Cisco is a perennial front-runner in developing cutting-edge firewall appliances for the broadest possible variety of deployments. Cisco's Firepower NGFWs Firewalls represent an advanced cybersecurity platform that marshals sophisticated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to anticipate, discover, and respond to cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall consultants can help you to plan and carry out a smooth upgrade to Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and help you integrate Firepower appliances with Cisco's subscription-based security services to create and centrally control network ecosystems that include local offices, data centers, and cloud resources. Progent can also assist you to manage and troubleshoot legacy Cisco security appliances. Progent's certified network security experts can help you with policy creation and tuning driven by leading best practices so you can build a consistent and effective cybersecurity posture that applies to all your endpoints anywhere.
Cisco's Firepower NGFW Firewalls
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a major performance improvement over Cisco's popular ASA 5500-X security appliances and include unified control of advanced security features like application visibility and control, next-generation intrusion protection with risk prioritization, advanced malware protection, DDoS mitigation, and sandboxing. For details about Cisco's Firepower portfolio of Next Generation Firewalls, see Firepower firewalls integration experts.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco's ASA 5500-X Series, ASA 5500, and PIX 500 firewalls offer combined firewall, VPN, and intrusion prevention system (IPS) services in compact single-box packages, delivering a wide array of features to meet the security and compliance requirements of companies ranging from small and mid-size businesses to enterprises and Internet service providers. Cisco's ASA 5500-X Series, ASA 5500 Series, and PIX firewalls allow network security staffs to protect their network perimeter and provide safe offsite and mobile connectivity while using advanced management tools based on Cisco's industry-leading firewall technology.
Cisco's ASA 5500 Series and PIX firewalls have arrived at end-of-life status but are still widely deployed in small and mid-size businesses as well as in a few larger networks. The ASA 5500-X Series Next-Generation Firewalls represent substantially more bang for the buck and have superseded the ASA 5500 and PIX 500 lines of firewalls for new installations. However, Cisco's older model firewalls, if carefully managed, continue to offer a high level of protection by supplying a variety of services including firewall, VPN tunneling, and IPS.
Since Cisco's purchase of Sourcefire, the entire line of Cisco ASA 5500-X devices can be provisioned to support Firepower Services, based on Sourcefire's Snort technology, which is the world's most deployed intrusion protection system. Firepower services bring powerful new capabilities such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco CCIE-certified infrastructure consultants can assist you to maintain and troubleshoot legacy ASA 5500 and PIX firewall appliances and can also help you to plan and implement a smooth upgrade to Cisco's ASA 5500-X firewalls with Firepower. Progent can also help you to design, configure, optimize, administer and troubleshoot new firewall ecosystems based on Cisco's current ASA 5500-X models with Firepower. Progent's firewall consultants can also help you to migrate from your Cisco ASA 5500-X solution to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive family of ASA 5500-X firewalls includes an improved substitute for each rack-mountable unit in the previous ASA 5500 line of devices. Each ASA 5500-X model targets the identical environment as the corresponding previous models, which gives small and midsize businesses plenty of room for picking a firewall that aligns with their security requirements and budgets. All ASA 5500-X products build on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and are capable of running Cisco's advanced protection services. All models in Cisco's ASA 5500-X product line deliver dependable protection across any mix of physical, virtual, and cloud deployments.
For more details about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's support for ASA 5500-X firewalls, visit Cisco Firepower integration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls accept either software or physical modules that enable Cisco's Firepower Services, which provide layered protection against sophisticated attacks. Cisco's Firepower Services are based on technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA 5500-X security appliances include:
Smaller deployments of ASA firewalls can be efficiently managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool included with all ASA 5500-X models. ASDM includes an easy-to-use web dashboard for configuring, administering, and debugging ASA 5500-X appliances and service modules.
