Cisco is a long-time front-runner in developing cutting-edge firewalls for the broadest possible variety of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) provide an advanced cybersecurity platform that combines sophisticated hardware, cloud services, and machine learning to anticipate, discover, and mitigate cyber attacks without manual intervention. Progent's Cisco-certified CCIE firewall experts can help you to plan and carry out a smooth migration to Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you integrate Firepower firewalls with Cisco's cloud-based services to create and centrally manage IT environments that span branch offices, data centers, private clouds and public clouds. Progent can also assist you to manage and debug legacy Cisco firewalls. Progent's certified cybersecurity consultants can assist you with policy creation and tuning based on industry best practices so you can establish a consistent cybersecurity profile across all your networked endpoints at any location.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a significant performance improvement compared to Cisco's popular ASA 5500-X firewalls and offer centralized management and automation of modern cybersecurity features such as application visibility, next-generation intrusion protection with risk prioritization, advanced malware protection (AMP), URL filtering, and multi-node sandboxing. For details about Cisco's Firepower line of Next Generation Firewalls, see Cisco Firepower Series firewalls consulting expertise.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500, and PIX firewalls offer integrated firewall, IPsec VPN, and intrusion prevention system capabilities in compact single-box packages, delivering a broad array of features to meet the security and compliance needs of companies ranging from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500, and PIX 500 firewall appliances enable network security staffs to defend their network perimeter and offer safe offsite and mobile connectivity while utilizing advanced management mechanisms based on Cisco's world-class firewall technology.
Cisco’s ASA 5500 Series and PIX firewall appliances have reached end-of-life but are still commonly used in small and mid-size businesses as well as in a few larger networks. The ASA 5500-X Next-Generation Firewalls represent substantially more bang for the buck and have supplanted the ASA 5500 and PIX lines of firewalls for new installations. Still, Cisco's older model firewall appliances, if carefully managed, can deliver a high level of security by supplying multiple features such as firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's acquisition of Sourcefire, the entire line of ASA 5500-X firewalls can be configured to enable Firepower Services, based on Sourcefire's Snort product, which is the market's most popular network intrusion protection system (IPS). Firepower services provide powerful new features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco-certified infrastructure consultants can assist you to maintain and troubleshoot older ASA 5500 and PIX 500 firewalls and can also help you to design and implement a smooth migration to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to plan, deploy, tune, manage and troubleshoot new firewall solutions built on Cisco's latest ASA 5500-X firewalls with Firepower Services. Progent's firewall consultants can also help you to migrate from your Cisco ASA 5500-X Series solution to Cisco's latest Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X firewalls features an improved substitute for every rack-mountable unit in the older ASA 5500 line of firewalls. Each ASA 5500-X firewall is suited for the same environment as the associated earlier models, which offers most plenty of room for selecting a solution that meets their security needs and budgets. All ASA 5500-X firewalls are based on Cisco's tested stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore processors and are capable of running Cisco's advanced protection services. All models in Cisco's ASA 5500-X product line deliver dependable security across any mix of physical, virtual, and cloud deployments.
For more information about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's consulting for ASA security appliances, see Cisco Firepower integration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls work with software or hardware modules that support Firepower Services, which offer layered protection against multi-vector threats. Firepower Services are based on technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA 5500-X security appliances include:
- Layered defense against both familiar and new attacks
- Advanced Malware Protection that uses big data to find and remediate security breaches
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers users, network infrastructure, software applications, and content to discover threats that incorporate multiple approaches
- Fine-grained Application Visibility and Control that is familiar with thousands of apps and can automatically activate standard and custom IPS policies based on the severity of risk
Firepower Services for ASA firewalls provide multi-layered protection
Smaller implementations of ASA firewalls can be effectively administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool provided with all ASA 5500-X models. ASDM provides a simple web console for configuring, administering, and debugging ASA 5500-X appliances and service modules.
For multi-device and multi-site deployments, ASA 5500-X appliances with Firepower can be administered using Firepower Management Center, implemented as one or several physical or virtual devices. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center centralizes event and policy control for Firepower firewall appliances
Cisco's Firepower Management Center provides capabilities unavailable with Cisco's on-box ASDM utility. Extra features include greater context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for user devices, a dashboard that offers dynamic network visualization, automated policy optimization based on risk evaluation of attacks, advanced IPS, custom application discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting options, and application interfaces for host input and databases. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be handled via Cisco's ASA 5500-X on-box ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage engineering behind the PIX 500 family firewall, the Cisco IPS 4200 Series sensor, and the VPN 3000 family concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to offer a firewall that defends against the widest variety of threats. Cisco Adaptive Security Appliances Firewalls deliver program security, local containment and control, and safe VPN functionality across the entire product portfolio. This breadth of security allows the guarding of any network area, including the most common threat conduits such as remote sites, locally-connected inside users, and remote connected Virtual Private Networks.
