Cisco is a long-time leader in developing cutting-edge firewall appliances for the widest possible range of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) represent an advanced cybersecurity platform that combines sophisticated hardware, cloud-based services, and machine learning to block, identify, and mitigate threats without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can assist you to design and carry out an efficient upgrade to Cisco Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and help you enhance Firepower firewalls with Cisco's subscription-based security services to build and centrally manage network environments that include local offices, data centers, private clouds and public clouds. Progent's firewall consultants can also assist you to manage and troubleshoot legacy Cisco security appliances. Progent's certified network security consultants can assist you with policy creation based on leading best practices in order to establish a consistent and effective cybersecurity profile across all your devices anywhere.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a significant performance improvement compared to Cisco's previous-generation ASA 5500-X firewalls and offer unified management of modern cybersecurity features such as application visibility and control, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), URL filtering, and multi-node sandboxing. For more information about Cisco's Firepower portfolio of NGFWs Firewalls, see Cisco Firepower firewalls integration expertise.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500, and PIX 500 firewalls offer combined firewall, VPN, and intrusion prevention system (IPS) capabilities in single-box packages, delivering a broad array of features to match the security needs of companies ranging from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls enable IT security staffs to protect their network perimeter and offer secure remote access while using powerful management mechanisms built on Cisco's industry-leading firewall products.
Cisco’s ASA 5500 Series and PIX firewalls have arrived at end-of-life (EOL) but are still widely used in small and mid-size businesses and in a few enterprise networks. The ASA 5500-X Next-Generation Firewalls deliver significantly more bang for the buck and have supplanted Cisco's ASA 5500 and PIX lines of firewalls for new deployments. However, Cisco's older model firewalls, if properly maintained, continue to deliver a high level of protection by supplying multiple features including firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's purchase of Sourcefire, the entire family of Cisco ASA 5500-X firewalls can be configured to support Firepower Services, built on Sourcefire's Snort product, which is the market's most popular intrusion protection system (IPS). Firepower services bring powerful new capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco-certified infrastructure engineers can help you to maintain and debug legacy ASA 5500 Series and PIX firewall appliances and can also help you to plan and implement a smooth migration to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to design, configure, optimize, administer and debug new firewall ecosystems built on Cisco's current ASA 5500-X models with Firepower. Progent's firewall consultants can also help your organization to upgrade from your Cisco ASA 5500-X deployment to Cisco's latest Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X firewalls features an enhanced substitute for every rack-mountable unit in the older ASA 5500 generation of devices. Each ASA 5500-X model is suited for the same market as the associated previous models, which gives small and midsize businesses plenty of choice for picking a firewall that meets their security requirements and budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful security services. All devices in Cisco's ASA 5500-X product line provide consistent protection across any mix of physical, virtual, and cloud deployments.
For additional information about ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA 5500-X security appliances, go to Firepower configuration and debugging consulting
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls accept either software or hardware modules that support Firepower Services, which provide layered protection against multi-vector attacks. Cisco's Firepower Services are powered by technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X firewalls include:
- Layered protection against familiar and new threats
- Advanced Malware Protection that uses big data techniques to find and mitigate intrusions
- A Next-Generation Intrusion Prevention System that provides contextual analysis that looks at clients, infrastructure, software applications, and content to discover threats that incorporate multiple vectors
- High-resolution Application Visibility and Control that is familiar with thousands of apps and can automatically activate both standard and customized IPS policies based on the severity of risk
Firepower Services for Cisco ASA 5500-X firewalls provide advanced multi-layered protection
Smaller deployments of Cisco ASA firewalls can be effectively managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility provided with all ASA 5500-X models. ASDM provides a convenient web console for deploying, managing, and troubleshooting ASA 5500-X devices and modules.
For more complex deployments, ASA 5500-X firewalls with Firepower Services can be managed with Cisco's Firepower Management Center, available as one or several physical or virtual devices. Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to ongoing rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Cisco Firepower Management Center centralizes event and policy management for Firepower firewall appliances
Cisco's Firepower Management Center offers capabilities unavailable with Cisco's on-box ASDM tool. Extra capabilities include expanded context awareness, Cisco's Advanced Malware Protection with remediation for user devices, a console that offers real-time infrastructure visualization, automated policy optimization based on risk evaluation of attacks, advanced IPS, custom app discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting features, and APIs for host input and databases. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be handled via the on-box ASDM or the ASA CLI.
Cisco ASA 5500 Adaptive Security Appliances
Cisco Adaptive Security Appliances Firewalls build on engineering behind Cisco's PIX 500 family Security Appliance, the Cisco IPS 4200 sensor, and the VPN 3000 model concentrator. These technologies enable the Cisco Adaptive Security Appliances 5500 Series Firewall family to deliver a firewall that defends against the widest range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver application security, network containment, and clean Virtual Private Network functionality throughout Cisco's product portfolio. This broad scope of security enables the guarding of any network area, which includes the most common attack vectors like remote sites, locally-connected internal users, and off-site access VPNs.