For multi-device and multi-site environments, ASA 5500-X appliances with Firepower Services can be managed using Cisco's Firepower Management Center, implemented as one or several physical units or virtual devices. Firepower Management Center offers unified firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Advanced Malware Protection (AMP). Due to ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been delivered under various names including Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center provides features unavailable with Cisco's on-device ASDM utility. Additional capabilities include expanded context awareness, Cisco's Advanced Malware Protection with mitigation for user devices, a dashboard that provides dynamic network infrastructure visualization, automated policy tuning based on risk assessment of attacks, advanced IPS, custom application discovery for Application Visibility and Control (AVC), customized health notifications, enhanced reporting options, and application interfaces for host input and databases. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be handled using either Cisco's ASA 5500-X on-box ASDM or the ASA command line interface.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances Firewalls leverage technology behind the PIX 500 family Security Appliance, the Cisco IPS 4200 Series Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These solutions converge on the Cisco ASA Firewall product line to deliver a firewall that stops the broadest variety of threats. Cisco Adaptive Security Appliances (ASA) Firewalls deliver application security, local containment and control, and clean VPN functionality across the entire product portfolio. This broad scope of security enables defense of any network area, which includes the most common attack vectors like remote locations, LAN-attached inside users, and remote connected VPNs.
Cisco Adaptive Security Appliances (ASA) firewalls provide robust application protection through smart, application-sensitive inspection processes that analyze network flows at Layers 4-7. This results in a safer environment including Web, voice, and 3G-mobile wireless services. To defend against application-layer attacks and to offer stronger control over the programs and protocols used in their networks, these inspection engines integrate extensive application and protocol knowledge and rely on security enforcement technologies that include protocol anomaly sensing and state tracking. Also incorporated are attack sensing and remediation techniques including application and protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide management of IM and peer-to-peer file sharing, enabling businesses to police usage policies and recover bandwidth for important business applications.
For additional information about Progent's consulting services for Cisco's ASA 5500 firewalls, go to Cisco ASA 5500 firewalls configuration and debugging consulting.
PIX Firewall Appliances
Built around a hardened, specialized operating system that delivers a wealth of security features, Cisco PIX security appliances offer excellent security and have received EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. Cisco PIX firewalls offer protection for a wide array of Voice over IP and additional multimedia conventions including H.323 v. 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, enabling organizations to protect installations of a broad array of current and upcoming Voice over IP and video applications.
IT managers can furthermore remotely configure, monitor, and analyze PIX firewall appliances using a CLI interface. Secure command-line interface access is possible using a number of techniques such as Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. PIX firewalls also include robust auto-update features, a set of revolutionary protected remote-administration services that make sure that firewall settings and software images are always current.
For additional details about Progent's consulting services for PIX 500 security appliances, go to PIX 500 firewalls integration and troubleshooting support.
Progent's Migration Consulting Support for Cisco Firewalls
Since Cisco has ceased selling the PIX and ASA 5500 families of firewalls, many businesses are concerned about depending on a key infrastructure mechanism that may no longer be supported. ASA 5500-X and Firepower NGFW Series firewalls offer the benefit of being current devices and also offer several functions and financial benefits in comparison to PIX 500 devices. These benefits include significantly higher throughput, optional SSL tunneling capability, and a modular design that guards your investment by allowing you to add more security services whenever you need them. Progent's Cisco certified experts can help you to assess the strategic case for upgrading from PIX 500 or Cisco ASA 5500 security appliances, design a migration process that permits a fast and non-disruptive upgrade, assist you to install new ASA 5500-x or Firepower NGFW Series firewalls, and offer online, consulting, and troubleshooting services.
Other Ways Progent Can Help Your Business with Cisco Firewalls
Cisco's Firepower NGFW Series, ASA Series, and PIX family security appliances incorporate an array of configuration, tracking, and troubleshooting options which offer you the ability to set up these firewalls to match your company's needs. Progent's CCIE certified network experts can show you how to configure and support a cost-effective network infrastructure that incorporates Cisco security appliances and that offers world-class protection, resilience, performance, and manageability. Progent's CISA and CISM-certified information security engineers can help your business to develop a security strategy appropriate for your business and can set up your PIX or ASA firewall to support your security policies. Progent's risk assessment consultants can evaluate the effectiveness of your current firewall deployment and audit the security of your entire IS network. Progent's Help Desk support team can provide urgent remote technical support for Cisco products and can give you quick access to a Cisco CCIE expert.
To see additional details about Progent's engineering expertise for Cisco technology, pick a topic:
Integration of Cisco and Third-party Firewall Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To contact Progent about technical assistance for Cisco products, call