Cisco is a perennial front-runner in developing cutting-edge firewalls for the broadest possible range of deployments. Cisco's Firepower Next Generation Firewalls provide a modern firewall platform that combines sophisticated hardware, cloud services, and machine learning to anticipate, discover, and respond to threats without manual intervention. Progent's Cisco-certified CCIE firewall consultants can assist your organization to plan and execute a smooth migration to Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and show you how to integrate Firepower appliances with Cisco's subscription-based security services to build and centrally manage IT environments that include branch offices, data centers, private clouds and public clouds. Progent can also help you to manage and troubleshoot older-generation Cisco firewalls. Progent's certified network security consultants can assist you with policy creation driven by leading best practices in order to establish a consistent security profile that applies to all your endpoints anywhere.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower Next Generation Firewalls deliver a significant performance improvement compared to Cisco's popular ASA 5500-X security appliances and offer centralized management of advanced cybersecurity features such as application visibility and control (AVC), next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection, URL filtering, and multi-node sandboxing. For more information about Cisco's Firepower line of Next Generation Firewalls (NGFWs), see Cisco Firepower firewalls integration experts.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances offer integrated firewall, IPsec VPN, and intrusion prevention system (IPS) capabilities in compact single-box packages, delivering a broad range of features to meet the security and compliance requirements of organizations ranging from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500, and PIX 500 firewall appliances enable network security teams to defend their network perimeter and offer secure offsite and mobile access while using advanced administration mechanisms based on Cisco's world-class firewall technology.
Cisco’s ASA 5500 and PIX firewalls have arrived at end-of-life but are still widely used in smaller organizations as well as in a few larger data centers. The ASA 5500-X Next-Generation Firewalls represent substantially more bang for the buck and have superseded the ASA 5500 and PIX lines of firewalls for new deployments. Still, Cisco's legacy firewall appliances, if properly maintained, can offer a high level of security by supplying multiple security functions such as firewall, VPN tunneling, and IPS.
Following Cisco's purchase of Sourcefire, the entire family of Cisco ASA 5500-X firewalls can be configured to support Firepower Services, built on Sourcefire's Snort technology, which is the world's most popular network intrusion protection system (IPS). Firepower services provide enhanced capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco CCIE-premier network engineers can assist you to maintain and debug legacy ASA 5500 Series and PIX 500 firewalls and can also assist you to plan and carry out an efficient upgrade to Cisco’s ASA 5500-X firewalls with Firepower Services. Progent can also assist you to design, configure, optimize, administer and debug new firewall ecosystems based on Cisco's latest ASA 5500-X models with Firepower Services. Progent's firewall consultants can also help your organization to upgrade from your Cisco ASA 5500-X Series solution to Cisco's latest Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive line of ASA 5500-X security appliances features an improved substitute for every rack-mountable unit in the previous ASA 5500 line of firewalls. Each ASA 5500-X model is suited for the identical environment as the associated previous models, which gives most ample room for selecting a firewall that meets their security requirements and budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and support Cisco's powerful security services. All devices in Cisco's ASA 5500-X product line deliver consistent security across any combination of physical, virtual, and cloud environments.
For more information about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's consulting for Cisco ASA security appliances, visit Cisco Firepower configuration and troubleshooting consulting
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls work with either software or physical modules that enable Cisco's Firepower Services, which provide layered protection against sophisticated threats. Cisco's Firepower Services are powered by technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X firewalls include:
- Layered protection against both familiar and zero-day attacks
- Advanced Malware Protection that utilizes big data techniques to find and mitigate security breaches
- A Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at users, infrastructure, apps, and content to discover threats that use multiple vectors
- High-resolution Application Visibility and Control that is familiar with thousands of applications and can automatically launch standard and custom IPS policies depending on the severity of risk
Firepower Services for ASA 5500-X firewalls provide multi-layered security
Simpler implementations of ASA 5500-X firewalls can be efficiently administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all ASA 5500-X versions. ASDM includes a simple web console for configuring, administering, and troubleshooting ASA 5500-X appliances and service modules.
For more complex environments, ASA 5500-X firewalls with Firepower can be managed with Firepower Management Center, implemented as one or more physical or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Advanced Malware Protection. Because of frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under several names that include Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center centralizes event and policy management for Firepower firewalls
Firepower Management Center provides capabilities unavailable with Cisco's on-device ASDM utility. Additional capabilities include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for client devices, a console that offers dynamic network visualization, automated policy tuning driven by risk evaluation of threats, comprehensive IPS, custom application discovery for Application Visibility and Control (AVC), customized health notifications, enhanced reporting features, and APIs for host input and databases. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed via Cisco's ASA 5500-X on-device ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage engineering behind the Cisco PIX 500 Security Appliance, Cisco's IPS 4200 Intrusion Prevention System, and the VPN 3000 family concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) Firewall product line to deliver a firewall that defends against the widest variety of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver application security, network containment and control, and safe VPN connectivity throughout Cisco's product portfolio. This breadth of protection enables the guarding of any network area, which includes the most typical threat conduits like remote locations, LAN-attached internal users, and remote connected Virtual Private Networks.
