Cisco is a perennial front-runner in developing cutting-edge firewalls for the widest possible range of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) provide a modern firewall solution that marshals sophisticated hardware, cloud-based services, and machine learning to anticipate, identify, and mitigate threats automatically. Progent's Cisco-certified CCIE firewall experts can help your organization to design and carry out an efficient migration to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and show you how to enhance Firepower appliances with Cisco's cloud-based services to create and centrally control network ecosystems that include branch offices, data centers, and cloud resources. Progent's firewall consultants can also help you to maintain and troubleshoot older-generation Cisco firewalls. Progent's certified network security experts can assist you with policy creation based on industry best practices in order to establish a consistent security profile that applies to all your networked devices anywhere.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower Next Generation Firewalls deliver a major performance improvement over Cisco's previous-generation ASA 5500-X firewalls and offer centralized management of advanced cybersecurity capabilities such as application visibility, next-generation intrusion protection with risk prioritization, advanced malware protection, distributed denial of service (DDoS) mitigation, and multi-node sandboxing. For more information about Cisco's Firepower line of Next Generation Firewalls (NGFWs), visit Cisco Firepower firewalls integration expertise.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500, and PIX 500 firewalls offer combined firewall, IPsec VPN, and IPS services in compact single-box packages, delivering a broad range of features to meet the security needs of companies from small and mid-size businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X, ASA 5500, and PIX firewalls enable IT security staffs to defend their network edge and offer safe offsite and mobile connectivity while using powerful administration tools built on Cisco's industry-leading firewall technology.
Ciscoís ASA 5500 and PIX 500 firewall appliances have reached end-of-life (EOL) but are still widely deployed in smaller businesses as well as in a few larger data centers. The ASA 5500-X Next-Generation Firewalls deliver significantly more bang for the buck and have supplanted Cisco's ASA 5500 and PIX 500 families of firewalls for new installations. However, Cisco's legacy firewalls, if carefully maintained, can offer a high level of protection by providing a variety of services including stateful firewall, IPsec VPN, and IPS.
After Cisco's acquisition of Sourcefire, the entire line of Cisco ASA 5500-X devices can be provisioned to support Firepower Services, based on Sourcefire's Snort product, which is the market's most deployed intrusion protection system. Firepower services provide enhanced capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-premier infrastructure consultants can help your organization to support and debug older ASA 5500 and PIX firewall appliances and can also help you to design and implement a smooth migration to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to design, deploy, tune, manage and troubleshoot new firewall solutions based on Cisco's current ASA 5500-X firewalls with Firepower Services. Progent can also help your organization to upgrade from your Cisco ASA 5500-X deployment to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive family of ASA 5500-X firewalls includes an enhanced substitute for every rack-mountable unit in the previous ASA 5500 generation of devices. Each ASA 5500-X firewall is suited for the identical environment as the associated previous models, which offers most plenty of room for selecting a firewall that meets their security needs and budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore processors and are capable of running Cisco's advanced protection services. All models in Cisco's ASA 5500-X product line deliver dependable protection across any combination of physical, virtual, and cloud deployments.
For additional details about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's support for Cisco ASA security appliances, go to Cisco Firepower configuration and debugging consulting
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with either software or physical modules that support Cisco's Firepower Services, which offer layered protection against multi-vector threats. Firepower Services are powered by technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA security appliances include:
- Multi-layer defense against both familiar and new threats
- Advanced Malware Protection (AMP) that utilizes big data techniques to find and mitigate security breaches
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers clients, infrastructure, software applications, and content to detect threats that use multiple approaches
- Fine-grained Application Visibility and Control that is familiar with thousands of applications and can automatically activate standard and customized IPS policies based on the degree of threats
Firepower Services for Cisco ASA firewalls provide advanced multi-layered security
Smaller deployments of Cisco ASA 5500-X firewalls can be efficiently administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility provided with all ASA 5500-X models. ASDM includes an easy-to-use web dashboard for deploying, managing, and debugging ASA 5500-X appliances and modules.
For more complex environments, ASA 5500-X appliances with Firepower Services can be administered using Cisco's Firepower Management Center, available as one or more physical or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been delivered under several names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center unifies event and policy management for Firepower firewalls
Cisco's Firepower Management Center provides features unavailable with Cisco's on-device Adaptive Security Device Manager tool. Additional features include greater context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for user devices, a console that offers dynamic network infrastructure visualization, automated policy tuning driven by risk evaluation of attacks, advanced IPS, custom app discovery for Application Visibility and Control (AVC), customized health notifications, improved reporting options, and APIs for host input and databases. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be managed via the on-box ASDM or the ASA CLI.
Cisco ASA 5500 Firewalls
Cisco ASA Firewalls leverage engineering developed for the Cisco PIX 500 Series Security Appliance, the IPS 4200 Series sensor, and the Cisco VPN 3000 Series concentrator. These technologies enable the Cisco Adaptive Security Appliances (ASA) Firewall product line to deliver a firewall that defends against the widest range of attacks. Cisco Adaptive Security Appliances Firewalls provide program security, network containment, and safe Virtual Private Network functionality across the entire product portfolio. This broad scope of protection enables defense of any network segment, which includes the most typical threat conduits like remote locations, locally-attached internal users, and remote connected VPNs.
