Cisco is a long-time leader in developing cutting-edge firewalls for the widest possible variety of deployments. Cisco's Firepower Next Generation Firewalls represent a modern firewall platform that combines dedicated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to anticipate, identify, and mitigate cyber attacks automatically. Progent's Cisco-certified CCIE firewall experts can help your organization to design and execute an efficient upgrade to Cisco Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and show you how to enhance Firepower appliances with Cisco's subscription-based security services to create and centrally control network ecosystems that include local offices, data centers, and cloud resources. Progent can also assist you to manage and troubleshoot legacy Cisco security appliances. Progent's certified network security experts can assist you with policy creation driven by leading best practices so you can build a consistent security profile that applies to all your networked endpoints at any location.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower NGFWs Firewalls deliver a significant performance boost compared to Cisco's popular ASA 5500-X security appliances and offer centralized control of modern cybersecurity features such as application visibility and control (AVC), next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection, distributed denial of service (DDoS) mitigation, and multi-node sandboxing. For more information about Cisco's Firepower family of NGFWs Firewalls, refer to Firepower Series firewalls integration expertise.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500, and PIX firewalls provide combined firewall, IPsec VPN, and IPS capabilities in compact single-box devices, delivering a broad array of features to meet the security and compliance requirements of organizations ranging from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X, ASA 5500 Series, and PIX firewalls enable network security staffs to defend their network edge and offer secure remote access while utilizing advanced management mechanisms based on Cisco's industry-leading firewall technology.
Ciscoís ASA 5500 Series and PIX 500 firewalls have arrived at end-of-life status but are still widely deployed in smaller organizations and in some larger networks. Ciscoís ASA 5500-X Series Next-Generation Firewalls represent significantly more bang for the buck and have superseded Cisco's ASA 5500 and PIX 500 families of firewalls for new installations. Still, Cisco's older model firewall appliances, if properly maintained, continue to deliver a high degree of protection by supplying multiple services such as stateful firewall, VPN, and IPS.
Following Cisco's acquisition of Sourcefire, the entire line of Cisco ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort product, which is the world's most deployed network intrusion protection system. Firepower services bring enhanced features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco CCIE-certified network consultants can help your organization to maintain and debug older ASA 5500 Series and PIX firewall appliances and can also assist you to design and implement an efficient migration to Ciscoís ASA 5500-X firewalls with Firepower. Progent can also assist you to plan, deploy, tune, manage and debug new firewall ecosystems built on Cisco's current ASA 5500-X models with Firepower. Progent can also assist you to upgrade from your Cisco ASA 5500-X solution to Cisco's Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive family of ASA 5500-X firewalls includes an improved substitute for every rack-mountable model in the older ASA 5500 generation of firewalls. Each ASA 5500-X model targets the identical market as the associated earlier models, which gives most ample choice for selecting a solution that meets their security requirements and budgets. All ASA 5500-X firewalls are based on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and are capable of running Cisco's powerful security services. All models in Cisco's ASA 5500-X product line provide dependable security across any mix of physical, virtual, and cloud deployments.
For more details about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's support for Cisco ASA firewalls, go to Cisco Firepower integration and debugging consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances accept either software or hardware modules that support Firepower Services, which provide layered defense against sophisticated threats. Firepower Services are based on technology adopted by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA 5500-X security appliances include:
- Layered protection against both familiar and new attacks
- Cisco's Advanced Malware Protection (AMP) that uses big data to discover and mitigate intrusions
- A Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at users, network infrastructure, software applications, and content to detect attacks that use simultaneous vectors
- Fine-grained Application Visibility and Control that is familiar with thousands of applications and can automatically activate standard and custom IPS policies based on the severity of risk
Firepower Services for ASA 5500-X firewalls provide multi-layered security
Smaller deployments of ASA firewalls can be efficiently managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all ASA 5500-X models. ASDM includes an easy-to-use web console for configuring, administering, and troubleshooting ASA 5500-X devices and modules.
For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower can be administered with Firepower Management Center, available as one or several physical units or virtual appliances. Firepower Management Center provides unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Due to frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been delivered under several names that include Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Firepower Management Center unifies event and policy management for Cisco Firepower firewall appliances
Firepower Management Center offers features beyond those available with Cisco's on-device Adaptive Security Device Manager utility. Additional features include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for client devices, a dashboard that provides dynamic network visualization, automated policy optimization driven by impact assessment of threats, advanced IPS, custom app detectors for Application Visibility and Control, customized health notifications, enhanced reporting options, and APIs for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be managed using the on-box ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on technology behind the PIX 500 Series Security Appliance, the IPS 4200 sensor, and the VPN 3000 Series concentrator. These solutions enable the Cisco ASA 5500 Series Firewall family to deliver a platform that stops the broadest variety of attacks. Cisco ASA Firewalls deliver program security, network containment and control, and safe VPN connectivity throughout the entire product line. This breadth of security enables the guarding of any network segment, which includes the most typical threat conduits like remote locations, locally-connected internal users, and remote connected VPNs.