The scalable design of the ASA 5500 family enables you to add features by installing security service modules and security service cards. These easy-to-install enhancements provide the ability to add Intrusion Protection and content protection functions like blocking virus, worms, and phishing assaults and performing file and web screening. Beside enabling you to respond quickly to new risk environments, the extensible design of the Cisco ASA 5500 Series also protects your capital investment by increasing the life of your security appliances. The Cisco ASA 5500 family also leverages your investment in administrative staff training by supporting the rich set of PIX security management tools and protocols including the Cisco Adaptive Security Device Manager (ASDM) system, secure command-line interface availability, syslog, and SNMP.
Cisco ASA firewalls deliver a high-level of application security via intelligent, application-sensitive inspection engines that examine traffic at Layers 4-7. This produces a more secure network including Web, voice, and 3G-mobile wireless services. To protect against application-layer attacks and to offer stronger control over the programs and protocols used in their networks, these inspection engines incorporate broad application and protocol knowledge and rely on security enforcement solutions such as protocol anomaly detection and state tracking. Also included are assault detection and remediation techniques including application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also provide management of IM and tunneling applications, allowing organizations to police usage policies and free up bandwidth for critical business processes.
For more details about Progent's consulting services for Cisco's ASA 5500 security appliances, see ASA 5500 firewalls integration and debugging consulting.
Built upon a tested, purpose-built operating system that delivers rich security services, PIX firewalls provide excellent security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec qualification. PIX firewall appliances offer protection for a broad array of Voice over IP and additional multimedia standards including H.323 v. 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), enabling organizations to safeguard installations of a broad array of current and upcoming IP voice and mixed-media applications.
PIX security appliances feature a wealth of setup, monitoring, and analysis options, giving IT managers the flexibility to use the methods that best match their requirements. Administrative options include common, policy-based administration utilities, integrated web-accessible administration, and compatibility with remote-tracking standards such as Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager system offers a world-class Web-accessible control platform that greatly streamlines the installation, in-place modification, and tracking of a single PIX firewall without requiring any extra software other than a standard Web browser and Java plug-in to be installed on an administrator's computer.
Administrators can also remotely set up, monitor, and analyze Cisco PIX firewall appliances via a command-line interface. Secure command-line interface access is available through a number of methods such as Secure Shell Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. Cisco PIX firewall appliances also include dependable automatic-update features, a collection of revolutionary protected remote-management services that make sure that security configurations and software images are kept up to date.
For additional information about Progent's support services for Cisco PIX 500 firewalls, go to PIX 500 firewalls configuration and troubleshooting consulting.
Progent's Migration Support Services for Cisco Firewalls
Because Cisco has stopped offering the PIX and ASA 5500 product lines, many businesses are concerned about depending on a key infrastructure component that may stop being supported by Cisco. ASA 5500-X and Firepower NGFW Series security appliances have the advantage of being current products and also bring a number of functions and economic advantages in comparison to PIX devices. These benefits include substantially higher performance, optional Secure Sockets Layer tunneling capability, and an expandable design that protects your investment by allowing you to self-install new security features whenever you need them. Progent's Cisco certified network engineers can help your company to assess the strategic value of for moving from PIX or Cisco ASA 5500 security appliances, create a migration process that permits a fast and non-disruptive changeover, help you to configure new ASA 5500-x or Firepower Series firewalls, and provide remote training, consulting, and technical support services.
Other Ways Progent Can Help You with Cisco ASA and PIX Security Appliances
Cisco's Firepower Series, ASA 5500 Series, and PIX security appliances incorporate a wealth of configuration, tracking, and troubleshooting features that offer you the ability to set up these security appliances to match your company's needs. Progent's CCIE certified network experts can assist you to design a cost-effective infrastructure that incorporates Cisco security appliances and that provides advanced security, resilience, performance, and recoverability. Progent's GISA and CISM-certified information security professionals can assist your business to create a security policy that makes sense for your business and can configure your PIX or ASA firewall to support your security policies. Progent's security evaluation engineers can assess the strength of your current firewall solution and help determine the security of your entire IT network. Progent’s Help Desk support team can provide emergency remote troubleshooting for Cisco products and can give you fast access to a Cisco expert.
To learn more details about Progent's consulting help for Cisco networking products, choose a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to get in touch with Progent about consulting expertise for Cisco products, call 1-800-993-9400 or refer to Contact Progent.