Cisco is a perennial front-runner in developing state-of-the-art firewalls for the widest possible range of environments. Cisco's Firepower Next Generation Firewalls represent an advanced cybersecurity platform that marshals sophisticated hardware, cloud-based services, and machine learning to anticipate, identify, and mitigate threats without manual intervention. Progent's Cisco-certified CCIE firewall consultants can assist you to plan and execute a smooth upgrade to Cisco Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and help you enhance Firepower appliances with Cisco's cloud-based services to build and centrally manage IT environments that span local offices, data centers, and cloud resources. Progent's firewall consultants can also help you to maintain and debug older-generation Cisco security appliances. Progent's certified cybersecurity consultants can help you with policy creation based on leading best practices in order to establish a consistent and effective security posture that applies to all your devices anywhere.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower Next Generation Firewalls deliver a significant performance boost over Cisco's popular ASA 5500-X security appliances and offer unified control of modern security features like application visibility and control, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection, DDoS mitigation, and multi-node sandboxing. For more information about Cisco's Firepower portfolio of Next Generation Firewalls (NGFWs), refer to Cisco Firepower firewalls integration services.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500, and PIX 500 firewalls provide combined firewall, VPN, and intrusion prevention system services in compact single-box devices, delivering a wide array of features to match the security and compliance requirements of organizations from small and mid-size businesses to enterprises and ISPs. Ciscoís ASA 5500-X Series, ASA 5500, and PIX firewall appliances allow IT security staffs to protect their network perimeter and offer safe offsite and mobile connectivity while using powerful administration tools built on Cisco's industry-leading firewall products.
Ciscoís ASA 5500 Series and PIX 500 firewall appliances have reached end-of-life (EOL) but are still widely deployed in small and mid-size businesses and in some larger data centers. The ASA 5500-X Next-Generation Firewalls represent substantially more bang for the buck and have superseded Cisco's ASA 5500 and PIX 500 families of firewalls for new deployments. However, Cisco's older model firewall appliances, if properly maintained, can offer a high degree of protection by providing multiple features including firewall, VPN tunneling, and IPS.
Since Cisco's purchase of Sourcefire, the whole line of ASA 5500-X devices can be configured to support Firepower Services, built on Sourcefire's Snort technology, which is the world's most deployed intrusion protection system. Firepower services provide powerful new capabilities including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco-certified infrastructure consultants can help your organization to support and troubleshoot older ASA 5500 Series and PIX firewall appliances and can also help you to plan and implement an efficient upgrade to Ciscoís ASA 5500-X firewalls with Firepower. Progent can also assist you to design, configure, optimize, administer and troubleshoot new firewall solutions built on Cisco's current ASA 5500-X firewalls with Firepower. Progent's firewall consultants can also help your organization to migrate from your Cisco ASA 5500-X Series deployment to Cisco's latest Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X security appliances features an enhanced replacement for every rack-mountable unit in the older ASA 5500 series of firewalls. Each ASA 5500-X firewall targets the identical market as the associated earlier models, which gives small and midsize businesses plenty of room for selecting a firewall that meets their security requirements and budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and support Cisco's powerful security services. All models in Cisco's ASA 5500-X family provide dependable protection across any combination of physical, virtual, and cloud environments.
For additional information about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA 5500-X security appliances, go to Cisco Firepower integration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls work with software or physical modules that enable Firepower Services, which offer layered protection against multi-vector attacks. Firepower Services are powered by technology adopted by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA 5500-X security appliances include:
- Layered protection against both familiar and new threats
- Advanced Malware Protection (AMP) that uses big data techniques to find and remediate security breaches
- A Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers users, network infrastructure, software applications, and content to detect threats that use simultaneous vectors
- Fine-grained Application Visibility and Control that is aware of thousands of applications and can automatically activate standard and customized IPS policies based on the degree of risk
Firepower Services for Cisco ASA 5500-X firewalls offer advanced multi-layered security
Smaller deployments of ASA 5500-X firewalls can be efficiently managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility included with all ASA 5500-X models. ASDM provides an easy-to-use web console for configuring, managing, and debugging ASA 5500-X appliances and modules.
For more complex environments, ASA 5500-X appliances with Firepower Services can be managed using Cisco's Firepower Management Center, implemented as one or several physical units or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection. Because of frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names that include Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Cisco Firepower Management Center unifies event and policy control for Firepower firewalls
Firepower Management Center provides features beyond those available with Cisco's on-device ASDM tool. Extra capabilities include greater context awareness, Advanced Malware Protection with mitigation for user devices, a dashboard that provides dynamic infrastructure visualization, automated policy tuning driven by impact evaluation of threats, comprehensive IPS, custom app detectors for Application Visibility and Control (AVC), customized health alerts, improved reporting features, and APIs for host input and databases. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be handled via the on-box ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls leverage technology behind the PIX 500 Security Appliance, the IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) Firewall product line to deliver a platform that stops the widest variety of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide application security, network containment and control, and safe Virtual Private Network functionality throughout the entire product line. This broad scope of security enables defense of any network area, which includes the most typical threat conduits such as remote sites, locally-attached inside users, and off-site access VPNs.
