react quickly to the latest risk vectors, the expandable design of the Cisco ASA 5500 Series also leverages your capital investment by prolonging the life of your security appliances. The ASA 5500 Series also protects your investment in IT staff education by utilizing the familiar set of PIX management tools and protocols such as the Cisco ASDM platform, protected command-line interface access, syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances (ASA) firewalls deliver robust application protection via smart, application-sensitive inspection engines that examine traffic at Layers 4-7. This produces a safer network covering Web, voice, and mobile wireless access. To protect networks against application-layer attacks and to provide stronger control over the applications and protocols used in their environments, these inspection engines incorporate broad application and protocol knowledgebases and rely on security enforcement technologies that include anomaly sensing and state tracking. Also included are attack detection and remediation technology including application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide management of instant messaging and peer-to-peer file sharing, allowing businesses to enforce usage policies and conserve network bandwidth for vital business applications.
For additional details about Progent's support services for Cisco's ASA 5500 firewalls, see ASA 5500 series firewalls configuration and debugging consulting.
PIX Security Appliance Series
Built around a hardened, purpose-built software platform that offers rich protection services, Cisco PIX firewalls provide excellent protection and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IPsec qualification. Cisco PIX security appliances provide protection for a broad array of Voice over IP and additional multimedia standards such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), RTSP, and MGCP, enabling businesses to protect deployments of a broad array of contemporary and next-generation Voice over IP and mixed-media applications.
PIX security appliances offer a wealth of configuration, tracking, and analysis features, giving IT managers the flexibility to use the techniques that best meet their needs. Management options include common, policy-based management tools, integrated web-based management, and compatibility with remote-tracking standards like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a world-class Web-based control solution that greatly simplifies the installation, ongoing configuration, and tracking of a single Cisco PIX firewall appliance without the need of any extra utility other than a standard browser and Java applet to be running on an administrator's PC.
IT managers can also remotely set up, monitor, and analyze Cisco PIX firewall appliances via a CLI interface. Secure CLI interface communication is available through several methods including SSHv2 Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. PIX firewalls also have dependable auto-update features, a set of revolutionary secure remote-management services that ensure firewall settings and software images are always current.
For additional information about Progent's consulting services for PIX 500 security appliances, see PIX firewalls integration and debugging support.
Progent's Migration Support for Cisco Firewalls
Because Cisco has discontinued selling the PIX and ASA 5500 product lines, many companies are uncomfortable with depending on a key security component that may stop being supported by Cisco. Cisco ASA 5500-X and Firepower Series firewalls have the benefit of being new devices and also bring a number of functions and budgetary advantages in comparison to PIX firewalls. These benefits include substantially higher throughput, optional Secure Sockets Layer VPN capability, and an expandable architecture that guards your investment by enabling you to add more security features when and if you require them. Progent's Cisco certified network engineers can help you to determine the strategic value of for upgrading from PIX 500 or Cisco ASA 5500 security appliances, create a migration plan that allows for a fast and seamless upgrade, assist your IT staff to set up new ASA 5500-x or Firepower Series firewalls, and offer remote training, consulting, and troubleshooting services.
Other Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco's Firepower NGFW Series, ASA 5500 Series, and PIX family security appliances provide an array of configuration, monitoring, and analysis options which give you the ability to deploy these security appliances to match your business needs. Progent's CCIE certified network experts can help you to build an efficient infrastructure that incorporates Cisco security appliances and that provides world-class security, fault tolerance, performance, and manageability. Progent's GISA and CISSP-ISSP-premier IS security consultants can assist your business to develop a security strategy that makes sense for your business and can configure your security appliance to support your security strategy. Progent's security assessment experts can assess the strength of your existing firewall solution and audit the security of your entire IT environment. Progentís Technical Response Center can deliver urgent remote troubleshooting for Cisco products and can give you fast access to a Cisco CCIE expert.
To learn additional information concerning Progent's consulting assistance for Cisco networking products, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to get in touch with Progent about technical help for Cisco technology, call 1-800-993-9400 or refer to Contact Progent.