Cisco is a long-time leader in developing cutting-edge firewall appliances for the widest possible variety of deployments. Cisco's Firepower NGFWs Firewalls provide an advanced cybersecurity platform that marshals sophisticated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to anticipate, identify, and respond to cyber attacks without manual intervention. Progent's Cisco-certified CCIE firewall experts can assist you to design and carry out a smooth migration to Cisco Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and show you how to enhance Firepower firewalls with Cisco's cloud-based services to create and centrally control IT environments that span branch offices, data centers, and cloud resources. Progent's firewall consultants can also assist you to manage and troubleshoot older-generation Cisco firewalls. Progent's certified cybersecurity consultants can help you with policy creation driven by leading best practices in order to build a consistent and effective cybersecurity posture across all your endpoints anywhere.
Cisco's Firepower NGFW Firewalls
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a major performance improvement compared to Cisco's previous-generation ASA 5500-X firewalls and include centralized management and automation of advanced security features like application visibility and control (AVC), next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection (AMP), distributed denial of service (DDoS) mitigation, and sandboxing. For more information about Cisco's Firepower family of Next Generation Firewalls, refer to Firepower firewalls consulting services.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco's ASA 5500-X, ASA 5500 Series, and PIX firewall appliances provide integrated firewall, VPN, and intrusion prevention system (IPS) capabilities in compact single-box packages, delivering a wide range of features to meet the security and compliance requirements of organizations from small businesses to enterprises and Internet service providers. Cisco's ASA 5500-X Series, ASA 5500, and PIX 500 firewalls enable IT security teams to protect their network edge and offer safe remote access while using powerful administration mechanisms built on Cisco's world-class firewall technology.
Cisco's ASA 5500 Series and PIX firewalls have reached end-of-life (EOL) status but are still commonly used in smaller organizations and in a few enterprise networks. Cisco's ASA 5500-X Next-Generation Firewalls represent substantially more value and have superseded the ASA 5500 and PIX lines of firewalls for new deployments. However, Cisco's legacy firewall appliances, if properly managed, continue to deliver a high level of security by supplying a variety of services including firewall, VPN tunneling, and IPS.
Following Cisco's acquisition of Sourcefire, the whole line of Cisco ASA 5500-X firewalls can be provisioned to enable Firepower Services, based on Sourcefire's Snort technology, which is the market's most popular network intrusion protection system (IPS). Firepower services bring powerful new capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco CCIE-premier infrastructure engineers can help you to maintain and troubleshoot legacy ASA 5500 and PIX 500 firewalls and can also help you to design and carry out an efficient upgrade to Cisco's ASA 5500-X Series firewalls with Firepower. Progent can also help you to design, configure, optimize, manage and debug new firewall ecosystems built on Cisco's latest ASA 5500-X firewalls with Firepower Services. Progent can also assist your organization to upgrade from your Cisco ASA 5500-X Series deployment to Cisco's latest Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X security appliances includes an improved replacement for each rack-mountable model in the older ASA 5500 line of devices. Each ASA 5500-X firewall targets the identical environment as the associated earlier models, which gives small and midsize businesses plenty of room for picking a solution that aligns with their security requirements and budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and are capable of running Cisco's advanced security services. All devices in Cisco's ASA 5500-X family provide consistent security across any combination of physical, virtual, and cloud environments.
For more details about Cisco's ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for Cisco ASA 5500-X firewalls, go to Cisco Firepower configuration and debugging consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with either software or physical modules that enable Firepower Services, which offer layered defense against sophisticated threats. Firepower Services are powered by technology adopted by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X firewalls include:
- Multi-layer defense against both familiar and new threats
- Advanced Malware Protection (AMP) that utilizes big data to find and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at clients, network infrastructure, apps, and content to detect threats that incorporate multiple vectors
- High-resolution Application Visibility and Control (AVC that is familiar with thousands of apps and can automatically launch standard and custom IPS policies depending on the degree of risk
Firepower Services for ASA 5500-X firewalls provide multi-layered security
Smaller implementations of ASA 5500-X firewalls can be efficiently managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool provided with all ASA 5500-X versions. ASDM includes an easy-to-use web console for deploying, managing, and troubleshooting ASA 5500-X firewalls and service modules.
For more complex environments, ASA 5500-X appliances with Firepower Services can be administered using Cisco's Firepower Management Center, available as one or more physical units or virtual devices. Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been delivered under various names that include Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Firepower Management Center centralizes event and policy control for Firepower firewall appliances
Cisco's Firepower Management Center provides features unavailable with Cisco's on-box Adaptive Security Device Manager tool. Extra features include expanded context awareness, Advanced Malware Protection with remediation for client devices, a dashboard that provides real-time network visualization, automated policy optimization based on risk evaluation of threats, advanced IPS, custom application detectors for Application Visibility and Control (AVC), customized health alerts, improved reporting features, and APIs for host input and databases. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be handled via Cisco's ASA 5500-X on-box ASDM or the ASA command line interface.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco ASA Firewalls build on engineering behind the Cisco PIX 500 family Security Appliance, the Cisco IPS 4200 Intrusion Prevention System, and Cisco's VPN 3000 family concentrator. These solutions converge on the Cisco ASA 5500 Series Firewall product line to offer a platform that stops the widest variety of threats. Cisco ASA Firewalls provide program protection, local containment, and clean VPN connectivity across Cisco's product portfolio. This breadth of security allows the guarding of any network section, including the most typical attack vectors like remote sites, LAN-attached inside users, and off-site access Virtual Private Networks.