The expandable design of the Cisco ASA 5500 Series allows you to add more features by installing security service modules and cards. These easy-to-install enhancements provide the option of adding IPS and content protection services such as blocking virus, spyware, and phishing assaults and executing data and URL screening. In addition to allowing your IT staff to react rapidly to the latest threat environments, the extensible architecture of the Cisco ASA 5500 family also leverages your capital investment by prolonging the life of your firewalls. The ASA 5500 family also protects your investment in administrative team training by supporting the rich library of PIX 500 security management tools and protocols including the Cisco Adaptive Security Device Manager system, protected command-line interface availability, syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances 5500 Series firewalls provide a high-level of application protection through smart, application-sensitive inspection processes that examine traffic at Layers 4-7. This produces a more secure environment covering Web, voice, and 3G-mobile wireless access. To defend networks against application-layer assaults and to provide better policing of the applications and protocols utilized in their networks, these inspection engines integrate broad application and protocol knowledge and employ protection enforcement solutions such as anomaly detection and state tracking. Also incorporated are assault sensing and remediation technology including application and protocol command filters and content verification. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver management of IM and peer-to-peer file sharing, enabling organizations to police usage policies and recover network bandwidth for critical business processes.
For more information about Progent's support services for Cisco's ASA 5500 firewalls, visit ASA 5500 series firewalls integration and troubleshooting support.
PIX Security Appliance Series
Based upon a hardened, purpose-built software platform that offers rich protection features, PIX firewall appliances provide a high level of protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IPsec qualification. PIX security appliances offer protection for a broad range of VoIP and other mixed-media conventions such as H.323 Version 4, SIP, SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol, helping organizations to protect deployments of a broad range of contemporary and upcoming IP voice and multimedia applications.
PIX security appliances feature a wealth of setup, tracking, and analysis features, providing businesses the flexibility to utilize the techniques that best meet their needs. Management options include common, policy-based administration tools, integrated web-accessible administration, and support for remote-tracking standards such as SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a powerful Web-accessible management solution that significantly streamlines the installation, in-place configuration, and tracking of a specific Cisco PIX security appliance without requiring any additional software beyond an ordinary Web browser and Java plug-in to be running on an administrator's PC.
Administrators can furthermore remotely configure, monitor, and analyze Cisco PIX firewalls via a command-line interface. Secure command-line interface access is possible through a number of methods including SSHv2 Protocol, Telnet through IPsec, and out-of-band through a console port. PIX firewall appliances also include dependable auto-update capabilities, a collection of advanced protected remote-management services that make sure that security configurations and software images are kept up to date.
For additional information about Progent's consulting services for PIX 500 security appliances, go to PIX 500 firewalls integration and troubleshooting consulting.
Progent's Migration Consulting Support for Cisco Firewalls
Because Cisco has stopped offering the PIX and ASA 5500 families of firewalls, many businesses are concerned about depending on a critical security component that may stop being supported by Cisco. Cisco ASA 5500-X and Firepower NGFW Series firewalls offer the advantage of being current products and also offer several technical and financial advantages in comparison to PIX firewalls. These advantages include substantially better performance, optional Secure Sockets Layer tunneling support, and a modular design that protects your investment by enabling you to self-install new security services when and if you require them. Progent's Cisco certified experts can help your company to determine the business case for moving from PIX or Cisco ASA 5500 firewalls, create a migration plan that allows for a fast and non-disruptive changeover, assist your IT staff to configure new ASA 5500-x Series or Firepower NGFW Series firewalls, and offer online, consulting, and troubleshooting services.
Additional Ways Progent Can Help Your Business with Cisco ASA and PIX Security Appliances
Cisco's Firepower Series, ASA 5500 Series, and PIX family security appliances incorporate a wealth of configuration, monitoring, and troubleshooting options which offer you the ability to set up these security appliances to align optimally with your company's needs. Progent's CCIE authorized network consultants can help you to build a cost-effective network infrastructure that incorporates Cisco firewall technology and that provides advanced protection, resilience, performance, and manageability. Progent's CISA and CISM-certified information security engineers can assist you to develop a security strategy appropriate for your business and can configure your security appliance to support your security strategy. Progent's security assessment consultants can evaluate the effectiveness of your existing firewall solution and audit the security of your whole information system environment. Progentís Technical Response Center (TRC) can provide urgent online technical support for Cisco products and offer fast access to a Cisco CCIE network engineer.
For additional details concerning Progent's professional help for Cisco technology, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to get in touch with Progent about engineering expertise for Cisco technology, call 1-800-993-9400 or see Contact Progent.