Cisco is a perennial front-runner in developing cutting-edge firewalls for the widest possible range of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) represent a modern cybersecurity solution that marshals dedicated hardware, cloud-based services, and machine learning to block, identify, and respond to threats automatically. Progent's Cisco-certified CCIE firewall consultants can assist your organization to design and execute an efficient upgrade to Cisco Firepower firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you integrate Firepower appliances with Cisco's security services to create and centrally manage network ecosystems that span local offices, data centers, private clouds and public clouds. Progent can also assist you to maintain and debug older-generation Cisco security appliances. Progent's certified cybersecurity consultants can help you with policy creation based on leading best practices in order to build a consistent security profile that applies to all your networked endpoints at any location.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower Next Generation Firewalls deliver a major performance boost compared to Cisco's previous-generation ASA 5500-X firewalls and include unified control of modern security capabilities like application visibility and control (AVC), next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection, distributed denial of service (DDoS) mitigation, and sandboxing. For details about Cisco's Firepower line of Next Generation Firewalls, refer to Firepower Series firewalls consulting experts.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500 Series, and PIX firewall appliances provide integrated firewall, IPsec VPN, and intrusion prevention system (IPS) services in single-box packages, delivering a wide range of features to meet the security and compliance needs of companies ranging from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X, ASA 5500, and PIX firewalls allow IT security staffs to defend their network edge and provide safe remote access while using advanced management tools based on Cisco's industry-leading firewall products.
Ciscoís ASA 5500 Series and PIX 500 firewall appliances have arrived at end-of-life but are still widely deployed in small and mid-size businesses and in some enterprise data centers. Ciscoís ASA 5500-X Series Next-Generation Firewalls represent significantly more bang for the buck and have superseded the ASA 5500 and PIX lines of firewalls for new installations. Still, Cisco's older model firewall appliances, if carefully maintained, continue to deliver a high degree of security by supplying multiple services such as firewall, Virtual Private Network (VPN) connections, and IPS.
After Cisco's purchase of Sourcefire, the entire line of Cisco ASA 5500-X devices can be configured to support Firepower Services, built on Sourcefire's Snort product, which is the market's most popular network intrusion protection system. Firepower services bring enhanced capabilities including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco CCIE-premier infrastructure engineers can help you to maintain and debug older ASA 5500 Series and PIX 500 firewall appliances and can also assist you to plan and implement a smooth upgrade to Ciscoís ASA 5500-X firewalls with Firepower Services. Progent can also assist you to plan, configure, optimize, manage and troubleshoot new firewall solutions based on Cisco's latest ASA 5500-X firewalls with Firepower. Progent's firewall consultants can also help your organization to migrate from your Cisco ASA 5500-X deployment to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X security appliances includes an enhanced replacement for each rack-mountable unit in the older ASA 5500 series of devices. Each ASA 5500-X model targets the identical market as the corresponding previous models, which gives small and midsize businesses ample room for picking a solution that meets their security requirements and IT budgets. All ASA 5500-X products build on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful security services. All models in Cisco's ASA 5500-X family deliver dependable protection across any mix of physical, virtual, and cloud deployments.
For additional details about ASA 5500-X security appliances, Firepower services, and Progent's support for ASA security appliances, see Cisco Firepower configuration and debugging consulting
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with either software or physical modules that support Firepower Services, which provide layered protection against multi-vector attacks. Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA firewalls include:
- Multi-layer defense against both familiar and new attacks
- Advanced Malware Protection that utilizes big data to discover and mitigate intrusions
- A Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers users, network infrastructure, apps, and content to detect attacks that use simultaneous vectors
- High-resolution Application Visibility and Control that is familiar with thousands of apps and can automatically activate standard and custom IPS policies based on the severity of risk
Firepower Services for Cisco ASA firewalls provide multi-layered security
Smaller implementations of Cisco ASA firewalls can be efficiently managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility included with all ASA 5500-X versions. ASDM provides a simple web console for deploying, managing, and troubleshooting ASA 5500-X devices and modules.
For multi-device and multi-site environments, ASA 5500-X firewalls with Firepower Services can be administered using Cisco's Firepower Management Center, implemented as one or several physical or virtual appliances. Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under several names including Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Cisco Firepower Management Center unifies event and policy control for Firepower firewall appliances
Cisco's Firepower Management Center provides features beyond those available with Cisco's on-device ASDM tool. Additional features include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for user devices, a console that offers real-time network infrastructure visualization, automated policy tuning based on impact evaluation of threats, comprehensive IPS, custom app detectors for Application Visibility and Control (AVC), customized health notifications, enhanced reporting options, and APIs for host input and database access. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be handled using Cisco's ASA 5500-X on-box ASDM or the ASA CLI.
Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls leverage technology developed for the PIX 500 Series Security Appliance, the IPS 4200 Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These technologies enable the Cisco Adaptive Security Appliances 5500 Series Firewall product line to deliver a firewall that stops the widest range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver application protection, network containment and control, and clean VPN functionality across Cisco's product portfolio. This broad scope of security allows defense of any network area, including the most common threat conduits like remote locations, LAN-connected internal users, and remote access Virtual Private Networks.
The scalable design of the Cisco ASA 5500 family enables you to add more services by installing service modules and security service cards. These easy-to-install enhancements provide the option of adding Intrusion Protection and content protection functions like blocking virus, worms, and phishing assaults and executing file and web filtering. Beside allowing your IT staff to react rapidly to the latest threat vectors, the extensible design of the Cisco ASA 5500 family also leverages your hardware investment by increasing the life of your security appliances. The Cisco ASA 5500 family also leverages your investment in IT team education by utilizing the rich library of PIX security management tools and protocols such as the Cisco Adaptive Security Device Manager platform, secure command-line interface availability, syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances (ASA) firewalls deliver a high-level of application protection via smart, application-aware inspection processes that analyze traffic at Layers 4-7. This produces a safer network covering Web, voice, and mobile wireless services. To defend against application-layer attacks and to offer better policing of the applications and protocols used in their environments, these inspection engines incorporate extensive application and protocol knowledge and rely on security enforcement technologies such as protocol anomaly detection and state monitoring. Also included are attack detection and remediation techniques such as application and protocol command filters and URL deobfuscation. Cisco ASA firewall inspection engines also provide management of IM and peer-to-peer file sharing, enabling organizations to enforce usage policies and conserve network bandwidth for critical business applications.
For more details about Progent's support services for ASA 5500 firewalls, visit Cisco ASA 5500 series firewalls integration and debugging services.
Cisco PIX Security Appliance Series
Based around a tested, purpose-built operating system that delivers rich security services, PIX security appliances provide excellent security and have earned EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. PIX firewalls provide security for a wide range of VoIP and other multimedia conventions such as H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, helping businesses to safeguard deployments of a broad array of contemporary and next-generation IP voice and mixed-media applications.
Cisco PIX firewall appliances offer a wealth of configuration, monitoring, and analysis options, giving businesses the versatility to utilize the methods that most closely meet their requirements. Management solutions include common, policy-based management tools, integrated web-accessible management, and compatibility with remote-monitoring protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a powerful Web-based control solution that significantly streamlines the installation, ongoing configuration, and tracking of a single PIX firewall appliance without the need of any extra software beyond a standard Web browser and Java plug-in to be installed on an administrator's PC.
IT managers can furthermore remotely configure, track, and troubleshoot PIX firewall appliances using a command-line interface (CLI). Secure CLI interface communication is possible through a number of techniques including Secure Shell Protocol, Telnet through IPsec, and out-of-band through a console port. Cisco PIX firewall appliances also have dependable auto-update features, a collection of revolutionary protected remote-administration services that make sure that security configurations and software images are always current.
For more information about Progent's consulting services for PIX firewalls, visit PIX 500 firewalls integration and debugging consulting.
Progent's Migration Support for Cisco Firewalls
Because Cisco has stopped selling the PIX and ASA 5500 product lines, many companies are uncomfortable with depending on a key security mechanism that might no longer be supported. Cisco ASA 5500-X and Firepower NGFW Series security appliances offer the benefit of being new products and also offer several technical and budgetary advantages in comparison to PIX firewalls. These advantages include significantly higher performance, optional SSL VPN support, and an expandable architecture that protects your investment by allowing you to self-install new security services whenever you require them. Progent's Cisco certified network engineers can help your company to assess the strategic case for migrating from PIX or ASA 5500 firewalls, design a migration plan that permits a fast and non-disruptive upgrade, assist your IT staff to deploy new ASA 5500-x Series or Firepower NGFW Series firewalls, and offer remote training, consulting, and troubleshooting services.
Additional Ways Progent Can Assist You with Cisco ASA and PIX Firewalls
Cisco's Firepower NGFW Series, ASA 5500 Series, and PIX family firewalls incorporate an array of configuration, tracking, and troubleshooting features which offer you the ability to configure these firewalls to match your company's requirements. Progent's CCIE certified network consultants can help you to build an efficient infrastructure that includes Cisco firewall technology and that offers advanced protection, resilience, performance, and recoverability. Progent's CISA and CISM-premier information security engineers can help you to develop a security strategy appropriate for your business and can configure your firewall to support your security policies. Progent's security evaluation experts can assess the effectiveness of your current firewall deployment and audit the security of your entire IS environment. Progentís Help Desk support team can provide emergency online troubleshooting for Cisco products and can give you quick access to a Cisco CCIE network engineer.
To find out more information concerning Progent's professional support for Cisco solutions, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to ask Progent about technical expertise for Cisco products, call 1-800-993-9400 or go to Contact Progent.