Cisco is a long-time front-runner in developing state-of-the-art firewall appliances for the broadest possible variety of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) represent an advanced firewall solution that marshals sophisticated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to block, discover, and respond to cyber attacks automatically. Progent's Cisco-certified CCIE firewall consultants can assist you to plan and execute an efficient upgrade to Cisco Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and help you enhance Firepower appliances with Cisco's security services to build and centrally control IT environments that include branch offices, data centers, and cloud resources. Progent can also help you to maintain and troubleshoot legacy Cisco firewalls. Progent's certified network security experts can help you with policy creation and tuning driven by leading best practices so you can establish a consistent security profile across all your endpoints at any location.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a major performance boost over Cisco's popular ASA 5500-X security appliances and include unified management of modern cybersecurity capabilities like application visibility, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), DDoS mitigation, and sandboxing. For details about Cisco's Firepower portfolio of Next Generation Firewalls, refer to Firepower Series firewalls integration experts.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewalls offer combined firewall, VPN, and intrusion prevention system capabilities in single-box packages, delivering a broad array of features to meet the security requirements of organizations ranging from small and mid-size businesses to enterprises and ISPs. Ciscoís ASA 5500-X, ASA 5500, and PIX 500 firewalls enable network security teams to defend their network perimeter and offer safe remote connectivity while using powerful management mechanisms built on Cisco's industry-leading firewall technology.
Ciscoís ASA 5500 Series and PIX 500 firewalls have reached end-of-life but are still commonly deployed in small and mid-size organizations and in some enterprise networks. The ASA 5500-X Series Next-Generation Firewalls represent significantly more bang for the buck and have supplanted Cisco's ASA 5500 and PIX families of firewalls for new deployments. Still, Cisco's legacy firewalls, if properly managed, continue to offer a high degree of protection by supplying a variety of features including firewall, Virtual Private Network (VPN) connections, and IPS.
Since Cisco's acquisition of Sourcefire, the whole line of ASA 5500-X devices can be configured to support Firepower Services, built on Sourcefire's Snort technology, which is the market's most deployed intrusion protection system (IPS). Firepower services provide enhanced features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco CCIE-premier infrastructure consultants can assist your organization to support and debug older ASA 5500 Series and PIX firewall appliances and can also assist you to plan and implement a smooth migration to Ciscoís ASA 5500-X firewalls with Firepower Services. Progent can also help you to design, deploy, tune, administer and troubleshoot new firewall ecosystems based on Cisco's current ASA 5500-X firewalls with Firepower. Progent can also assist you to upgrade from your Cisco ASA 5500-X Series solution to Cisco's latest Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X firewalls features an improved replacement for every rack-mountable unit in the older ASA 5500 line of firewalls. Each ASA 5500-X firewall is suited for the same environment as the associated previous models, which offers most plenty of room for picking a firewall that meets their security requirements and IT budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and support Cisco's advanced protection services. All models in Cisco's ASA 5500-X product line deliver dependable security across any combination of physical, virtual, and cloud environments.
For additional details about ASA 5500-X security appliances, Cisco Firepower services, and Progent's support for ASA firewalls, go to Firepower configuration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances accept software or physical modules that enable Cisco's Firepower Services, which offer layered defense against sophisticated attacks. Cisco's Firepower Services are based on technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X security appliances include:
- Multi-layer defense against familiar and zero-day attacks
- Advanced Malware Protection (AMP) that uses big data techniques to find and remediate intrusions
- A Next-Generation Intrusion Prevention System that provides contextual analysis that looks at clients, infrastructure, apps, and content to detect threats that incorporate simultaneous vectors
- Fine-grained Application Visibility and Control (AVC that is aware of thousands of apps and can automatically launch standard and custom IPS policies based on the severity of threats
Firepower Services for Cisco ASA 5500-X firewalls offer advanced multi-layered security
Simpler implementations of ASA firewalls can be efficiently administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility included with all ASA 5500-X models. ASDM includes an easy-to-use web console for deploying, administering, and debugging ASA 5500-X firewalls and service modules.
For more complex deployments, ASA 5500-X firewalls with Firepower can be administered with Cisco's Firepower Management Center, implemented as one or more physical or virtual devices. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to ongoing rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names that include Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Firepower Management Center centralizes event and policy control for Firepower firewall appliances
Cisco's Firepower Management Center offers features unavailable with Cisco's on-device Adaptive Security Device Manager tool. Extra features include greater context awareness, Advanced Malware Protection (AMP) with remediation for client devices, a console that provides real-time network visualization, automated policy optimization based on risk evaluation of attacks, advanced IPS, custom application detectors for Application Visibility and Control, customized health notifications, enhanced reporting features, and APIs for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed using the on-device ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Adaptive Security Appliances
Cisco ASA Firewalls leverage technology behind the PIX 500 family firewall, Cisco's IPS 4200 sensor, and the VPN 3000 Series concentrator. These solutions converge on the Cisco ASA Firewall product line to deliver a platform that stops the broadest range of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls provide program security, network containment, and clean VPN connectivity across the entire product portfolio. This broad scope of protection enables the guarding of any network section, which includes the most typical attack vectors such as remote locations, locally-attached inside users, and off-site connected Virtual Private Networks.
