Cisco is a perennial front-runner in developing state-of-the-art firewall appliances for the widest possible variety of deployments. Cisco's Firepower Next Generation Firewalls provide a modern firewall solution that marshals dedicated hardware, cloud services, and machine learning to block, identify, and respond to threats without manual intervention. Progent's Cisco-certified CCIE firewall consultants can help your organization to plan and carry out a smooth upgrade to Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and show you how to enhance Firepower firewalls with Cisco's cloud-based services to build and centrally control IT ecosystems that span local offices, data centers, and cloud resources. Progent's firewall consultants can also help you to manage and debug older-generation Cisco firewalls. Progent's certified network security consultants can help you with policy creation driven by leading best practices so you can establish a consistent security posture across all your networked devices anywhere.
Cisco's Firepower NGFW Firewalls
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a significant performance boost compared to Cisco's previous-generation ASA 5500-X security appliances and include centralized control of modern security features like application visibility and control, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), URL filtering, and sandboxing. For more information about Cisco's Firepower line of NGFWs Firewalls, refer to Cisco Firepower Series firewalls integration experts.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X Series, ASA 5500, and PIX 500 firewalls provide combined firewall, VPN, and intrusion prevention system (IPS) capabilities in compact single-box packages, delivering a wide array of features to match the security and compliance needs of companies from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewalls enable IT security staffs to protect their network perimeter and offer safe remote access while utilizing powerful administration tools based on Cisco's world-class firewall technology.
Cisco’s ASA 5500 and PIX firewall appliances have reached end-of-life status but remain commonly deployed in small and mid-size organizations and in a few enterprise networks. Cisco’s ASA 5500-X Next-Generation Firewalls represent substantially more bang for the buck and have superseded Cisco's ASA 5500 and PIX lines of firewalls for new installations. Still, Cisco's legacy firewalls, if carefully maintained, continue to offer a high level of protection by supplying multiple security functions including firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's purchase of Sourcefire, the whole line of Cisco ASA 5500-X firewalls can be provisioned to support Firepower Services, built on Sourcefire's Snort technology, which is the world's most popular intrusion protection system (IPS). Firepower services provide enhanced capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-certified infrastructure engineers can assist you to support and troubleshoot older ASA 5500 and PIX 500 firewalls and can also help you to design and carry out an efficient migration to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to plan, configure, tune, manage and debug new firewall solutions based on Cisco's latest ASA 5500-X models with Firepower. Progent's firewall consultants can also help you to migrate from your Cisco ASA 5500-X Series solution to Cisco's Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive family of ASA 5500-X firewalls features an improved substitute for every rack-mountable unit in the previous ASA 5500 series of devices. Each ASA 5500-X firewall targets the identical market as the corresponding earlier models, which gives small and midsize businesses plenty of room for selecting a firewall that meets their security needs and budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful protection services. All devices in Cisco's ASA 5500-X product line deliver consistent protection across any combination of physical, virtual, and cloud deployments.
For more information about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's consulting for Cisco ASA 5500-X security appliances, visit Firepower integration and troubleshooting expertise
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with software or hardware modules that support Cisco's Firepower Services, which offer layered protection against sophisticated attacks. Firepower Services are powered by technology adopted by Cisco from Sourcefire. Major features of Firepower Services for ASA security appliances include:
- Layered defense against familiar and zero-day attacks
- Cisco's Advanced Malware Protection (AMP) that uses big data techniques to find and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers users, infrastructure, apps, and content to discover attacks that use multiple approaches
- High-resolution Application Visibility and Control (AVC that is familiar with thousands of apps and can automatically launch both standard and custom IPS policies depending on the severity of risk
Firepower Services for Cisco ASA 5500-X firewalls provide advanced multi-layered threat protection
Smaller implementations of ASA 5500-X firewalls can be effectively administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool included with all ASA 5500-X models. ASDM provides a simple web dashboard for deploying, administering, and troubleshooting ASA 5500-X devices and modules.
For multi-device and multi-site environments, ASA 5500-X firewalls with Firepower Services can be administered using Firepower Management Center, implemented as one or more physical units or virtual devices. Firepower Management Center provides centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of ongoing rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names that include Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center centralizes event and policy control for Firepower firewalls
Firepower Management Center provides features unavailable with Cisco's on-device ASDM tool. Additional capabilities include expanded context awareness, Advanced Malware Protection (AMP) with remediation for client devices, a dashboard that offers dynamic network visualization, automated policy optimization driven by risk evaluation of attacks, advanced IPS, custom application detectors for Application Visibility and Control (AVC), customized health notifications, improved reporting features, and APIs for host input and databases. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be managed using the on-box ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Firewalls
Cisco ASA Firewalls leverage technology developed for the Cisco PIX 500 firewall, Cisco's IPS 4200 family sensor, and the VPN 3000 family concentrator. These technologies enable the Cisco Adaptive Security Appliances 5500 Series Firewall product line to deliver a firewall that stops the broadest range of attacks. Cisco Adaptive Security Appliances Firewalls deliver application protection, local containment, and safe Virtual Private Network connectivity throughout the entire product portfolio. This breadth of security allows the guarding of any network section, which includes the most common attack conduits such as remote locations, locally-attached inside users, and remote access Virtual Private Networks.