The expandable design of the Cisco ASA 5500 family enables you to add more services by installing security service modules (SSMs) and security service cards (SSCs). These user-installable enhancements give you the option of adding IPS and content protection services like blocking virus, spyware, and phishing assaults and performing data and web screening. In addition to enabling your IT staff to respond quickly to the latest risk environments, the expandable design of the Cisco ASA 5500 family also leverages your capital investment by increasing the life of your firewalls. The ASA 5500 Series also leverages your investment in administrative team education by utilizing the familiar library of PIX 500 security management tools and protocols including the Cisco Adaptive Security Device Manager platform, protected command-line interface availability, verbose syslog, and SNMP.
Cisco Adaptive Security Appliances firewalls deliver robust application protection via smart, application-aware inspection processes that analyze traffic at Layers 4-7. This results in a safer environment including Web, voice, and mobile wireless access. To protect networks against application-layer attacks and to offer stronger control over the applications and protocols used in their environments, these inspection engines incorporate broad application and protocol knowledgebases and rely on protection enforcement technologies such as anomaly sensing and application and protocol state monitoring. Also incorporated are assault detection and mitigation techniques including application/protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver control over IM and peer-to-peer file sharing, enabling organizations to enforce usage policies and conserve network bandwidth for important business applications.
For additional information about Progent's consulting services for Cisco's ASA 5500 security appliances, visit ASA 5500 firewalls configuration and troubleshooting support.
Based around a hardened, purpose-built software platform that offers a wealth of protection features, Cisco PIX firewall appliances provide a high level of protection and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security qualification. PIX firewalls offer security for a wide array of VoIP and additional multimedia conventions such as H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and MGCP, helping organizations to protect deployments of a broad range of current and upcoming Voice over IP and mixed-media applications.
PIX firewalls feature a variety of configuration, monitoring, and troubleshooting options, providing businesses the versatility to utilize the methods that best match their needs. Management solutions include centralized, policy-based administration utilities, integrated web-based management, and compatibility with remote-tracking standards like Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM interface offers a powerful Web-accessible management platform that greatly streamlines the installation, in-place configuration, and tracking of a specific PIX security appliance without the need of any additional software beyond a standard browser and Java applet to be installed on an administrator's PC.
IT managers can furthermore remotely configure, track, and troubleshoot Cisco PIX firewalls using a CLI interface. Secure command-line interface (CLI) access is available through several methods such as Secure Shell Protocol, Telnet over IP Security, and out-of-band through a console port. PIX security appliances also include robust automatic-update capabilities, a set of revolutionary secure remote-administration services that make sure that security configurations and software images are always up to date.
For more details about Progent's consulting services for PIX firewalls, visit Cisco PIX 500 firewalls integration and troubleshooting support.
Progent's Migration Support Services for Cisco Firewalls
Since Cisco has ceased offering the PIX and ASA 5500 families of firewalls, many companies are concerned about relying on a critical infrastructure mechanism that may no longer be supported. ASA 5500-X and Firepower Series security appliances offer the benefit of being new products and also offer several technical and economic advantages in comparison to PIX firewalls. These advantages include significantly higher performance, optional SSL VPN support, and a modular architecture that guards your investment by allowing you to add new security services when and if you need them. Progent's CCIE-certified experts can help you to determine the business case for upgrading from PIX 500 or Cisco ASA 5500 firewalls, create a migration process that allows for a fast and non-disruptive changeover, assist you to configure new ASA 5500-x Series or Firepower NGFW Series appliances, and provide online, consulting, and technical support services.
Other Ways Progent Can Assist You with Cisco ASA and PIX Firewalls
Cisco Firepower Series, ASA Series, and PIX family firewalls provide an array of setup, monitoring, and analysis options which give you the flexibility to set up these firewalls to match your business requirements. Progent's CCIE authorized network consultants can help you to build a cost-effective network infrastructure that incorporates Cisco security appliances and that provides world-class protection, fault tolerance, performance, and manageability. Progent's GISA and CISM-premier IS security consultants can assist your business to create a security strategy that makes sense for your environment and can set up your firewall to support your security strategy. Progent's security assessment experts can evaluate the strength of your existing firewall deployment and help determine the overall security of your whole IS network. Progentís Help Desk support team can deliver emergency remote troubleshooting for Cisco technology and offer fast access to a Cisco CCIE network engineer.
To find out more details about Progent's consulting assistance for Cisco products, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to ask Progent about technical expertise for Cisco products, phone 1-800-993-9400 or go to Contact Progent.