The scalable design of the Cisco ASA 5500 family enables you to add more services via security service modules (SSMs) and security service cards. These user-installable enhancements give you the option of adding IPS and content protection functions like blocking virus, spyware, and phishing assaults and performing file and web screening. Beside enabling your IT staff to respond quickly to new threat environments, the extensible architecture of the Cisco ASA 5500 Series also protects your hardware investment by prolonging the useful life of your security appliances. The Cisco ASA 5500 Series also protects your investment in IT staff training by supporting the rich library of PIX security management tools and protocols such as the Cisco Adaptive Security Device Manager (ASDM) platform, protected command-line interface access, syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances 5500 Series firewalls provide a high-level of application security via smart, application-aware inspection processes that analyze traffic at Layers 4-7. This produces a safer network including Web, voice, and 3G-mobile wireless services. To defend against application-layer attacks and to provide stronger control over the applications and protocols utilized in their environments, Cisco's inspection engines integrate broad application and protocol knowledge and rely on security enforcement solutions such as anomaly sensing and state tracking. Also incorporated are assault detection and mitigation technology such as application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also deliver management of instant messaging and peer-to-peer file sharing, allowing organizations to police usage policies and free up network bandwidth for important business processes.
For additional details about Progent's consulting services for ASA 5500 firewalls, visit Cisco ASA 5500 firewalls integration and troubleshooting consulting.
Cisco PIX Security Appliance Series
Based around a tested, purpose-built software platform that offers rich security services, Cisco PIX firewalls offer excellent security and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IPsec certification. PIX firewall appliances provide security for a wide array of VoIP and other multimedia standards such as H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and MGCP, helping businesses to safeguard installations of a broad range of contemporary and upcoming VoIP and multimedia applications.
Cisco PIX firewall appliances offer a variety of setup, monitoring, and troubleshooting options, giving IT managers the flexibility to use the techniques that most closely meet their requirements. Management solutions include centralized, policy-based management tools, integrated web-accessible management, and support for remote-tracking standards like Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a powerful Web-accessible control platform that significantly streamlines the installation, in-place modification, and tracking of a specific Cisco PIX firewall without requiring any additional utility other than a standard Web browser and Java plug-in to be running on a manager's computer.
IT managers can also remotely configure, monitor, and troubleshoot PIX security appliances via a CLI interface. Secure CLI interface access is possible using several methods including Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band through a console port. PIX security appliances also have robust auto-update capabilities, a set of advanced protected remote-administration options that ensure security settings and software images are always current.
For additional information about Progent's support services for PIX security appliances, see Cisco PIX firewalls configuration and debugging services.
Progent's Migration Consulting for Cisco Firewalls
Since Cisco has discontinued offering the PIX and ASA 5500 families of firewalls, many companies are concerned about depending on a critical infrastructure component that may no longer be supported. ASA 5500-X and Firepower Series firewalls have the advantage of being current products and also offer several functions and economic benefits in comparison to PIX 500 firewalls. These advantages include significantly higher performance, optional SSL tunneling capability, and a modular design that protects your investment by enabling you to self-install new security services whenever you require them. Progent's Cisco network engineers can help you to assess the strategic case for migrating from PIX 500 or Cisco ASA 5500 firewalls, design a migration process that permits a quick and seamless upgrade, help you to install new ASA 5500-x Series or Firepower NGFW Series appliances, and offer remote training, consulting, and troubleshooting services.
Additional Ways Progent Can Help Your Business with Cisco Firewalls
Cisco's Firepower NGFW Series, ASA 5500 Series, and PIX firewalls provide an array of setup, monitoring, and troubleshooting features that offer you the ability to set up these security appliances to match your company's requirements. Progent's CCIE authorized network professionals can assist you to design an efficient infrastructure that includes Cisco firewall technology and that provides world-class protection, fault tolerance, performance, and manageability. Progent's GISA and CISSP-ISSP-certified IS security professionals can assist your business to create a security policy appropriate for your business and can configure your firewall to support your security strategy. Progent's security assessment professionals can evaluate the effectiveness of your current firewall solution and validate the overall security of your entire information system environment. Progent’s Help Desk support team can provide urgent online technical support for Cisco products and offer quick access to a Cisco CCIE network engineer.
To see additional information concerning Progent's consulting help for Cisco products, choose a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to contact Progent about technical expertise for Cisco networking, phone 1-800-993-9400 or visit Contact Progent.