The expandable design of the Cisco ASA 5500 Series permits you to add more security services by installing security service modules and security service cards. These user-installable enhancements give you the option of adding IPS and content protection services such as filtering virus, worms, and phishing assaults and executing data and web screening. In addition to enabling you to respond quickly to the latest threat vectors, the expandable architecture of the ASA 5500 Series also leverages your hardware investment by increasing the useful life of your firewalls. The Cisco ASA 5500 family also leverages your investment in IT team education by supporting the familiar set of PIX 500 security management tools and protocols such as the Cisco ASDM system, secure command-line interface availability, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances 5500 Series firewalls deliver robust application protection via intelligent, application-aware inspection processes that analyze network flows at Layers 4-7. The result is a better protected network including Web, voice, and mobile wireless connectivity. To defend against application-layer attacks and to offer better control over the programs and protocols used in their networks, these inspection engines incorporate broad application and protocol knowledge and rely on security enforcement solutions such as anomaly detection and state monitoring. Also included are attack detection and remediation techniques such as application/protocol command filtering and content verification. Cisco ASA firewall inspection engines also deliver control over IM and peer-to-peer file sharing, enabling businesses to police usage policies and conserve bandwidth for critical business applications.
For additional details about Progent's support services for Cisco's ASA 5500 firewalls, go to Cisco ASA 5500 firewalls configuration and debugging services.
PIX Firewall Appliances
Based around a hardened, purpose-built software platform that delivers a wealth of protection features, PIX firewalls offer excellent protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec certification. PIX firewall appliances provide security for a wide range of Voice over IP and other multimedia conventions including H.323 v. 4, SIP, SCCP, RTSP, and Media Gateway Control Protocol, enabling organizations to safeguard installations of a broad range of current and upcoming Voice over IP and multimedia applications.
Cisco PIX firewall appliances offer a variety of setup, monitoring, and troubleshooting features, providing IT managers the flexibility to use the methods that best match their requirements. Management options include centralized, policy-based administration tools, integrated web-accessible management, and support for remote-tracking protocols such as SNMP and syslog. The integrated ASDM interface offers a powerful Web-based management solution that significantly simplifies the deployment, in-place modification, and tracking of a single PIX firewall appliance without the need of any additional utility other than a standard Web browser and Java applet to be running on a manager's computer.
Administrators can also remotely configure, monitor, and analyze PIX firewalls using a command-line interface. Safe command-line interface (CLI) access is possible through several methods including SSHv2 Protocol, Telnet through IP Security, and out-of-band through a console port. PIX firewall appliances also have robust auto-update features, a collection of revolutionary protected remote-administration options that ensure security configurations and software images are kept up to date.
For additional information about Progent's consulting services for Cisco PIX 500 security appliances, visit PIX firewalls integration and troubleshooting consulting.
Progent's Migration Consulting for Cisco Firewalls
Because Cisco has ceased offering the PIX 500 and ASA 5500 product lines, many companies are uncomfortable with depending on a key infrastructure mechanism that may no longer be supported. ASA 5500-X and Firepower NGFW Series security appliances have the benefit of being current products and also bring a number of functions and financial benefits in comparison to PIX 500 firewalls. These benefits include substantially better performance, optional SSL VPN capability, and a modular design that guards your investment by enabling you to add new security services when and if you require them. Progent's Cisco certified network engineers can assist you to determine the business value of for migrating from PIX 500 or ASA 5500 security appliances, create a migration process that allows for a fast and non-disruptive upgrade, assist your IT staff to install new ASA 5500-x Series or Firepower Series firewalls, and offer remote training, consulting, and troubleshooting services.
Other Ways Progent Can Assist You with Cisco ASA and PIX Security Appliances
Cisco Firepower NGFW Series, ASA Series, and PIX family firewalls incorporate a wealth of configuration, tracking, and analysis options which offer you the flexibility to deploy these firewalls to match your company's needs. Progent's CCIE authorized network professionals can assist you to configure and support an efficient infrastructure that includes Cisco firewall technology and that provides world-class security, resilience, performance, and recoverability. Progent's CISA and CISSP-ISSP-premier IS security consultants can help you to develop a security strategy that makes sense for your business and can set up your PIX or ASA firewall to enforce your security policies. Progent's security assessment experts can evaluate the effectiveness of your existing firewall solution and audit the security of your entire IS environment. Progentís Technical Response Center can provide urgent remote troubleshooting for Cisco technology and can give you fast access to a Cisco CCIE expert.
To learn more details concerning Progent's professional help for Cisco technology, choose a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to get in touch with Progent about professional help for Cisco networking, phone 1-800-993-9400 or refer to Contact Progent.