The expandable design of the ASA 5500 Series permits you to add more services by installing service modules and cards. These easy-to-install options provide the option of adding IPS and content protection functions such as blocking virus, spyware, and phishing attacks and executing file and URL filtering. In addition to enabling you to react quickly to the latest risk vectors, the extensible architecture of the Cisco ASA 5500 Series also protects your capital investment by increasing the life of your security appliances. The ASA 5500 family also leverages your investment in IT team training by supporting the familiar library of PIX 500 management utilities and protocols such as the Cisco Adaptive Security Device Manager (ASDM) platform, protected command-line interface (CLI) availability, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances (ASA) firewalls deliver robust application security through smart, application-sensitive inspection processes that examine network flows at Layers 4-7. The result is a more secure environment covering Web, voice, and mobile wireless services. To defend networks against application-layer assaults and to provide stronger policing of the programs and protocols used in their environments, Cisco's inspection engines incorporate extensive application and protocol knowledge and rely on security enforcement technologies that include anomaly detection and state monitoring. Also incorporated are attack sensing and remediation technology such as application and protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, allowing organizations to enforce usage policies and recover bandwidth for crucial business processes.
For additional details about Progent's consulting services for Cisco's ASA 5500 security appliances, see ASA 5500 firewalls integration and troubleshooting support.
PIX Firewall Appliances
Based upon a hardened, purpose-built software platform that offers a wealth of protection features, PIX firewalls provide excellent protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security (IPsec) qualification. PIX firewall appliances offer protection for a wide range of Voice over IP and additional mixed-media standards such as H.323 v. 4, SIP, SCCP, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, helping organizations to protect installations of a wide array of contemporary and next-generation IP voice and mixed-media applications.
PIX security appliances offer a variety of setup, monitoring, and analysis options, giving businesses the flexibility to use the methods that most closely match their requirements. Administrative options include common, policy-based management utilities, integrated web-based administration, and support for remote-monitoring standards like Simple Network Management Protocol and syslog. The integrated ASDM interface provides a world-class Web-accessible management solution that greatly streamlines the deployment, in-place modification, and tracking of a single Cisco PIX firewall appliance without the need of any additional utility beyond an ordinary browser and Java plug-in to be installed on an administrator's computer.
Administrators can furthermore remotely configure, monitor, and troubleshoot PIX security appliances via a command-line interface (CLI). Secure CLI interface communication is available using several techniques such as SSHv2 Protocol, Telnet over IP Security, and out-of-band via a console port. PIX firewall appliances also include robust auto-update features, a set of revolutionary secure remote-management options that ensure security settings and software images are always up to date.
For additional details about Progent's support services for Cisco PIX 500 firewalls, visit PIX firewalls integration and debugging support.
Progent's Migration Consulting Support for Cisco Firewalls
Since Cisco has stopped offering the PIX 500 and ASA 5500 families of firewalls, many companies are uncomfortable with relying on a key security mechanism that may stop being supported by Cisco. ASA 5500-X and Firepower NGFW Series firewalls offer the advantage of being new products and also bring several technical and financial benefits in comparison to PIX 500 firewalls. These advantages include substantially higher performance, optional SSL VPN support, and a modular architecture that guards your investment by allowing you to add more security services when and if you need them. Progent's CCIE-certified network engineers can assist you to assess the business value of for moving from PIX or Cisco ASA 5500 security appliances, create a migration process that permits a fast and seamless upgrade, help your IT staff to configure new ASA 5500-x or Firepower NGFW Series appliances, and offer online, consulting, and technical support services.
Other Ways Progent Can Assist You with Cisco ASA and PIX Security Appliances
Cisco Firepower Series, ASA Series, and PIX family security appliances provide a wealth of configuration, tracking, and troubleshooting options which give you the ability to deploy these firewalls to align optimally with your company's needs. Progent's CCIE authorized network consultants can show you how to configure and support a cost-effective infrastructure that incorporates Cisco security appliances and that offers advanced security, resilience, performance, and manageability. Progent's GISA and CISSP-ISSP-premier IS security experts can assist your business to develop a security policy that makes sense for your situation and can configure your security appliance to enforce your security policies. Progent's risk assessment engineers can evaluate the strength of your existing firewall solution and help determine the security of your whole IS environment. Progent’s Help Desk Call Center can deliver emergency online troubleshooting for Cisco products and offer quick access to a Cisco network engineer.
To find out more details concerning Progent's professional support for Cisco products, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to ask Progent about consulting expertise for Cisco technology, phone 1-800-993-9400 or refer to Contact Progent.