The expandable architecture of the Cisco ASA 5500 family permits you to add features via security service modules and security service cards. These user-installable enhancements provide the ability to add IPS and content protection services such as blocking virus, spyware, and phishing attacks and performing file and web filtering. In addition to allowing your IT staff to respond rapidly to the latest threat environments, the expandable architecture of the ASA 5500 family also leverages your capital investment by increasing the useful life of your firewalls. The Cisco ASA 5500 Series also protects your investment in administrative team training by supporting the rich set of PIX 500 security management utilities and protocols such as the Cisco Adaptive Security Device Manager (ASDM) platform, secure command-line interface (CLI) access, verbose syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances firewalls deliver a high-level of application protection through smart, application-sensitive inspection processes that analyze network flows at Layers 4-7. This produces a more secure network including Web, voice, and mobile wireless access. To defend against application-layer assaults and to offer better control over the programs and protocols utilized in their environments, Cisco's inspection engines incorporate extensive application and protocol knowledge and employ security enforcement technologies such as protocol anomaly sensing and application and protocol state tracking. Also included are assault sensing and remediation techniques including application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide management of instant messaging and tunneling applications, allowing businesses to enforce usage policies and free up network bandwidth for crucial business applications.
For more details about Progent's consulting services for ASA 5500 security appliances, see ASA 5500 series firewalls integration and debugging support.
Built around a tested, specialized software platform that offers a wealth of security features, PIX firewalls provide a high level of protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IPsec qualification. PIX firewall appliances provide security for a wide range of VoIP and other multimedia standards including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol, enabling businesses to protect installations of a wide range of contemporary and next-generation IP voice and video applications.
Cisco PIX security appliances offer a wealth of setup, tracking, and analysis features, giving IT managers the versatility to use the techniques that best match their requirements. Administrative options include centralized, policy-based administration tools, integrated web-based administration, and compatibility with remote-tracking standards like SNMP and syslog. The integrated ASDM system offers a powerful Web-based management solution that greatly simplifies the installation, ongoing configuration, and monitoring of a single Cisco PIX firewall without the need of any additional utility beyond an ordinary Web browser and Java plug-in to be running on an administrator's PC.
Administrators can furthermore remotely set up, track, and troubleshoot Cisco PIX security appliances via a CLI interface. Secure command-line interface (CLI) communication is available using a number of techniques including SSHv2 Protocol, Telnet through IPsec, and out-of-band through a console port. Cisco PIX firewalls also include dependable auto-update features, a set of revolutionary secure remote-administration options that ensure security settings and software images are always up to date.
For additional information about Progent's consulting services for PIX 500 firewalls, see PIX firewalls integration and troubleshooting services.
Progent's Migration Consulting Support for Cisco Firewalls
Because Cisco has stopped selling the PIX and ASA 5500 families of firewalls, many businesses are uncomfortable with relying on a critical security component that may no longer be supported by Cisco. ASA 5500-X and Firepower Series firewalls have the benefit of being new products and also offer a number of functions and economic advantages in comparison to PIX devices. These benefits include substantially better throughput, optional Secure Sockets Layer tunneling capability, and an expandable design that protects your investment by allowing you to self-install new security services whenever you need them. Progent's Cisco network engineers can help your company to assess the business value of for moving from PIX 500 or Cisco ASA 5500 security appliances, design a migration plan that allows for a fast and non-disruptive changeover, help your IT staff to deploy new ASA 5500-x Series or Firepower Series firewalls, and provide remote training, consulting, and troubleshooting services.
Additional Ways Progent Can Help Your Business with Cisco Firewalls
Cisco's Firepower Series, ASA Series, and PIX security appliances provide an array of setup, tracking, and troubleshooting features that give you the flexibility to deploy these security appliances to match your company's needs. Progent's CCIE certified network experts can assist you to configure and support a cost-effective infrastructure that includes Cisco security appliances and that offers world-class protection, fault tolerance, performance, and manageability. Progent's CISA and CISM-premier information security engineers can help you to create a security strategy that makes sense for your business and can configure your firewall to support your security policies. Progent's risk evaluation professionals can evaluate the strength of your existing firewall solution and validate the overall security of your entire information system environment. Progent’s Technical Response Center can provide urgent online troubleshooting for Cisco products and offer quick access to a Cisco expert.
To learn additional details concerning Progent's professional support for Cisco solutions, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to contact Progent about engineering support for Cisco technology, phone 1-800-993-9400 or see Contact Progent.