The scalable architecture of the Cisco ASA 5500 family enables you to add security services by installing service modules and security service cards (SSCs). These user-installable enhancements give you the option of adding IPS and content protection functions such as filtering virus, worms, and phishing attacks and performing file and URL filtering. Beside enabling your IT staff to respond rapidly to the latest threat vectors, the expandable architecture of the Cisco ASA 5500 Series also leverages your capital investment by increasing the life of your security appliances. The Cisco ASA 5500 Series also leverages your investment in IT team training by supporting the familiar set of PIX security management tools and protocols including the Cisco Adaptive Security Device Manager platform, secure command-line interface (CLI) availability, verbose syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances firewalls deliver a high-level of application protection via intelligent, application-sensitive inspection engines that analyze traffic at Layers 4-7. This results in a better protected network covering Web, voice, and mobile wireless services. To protect against application-layer attacks and to offer stronger policing of the applications and protocols utilized in their environments, these inspection engines incorporate broad application and protocol knowledge and rely on protection enforcement technologies that include protocol anomaly detection and state tracking. Also included are attack detection and remediation techniques including application and protocol command filtering and content verification. Cisco ASA firewall inspection engines also provide management of IM and tunneling applications, enabling organizations to police usage policies and preserve bandwidth for vital business processes.
For more details about Progent's consulting services for Cisco's ASA 5500 security appliances, visit Cisco ASA 5500 series firewalls integration and debugging consulting.
Cisco PIX Firewall Appliances
Built around a hardened, specialized OS that delivers a wealth of protection services, Cisco PIX firewalls provide a high level of protection and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IPsec qualification. PIX security appliances provide protection for a broad array of Voice over IP and additional mixed-media conventions such as H.323 v. 4, SIP, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol, helping organizations to protect installations of a wide array of contemporary and upcoming IP voice and video applications.
Cisco PIX firewall appliances offer a wealth of setup, monitoring, and analysis features, giving IT managers the versatility to utilize the techniques that best match their needs. Management solutions include centralized, policy-based administration utilities, integrated web-accessible management, and support for remote-monitoring standards like Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a powerful Web-based management solution that greatly streamlines the deployment, ongoing configuration, and tracking of a specific PIX security appliance without requiring any additional utility beyond an ordinary Web browser and Java plug-in to be running on an administrator's PC.
Administrators can furthermore remotely set up, monitor, and analyze Cisco PIX firewall appliances via a command-line interface. Safe CLI interface access is available using several methods including Secure Shell Protocol, Telnet through IP Security, and out-of-band via a console port. Cisco PIX firewalls also have robust auto-update features, a collection of advanced protected remote-management options that make sure that firewall configurations and software images are always up to date.
For more information about Progent's support services for PIX security appliances, go to PIX firewalls integration and troubleshooting support.
Progent's Migration Support for Cisco Firewalls
Because Cisco has stopped selling the PIX 500 and ASA 5500 families of firewalls, many companies are concerned about relying on a critical infrastructure component that may no longer be supported. ASA 5500-X and Firepower NGFW Series security appliances offer the advantage of being new devices and also offer several technical and budgetary benefits in comparison to PIX 500 firewalls. These benefits include significantly better performance, optional Secure Sockets Layer tunneling capability, and an expandable design that protects your investment by allowing you to add more security services when and if you require them. Progent's Cisco network engineers can help you to assess the strategic case for migrating from PIX or ASA 5500 firewalls, design a migration plan that allows for a fast and non-disruptive upgrade, assist you to configure new ASA 5500-x Series or Firepower Series firewalls, and provide remote training, consulting, and technical support services.
Additional Ways Progent Can Assist Your Business with Cisco Firewalls
Cisco Firepower NGFW Series, ASA 5500 Series, and PIX firewalls incorporate a wealth of setup, tracking, and troubleshooting features which give you the flexibility to set up these security appliances to align optimally with your company's requirements. Progent's CCIE authorized network experts can help you to build an efficient infrastructure that includes Cisco security appliances and that offers world-class protection, resilience, performance, and manageability. Progent's GISA and CISM-certified information security engineers can help your business to develop a security strategy that makes sense for your business and can set up your firewall to support your security strategy. Progent's risk evaluation engineers can evaluate the strength of your existing firewall deployment and audit the security of your entire IT network. Progentís Help Desk support team can deliver urgent remote troubleshooting for Cisco products and offer quick access to a Cisco network engineer.
To learn additional information concerning Progent's engineering support for Cisco products, choose a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to get in touch with Progent about professional assistance for Cisco products, call 1-800-993-9400 or refer to Contact Progent.