Cisco is a perennial leader in delivering state-of-the-art firewalls for the broadest possible range of environments. Cisco's Firepower NGFWs Firewalls provide a modern cybersecurity solution that marshals dedicated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to block, identify, and respond to cyber attacks without manual intervention. Progent's Cisco-certified CCIE firewall consultants can help you to design and carry out a smooth migration to Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and show you how to integrate Firepower appliances with Cisco's subscription-based security services to create and centrally control network ecosystems that include branch offices, data centers, private clouds and public clouds. Progent's firewall consultants can also help you to manage and debug legacy Cisco firewalls. Progent's certified cybersecurity experts can help you with policy creation and tuning based on industry best practices so you can build a consistent and effective security profile across all your devices at any location.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower Next Generation Firewalls deliver a major performance improvement compared to Cisco's previous-generation ASA 5500-X firewalls and offer centralized management of advanced cybersecurity capabilities like application visibility and control, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection, URL filtering, and sandboxing. For details about Cisco's Firepower line of Next Generation Firewalls, visit Firepower Series firewalls consulting expertise.
Cisco's ASA 5500-X Series and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500, and PIX 500 firewall appliances offer integrated firewall, VPN, and intrusion prevention system capabilities in single-box packages, delivering a wide array of features to match the security requirements of companies from small businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X Series, ASA 5500, and PIX 500 firewall appliances enable network security staffs to defend their network perimeter and offer safe remote access while using powerful management mechanisms built on Cisco's world-class firewall products.
Ciscoís ASA 5500 Series and PIX 500 firewalls have arrived at end-of-life but remain widely used in small and mid-size businesses and in some larger data centers. The ASA 5500-X Next-Generation Firewalls represent substantially more value and have supplanted the ASA 5500 and PIX families of firewalls for new installations. However, Cisco's legacy firewall appliances, if carefully managed, can deliver a high level of protection by providing a variety of security functions including firewall, IPsec VPN, and IPS.
Since Cisco's purchase of Sourcefire, the whole line of Cisco ASA 5500-X firewalls can be provisioned to enable Firepower Services, based on Sourcefire's Snort product, which is the market's most deployed intrusion protection system (IPS). Firepower services bring enhanced features including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco-premier infrastructure engineers can help your organization to support and troubleshoot older ASA 5500 Series and PIX firewall appliances and can also assist you to design and carry out an efficient migration to Ciscoís ASA 5500-X Series firewalls with Firepower. Progent can also help you to plan, configure, optimize, manage and debug new firewall solutions built on Cisco's latest ASA 5500-X firewalls with Firepower. Progent can also help you to upgrade from your Cisco ASA 5500-X Series deployment to Cisco's Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive line of ASA 5500-X firewalls includes an improved substitute for each rack-mountable model in the older ASA 5500 series of devices. Each ASA 5500-X model is suited for the same environment as the corresponding previous models, which offers small and midsize businesses ample choice for selecting a solution that aligns with their security requirements and budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and support Cisco's powerful security services. All devices in Cisco's ASA 5500-X family provide dependable protection across any combination of physical, virtual, and cloud environments.
For additional information about ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for ASA security appliances, go to Firepower integration and debugging consulting
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls accept either software or hardware modules that enable Cisco's Firepower Services, which provide layered defense against multi-vector threats. Cisco's Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X firewalls include:
- Multi-layer protection against familiar and zero-day attacks
- Advanced Malware Protection that uses big data techniques to find and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that looks at clients, network infrastructure, apps, and content to discover threats that incorporate multiple approaches
- Fine-grained Application Visibility and Control that is aware of thousands of apps and can automatically activate standard and custom IPS policies based on the degree of risk
Firepower Services for ASA firewalls offer advanced multi-layered protection
Simpler implementations of Cisco ASA 5500-X firewalls can be efficiently administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool provided with all ASA 5500-X versions. ASDM includes a convenient web console for configuring, administering, and troubleshooting ASA 5500-X firewalls and modules.
For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower Services can be administered with Firepower Management Center, available as one or several physical units or virtual appliances. Firepower Management Center provides unified firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection. Due to frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names including Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Cisco Firepower Management Center centralizes event and policy management for Cisco Firepower firewalls
Cisco's Firepower Management Center offers features beyond those available with Cisco's on-device ASDM tool. Additional features include greater context awareness, Cisco's Advanced Malware Protection with mitigation for client devices, a dashboard that offers dynamic network infrastructure visualization, automated policy tuning driven by impact evaluation of threats, advanced IPS, custom application detectors for Application Visibility and Control, customized health alerts, enhanced reporting options, and application interfaces for host input and databases. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be managed using the on-device ASDM or the ASA CLI.
Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls leverage engineering developed for Cisco's PIX 500 Security Appliance, the IPS 4200 Series Intrusion Prevention System, and the VPN 3000 model concentrator. These solutions enable the Cisco Adaptive Security Appliances 5500 Series Firewall product line to offer a platform that stops the broadest range of attacks. Cisco Adaptive Security Appliances Firewalls deliver application security, local containment, and safe Virtual Private Network functionality throughout Cisco's product line. This breadth of protection allows defense of any network section, which includes the most typical threat vectors like remote locations, LAN-connected inside users, and remote access Virtual Private Networks.
The scalable architecture of the ASA 5500 family allows you to add features by installing security service modules (SSMs) and cards. These user-installable enhancements provide the ability to add IPS and content protection services such as blocking virus, worms, and phishing assaults and executing data and web screening. In addition to allowing you to respond quickly to new threat vectors, the extensible architecture of the ASA 5500 Series also leverages your capital investment by prolonging the useful life of your security appliances. The Cisco ASA 5500 Series also protects your investment in administrative staff education by utilizing the familiar set of PIX security management utilities and protocols including the Cisco Adaptive Security Device Manager (ASDM) platform, protected command-line interface (CLI) access, verbose syslog, and SNMP.
Cisco Adaptive Security Appliances 5500 Series firewalls provide a high-level of application security via smart, application-sensitive inspection processes that analyze network flows at Layers 4-7. The result is a better protected network covering Web, voice, and 3G-mobile wireless access. To protect against application-layer assaults and to offer stronger policing of the applications and protocols used in their networks, these inspection engines incorporate extensive application and protocol knowledgebases and rely on security enforcement technologies that include protocol anomaly detection and application and protocol state monitoring. Also incorporated are attack detection and mitigation technology including application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver management of IM and tunneling applications, allowing organizations to enforce usage policies and recover bandwidth for important business processes.
For more details about Progent's support services for ASA 5500 security appliances, see Cisco ASA 5500 series firewalls integration and debugging services.
Cisco PIX Security Appliance Series
Based around a hardened, purpose-built software platform that offers a wealth of protection features, Cisco PIX firewall appliances offer a high level of protection and have received EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. PIX firewall appliances offer protection for a broad array of Voice over IP and additional mixed-media conventions such as H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), enabling businesses to safeguard deployments of a wide range of contemporary and next-generation Voice over IP and mixed-media applications.
PIX firewalls offer a variety of configuration, tracking, and troubleshooting options, giving IT managers the versatility to utilize the techniques that best meet their requirements. Management solutions include common, policy-based administration utilities, integrated web-accessible administration, and support for remote-tracking standards like Simple Network Management Protocol and syslog. The integrated ASDM interface provides a world-class Web-accessible management solution that greatly streamlines the installation, ongoing configuration, and tracking of a specific PIX security appliance without the need of any extra utility other than an ordinary Web browser and Java plug-in to be running on a manager's computer.
IT managers can also remotely set up, monitor, and analyze PIX firewall appliances using a CLI interface. Secure CLI interface communication is possible through a number of techniques such as Secure Shell Protocol, Telnet over IPsec, and out-of-band through a console port. Cisco PIX security appliances also include dependable automatic-update capabilities, a collection of revolutionary secure remote-management options that make sure that security configurations and software images are always current.
For more details about Progent's consulting services for PIX security appliances, see Cisco PIX firewalls configuration and troubleshooting consulting.
Progent's Migration Support for Cisco Firewalls
Because Cisco has ceased offering the PIX and ASA 5500 product lines, many companies are uncomfortable with relying on a critical infrastructure component that might no longer be supported. Cisco ASA 5500-X and Firepower Series security appliances have the advantage of being current devices and also offer several functions and economic advantages in comparison to PIX firewalls. These advantages include significantly better performance, optional Secure Sockets Layer tunneling support, and a modular architecture that protects your investment by allowing you to add more security features when and if you require them. Progent's Cisco certified experts can assist your company to assess the strategic value of for migrating from PIX or Cisco ASA 5500 firewalls, create a migration plan that allows for a quick and non-disruptive upgrade, assist you to install new ASA 5500-x Series or Firepower NGFW Series appliances, and offer remote training, consulting, and technical support services.
Additional Ways Progent Can Help Your Business with Cisco Firewalls
Cisco Firepower Series, ASA 5500 Series, and PIX family firewalls incorporate an array of setup, monitoring, and troubleshooting options which offer you the ability to set up these security appliances to align optimally with your company's requirements. Progent's CCIE certified network experts can assist you to configure and support a cost-effective network infrastructure that includes Cisco firewall technology and that offers world-class security, fault tolerance, performance, and manageability. Progent's GISA and CISM-certified IS security engineers can assist your business to develop a security strategy that makes sense for your situation and can set up your security appliance to support your security strategy. Progent's risk assessment engineers can assess the effectiveness of your current firewall deployment and help determine the overall security of your whole IT environment. Progentís Technical Response Center can deliver emergency remote technical support for Cisco products and can give you quick access to a Cisco CCIE network engineer.
For more details about Progent's consulting help for Cisco products, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To get in touch with Progent about technical support for Cisco products, phone 1-800-993-9400 or go to Contact Progent.