The expandable architecture of the ASA 5500 family permits you to add features by installing service modules and security service cards. These user-installable enhancements provide the option of adding IPS and content protection functions like filtering virus, worms, and phishing assaults and executing data and URL screening. In addition to enabling your IT staff to react quickly to new threat vectors, the expandable design of the Cisco ASA 5500 Series also leverages your hardware investment by prolonging the life of your security appliances. The Cisco ASA 5500 family also leverages your investment in IT staff education by supporting the familiar library of PIX 500 management utilities and protocols such as the Cisco ASDM system, secure command-line interface availability, verbose syslog, and SNMP.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide robust application security via intelligent, application-aware inspection processes that analyze traffic at Layers 4-7. The result is a safer environment covering Web, voice, and mobile wireless connectivity. To protect networks against application-layer assaults and to offer better policing of the applications and protocols utilized in their environments, these inspection engines integrate broad application and protocol knowledgebases and rely on protection enforcement solutions that include anomaly detection and state monitoring. Also included are attack detection and remediation techniques such as application/protocol command filtering and URL deobfuscation. Cisco ASA firewall inspection engines also provide control over instant messaging and tunneling applications, enabling organizations to police usage policies and conserve bandwidth for critical business processes.
For more details about Progent's consulting services for Cisco's ASA 5500 security appliances, go to Cisco ASA 5500 firewalls configuration and troubleshooting consulting.
Cisco PIX Firewall Appliances
Based upon a hardened, specialized operating system that offers rich security services, PIX firewalls provide excellent protection and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec certification. PIX firewall appliances provide protection for a broad range of VoIP and additional multimedia standards such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, helping organizations to protect deployments of a wide array of contemporary and next-generation VoIP and mixed-media applications.
Cisco PIX firewalls feature a variety of configuration, monitoring, and troubleshooting options, giving businesses the flexibility to use the methods that best match their needs. Administrative options include centralized, policy-based management utilities, integrated web-based administration, and support for remote-monitoring standards such as Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a world-class Web-accessible management solution that significantly simplifies the deployment, in-place modification, and tracking of a single PIX firewall without the need of any additional utility other than an ordinary browser and Java applet to be running on an administrator's computer.
IT managers can furthermore remotely configure, track, and troubleshoot Cisco PIX firewalls using a command-line interface. Secure command-line interface (CLI) access is available using several methods such as SSHv2 Protocol, Telnet through IP Security, and out-of-band via a console port. PIX security appliances also include robust automatic-update capabilities, a set of advanced protected remote-administration services that make sure that security configurations and software images are kept up to date.
For more information about Progent's support services for PIX 500 security appliances, go to Cisco PIX 500 firewalls integration and troubleshooting consulting.
Progent's Migration Consulting for Cisco Firewalls
Because Cisco has ceased selling the PIX 500 and ASA 5500 families of firewalls, many businesses are uncomfortable with relying on a critical security component that might stop being supported. Cisco ASA 5500-X and Firepower NGFW Series security appliances offer the advantage of being new products and also bring a number of functions and economic benefits in comparison to PIX devices. These benefits include significantly higher performance, optional SSL tunneling support, and a modular design that guards your investment by allowing you to self-install more security features whenever you need them. Progent's Cisco certified network engineers can help you to determine the business value of for upgrading from PIX or ASA 5500 firewalls, create a migration process that permits a quick and non-disruptive upgrade, assist you to set up new ASA 5500-x or Firepower NGFW Series appliances, and offer remote training, consulting, and troubleshooting services.
Other Ways Progent Can Help You with Cisco Firewalls
Cisco Firepower Series, ASA 5500 Series, and PIX security appliances provide a wealth of configuration, tracking, and troubleshooting features that give you the flexibility to configure these security appliances to match your business requirements. Progent's CCIE authorized network professionals can help you to design a cost-effective network infrastructure that includes Cisco security appliances and that offers advanced protection, fault tolerance, throughput, and manageability. Progent's GISA and CISSP-ISSP-certified IS security consultants can assist your business to develop a security policy that makes sense for your business and can configure your security appliance to support your security policies. Progent's risk assessment consultants can assess the strength of your existing firewall solution and audit the security of your entire IT environment. Progent's Help Desk Call Center can provide emergency remote technical support for Cisco technology and can give you quick access to a Cisco network engineer.
To see more information concerning Progent's consulting help for Cisco networking products, select a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to ask Progent about professional expertise for Cisco networking, phone 1-800-993-9400 or refer to Contact Progent.