Cisco is a long-time leader in delivering cutting-edge firewalls for the widest possible variety of deployments. Cisco's Firepower Next Generation Firewalls represent a modern firewall solution that marshals dedicated hardware, cloud-based services, and machine learning to block, discover, and mitigate cyber attacks automatically. Progent's Cisco-certified CCIE firewall consultants can assist your organization to plan and execute a smooth migration to Cisco Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and show you how to enhance Firepower firewalls with Cisco's security services to build and centrally manage IT environments that include local offices, data centers, and cloud resources. Progent's firewall consultants can also assist you to maintain and troubleshoot older-generation Cisco security appliances. Progent's certified network security consultants can help you with policy creation and tuning driven by industry best practices in order to establish a consistent security profile across all your devices anywhere.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower Next Generation Firewalls provide a significant performance boost over Cisco's popular ASA 5500-X firewalls and include centralized control of advanced security capabilities such as application visibility and control, next-generation intrusion protection with risk prioritization, advanced malware protection, distributed denial of service (DDoS) mitigation, and sandboxing. For details about Cisco's Firepower family of Next Generation Firewalls (NGFWs), refer to Firepower firewalls consulting expertise.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500, and PIX 500 firewall appliances provide combined firewall, VPN, and intrusion prevention system capabilities in compact single-box packages, delivering a broad array of features to meet the security needs of companies ranging from small and mid-size businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls allow IT security staffs to protect their network perimeter and provide safe remote connectivity while using advanced administration mechanisms based on Cisco's industry-leading firewall products.
Ciscoís ASA 5500 Series and PIX 500 firewall appliances have arrived at end-of-life (EOL) but are still widely deployed in smaller businesses and in a few enterprise data centers. The ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have supplanted Cisco's ASA 5500 and PIX 500 lines of firewalls for new installations. Still, Cisco's legacy firewall appliances, if properly managed, continue to offer a high degree of security by providing a variety of security functions such as stateful firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's purchase of Sourcefire, the entire line of Cisco ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort technology, which is the market's most deployed intrusion protection system. Firepower services provide enhanced features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco CCIE-premier infrastructure engineers can assist you to support and troubleshoot legacy ASA 5500 Series and PIX firewalls and can also assist you to plan and implement an efficient upgrade to Ciscoís ASA 5500-X Series firewalls with Firepower. Progent can also help you to design, deploy, optimize, manage and troubleshoot new firewall solutions based on Cisco's current ASA 5500-X firewalls with Firepower. Progent can also help your organization to migrate from your Cisco ASA 5500-X Series deployment to Cisco's latest Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive family of ASA 5500-X firewalls features an enhanced replacement for each rack-mountable model in the previous ASA 5500 generation of firewalls. Each ASA 5500-X firewall is suited for the same environment as the associated previous models, which offers small and midsize businesses ample choice for selecting a solution that meets their security needs and budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and support Cisco's powerful security services. All devices in Cisco's ASA 5500-X product line provide dependable security across any mix of physical, virtual, and cloud deployments.
For more information about ASA 5500-X firewalls, Cisco Firepower services, and Progent's consulting for ASA security appliances, go to Firepower integration and debugging consulting
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances accept either software or hardware modules that enable Cisco's Firepower Services, which offer layered protection against multi-vector threats. Cisco's Firepower Services are powered by innovative technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA security appliances include:
- Layered protection against familiar and new attacks
- Advanced Malware Protection (AMP) that utilizes big data to discover and remediate security breaches
- Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that covers clients, infrastructure, software applications, and content to detect threats that use simultaneous approaches
- High-resolution Application Visibility and Control that is aware of thousands of apps and can automatically launch both standard and custom IPS policies based on the degree of risk
Firepower Services for ASA 5500-X firewalls offer advanced multi-layered security
Simpler deployments of Cisco ASA 5500-X firewalls can be efficiently managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility included with all ASA 5500-X models. ASDM includes an easy-to-use web dashboard for deploying, administering, and debugging ASA 5500-X firewalls and service modules.
For more complex environments, ASA 5500-X firewalls with Firepower can be administered using Cisco's Firepower Management Center, available as one or several physical units or virtual appliances. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of ongoing rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under various names including Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center unifies event and policy control for Firepower firewall appliances
Firepower Management Center provides features beyond those available with Cisco's on-box Adaptive Security Device Manager utility. Additional capabilities include greater context awareness, Cisco's Advanced Malware Protection with remediation for user devices, a dashboard that provides dynamic network infrastructure visualization, automated policy tuning based on impact evaluation of threats, comprehensive IPS, custom application detectors for Application Visibility and Control, customized health alerts, enhanced reporting options, and application interfaces for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be handled via Cisco's ASA 5500-X on-box ASDM or the ASA CLI.
Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances Firewalls leverage engineering behind the PIX 500 family Security Appliance, the Cisco IPS 4200 sensor, and the VPN 3000 family concentrator. These solutions converge on the Cisco Adaptive Security Appliances 5500 Series Firewall product line to deliver a platform that stops the widest range of attacks. Cisco ASA 5500 Series Firewalls provide application protection, network containment, and clean Virtual Private Network functionality throughout the entire product portfolio. This broad scope of security allows the guarding of any network section, including the most typical attack vectors like remote locations, locally-connected inside users, and remote access VPNs.
The expandable design of the ASA 5500 family permits you to add services by installing security service modules and security service cards. These easy-to-install enhancements give you the option of adding IPS and content protection functions such as blocking virus, spyware, and phishing assaults and executing file and web screening. Beside allowing you to respond quickly to the latest risk environments, the expandable design of the Cisco ASA 5500 family also protects your hardware investment by prolonging the life of your security appliances. The Cisco ASA 5500 family also leverages your investment in IT team training by supporting the familiar set of PIX 500 management utilities and protocols including the Cisco Adaptive Security Device Manager platform, protected command-line interface access, verbose syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide robust application security via intelligent, application-aware inspection engines that analyze traffic at Layers 4-7. The result is a better protected network including Web, voice, and mobile wireless connectivity. To protect against application-layer attacks and to provide better control over the applications and protocols used in their networks, these inspection engines integrate extensive application and protocol knowledgebases and rely on protection enforcement technologies that include anomaly detection and state tracking. Also incorporated are attack sensing and mitigation techniques such as application and protocol command filters and content verification. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver control over IM and peer-to-peer file sharing, enabling businesses to enforce usage policies and preserve network bandwidth for crucial business applications.
For additional details about Progent's consulting services for Cisco's ASA 5500 firewalls, go to Cisco ASA 5500 series firewalls integration and debugging support.
Based upon a hardened, specialized OS that delivers rich security features, PIX security appliances offer a high level of protection and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IPsec qualification. PIX security appliances provide protection for a broad range of VoIP and additional mixed-media standards such as H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol (MGCP), enabling organizations to protect deployments of a broad range of contemporary and upcoming IP voice and mixed-media applications.
PIX firewalls offer a variety of setup, tracking, and troubleshooting options, providing IT managers the flexibility to utilize the techniques that best match their requirements. Administrative options include common, policy-based management utilities, integrated web-accessible management, and compatibility with remote-tracking standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a world-class Web-based management solution that greatly simplifies the deployment, ongoing configuration, and monitoring of a single Cisco PIX firewall without requiring any extra software other than a standard Web browser and Java applet to be running on a manager's PC.
IT managers can also remotely configure, monitor, and analyze PIX firewall appliances using a CLI interface. Safe CLI interface access is possible through a number of techniques such as Secure Shell Protocol, Telnet through IPsec, and out-of-band through a console port. PIX firewalls also include robust auto-update capabilities, a collection of revolutionary secure remote-administration services that ensure security settings and software images are kept up to date.
For additional details about Progent's support services for PIX firewalls, go to PIX firewalls configuration and troubleshooting consulting.
Progent's Migration Consulting for Cisco Firewalls
Since Cisco has stopped selling the PIX and ASA 5500 families of firewalls, many companies are uncomfortable with relying on a critical infrastructure component that might stop being supported. Cisco ASA 5500-X and Firepower Series firewalls offer the benefit of being current products and also offer several technical and financial benefits in comparison to PIX firewalls. These benefits include significantly better performance, optional SSL tunneling support, and a modular architecture that protects your investment by allowing you to self-install more security services whenever you require them. Progent's CCIE-certified experts can help you to determine the strategic case for upgrading from PIX 500 or Cisco ASA 5500 firewalls, create a migration plan that permits a quick and seamless upgrade, help you to deploy new ASA 5500-x or Firepower Series firewalls, and provide online, consulting, and technical support services.
Other Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco's Firepower Series, ASA 5500 Series, and PIX family security appliances incorporate a wealth of setup, monitoring, and analysis features which offer you the ability to set up these firewalls to match your company's requirements. Progent's CCIE authorized network consultants can help you to design an efficient infrastructure that incorporates Cisco firewall technology and that offers world-class security, fault tolerance, performance, and manageability. Progent's CISA and CISSP-ISSP-premier information security consultants can help you to develop a security policy appropriate for your business and can configure your PIX or ASA firewall to support your security strategy. Progent's risk evaluation engineers can assess the effectiveness of your current firewall deployment and validate the overall security of your entire IS environment. Progentís Help Desk support team can deliver urgent remote technical support for Cisco products and offer quick access to a Cisco CCIE expert.
For additional details about Progent's professional expertise for Cisco products, choose a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to contact Progent about engineering assistance for Cisco technology, call 1-800-993-9400 or visit Contact Progent.