Cisco is a perennial leader in delivering cutting-edge firewall appliances for the broadest possible variety of environments. Cisco's Firepower Next Generation Firewalls represent an advanced cybersecurity platform that combines dedicated hardware, cloud services, and machine learning to anticipate, discover, and mitigate cyber attacks without manual intervention. Progent's Cisco-certified CCIE firewall experts can assist you to design and carry out an efficient upgrade to Firepower firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you integrate Firepower appliances with Cisco's security services to build and centrally manage IT environments that include local offices, data centers, private clouds and public clouds. Progent can also assist you to manage and troubleshoot legacy Cisco security appliances. Progent's certified cybersecurity consultants can help you with policy creation driven by industry best practices so you can establish a consistent cybersecurity posture that applies to all your networked devices anywhere.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower NGFWs Firewalls deliver a major performance improvement compared to Cisco's previous-generation ASA 5500-X security appliances and include unified control of modern security capabilities like application visibility and control, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection, distributed denial of service (DDoS) mitigation, and multi-node sandboxing. For details about Cisco's Firepower portfolio of NGFWs Firewalls, refer to Cisco Firepower Series firewalls integration experts.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500, and PIX firewalls provide integrated firewall, IPsec VPN, and intrusion prevention system (IPS) capabilities in single-box packages, delivering a wide range of features to match the security requirements of organizations from small businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances allow network security staffs to protect their network edge and offer secure offsite and mobile connectivity while using advanced administration mechanisms built on Cisco's industry-leading firewall products.
Cisco’s ASA 5500 and PIX 500 firewall appliances have arrived at end-of-life (EOL) but remain widely deployed in smaller businesses and in some larger networks. The ASA 5500-X Next-Generation Firewalls deliver significantly more value and have superseded Cisco's ASA 5500 and PIX 500 lines of firewalls for new deployments. However, Cisco's older model firewall appliances, if carefully maintained, can offer a high level of protection by providing a variety of services such as stateful firewall, IPsec VPN, and IPS.
After Cisco's purchase of Sourcefire, the whole family of Cisco ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort technology, which is the market's most deployed intrusion protection system (IPS). Firepower services provide enhanced features including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco CCIE-certified network engineers can assist your organization to support and debug legacy ASA 5500 Series and PIX firewall appliances and can also assist you to plan and carry out an efficient upgrade to Cisco’s ASA 5500-X firewalls with Firepower. Progent can also help you to design, deploy, optimize, administer and debug new firewall ecosystems built on Cisco's latest ASA 5500-X firewalls with Firepower Services. Progent can also help you to migrate from your Cisco ASA 5500-X solution to Cisco's latest Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X security appliances features an improved substitute for every rack-mountable unit in the previous ASA 5500 generation of firewalls. Each ASA 5500-X firewall targets the same market as the associated earlier models, which gives small and midsize businesses ample room for selecting a firewall that meets their security requirements and IT budgets. All ASA 5500-X products build on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore processors and support Cisco's advanced security services. All devices in Cisco's ASA 5500-X family provide dependable protection across any mix of physical, virtual, and cloud environments.
For additional details about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's support for ASA 5500-X security appliances, visit Firepower configuration and troubleshooting consulting
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with software or hardware modules that support Firepower Services, which provide layered defense against advanced threats. Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA security appliances include:
- Layered defense against familiar and zero-day attacks
- Advanced Malware Protection that uses big data to discover and mitigate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at clients, infrastructure, apps, and content to discover threats that incorporate simultaneous approaches
- Fine-grained Application Visibility and Control (AVC that is familiar with thousands of apps and can automatically activate both standard and custom IPS policies based on the severity of risk
Firepower Services for ASA firewalls provide multi-layered protection
Simpler implementations of ASA 5500-X firewalls can be effectively managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all ASA 5500-X versions. ASDM provides a simple web console for configuring, administering, and troubleshooting ASA 5500-X devices and service modules.
For multi-device and multi-site environments, ASA 5500-X firewalls with Firepower Services can be administered with Cisco's Firepower Management Center, available as one or several physical units or virtual devices. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Due to ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names including Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center unifies event and policy control for Firepower firewalls
Firepower Management Center provides features unavailable with Cisco's on-box ASDM utility. Extra capabilities include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for user devices, a console that offers dynamic network visualization, automated policy tuning driven by risk evaluation of threats, advanced IPS, custom application discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting features, and APIs for host input and databases. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be handled via Cisco's ASA 5500-X on-box ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls build on engineering behind Cisco's PIX 500 Security Appliance, the Cisco IPS 4200 family sensor, and the Cisco VPN 3000 Series concentrator. These technologies enable the Cisco ASA Firewall family to offer a firewall that stops the widest variety of attacks. Cisco ASA Firewalls provide application protection, network containment, and clean Virtual Private Network connectivity throughout the entire product line. This broad scope of protection enables defense of any network section, which includes the most common attack vectors such as remote sites, LAN-connected internal users, and off-site access VPNs.
The scalable design of the ASA 5500 family permits you to add features via security service modules (SSMs) and cards. These user-installable options give you the ability to add IPS and content protection services like filtering virus, spyware, and phishing assaults and performing file and URL filtering. In addition to enabling your IT staff to react quickly to new risk environments, the extensible design of the Cisco ASA 5500 Series also protects your capital investment by increasing the life of your firewalls. The ASA 5500 family also leverages your investment in IT team training by utilizing the familiar library of PIX management tools and protocols including the Cisco Adaptive Security Device Manager (ASDM) system, secure command-line interface access, syslog, and SNMP.
Cisco Adaptive Security Appliances 5500 Series firewalls deliver a high-level of application protection via smart, application-aware inspection processes that analyze traffic at Layers 4-7. This results in a safer network including Web, voice, and 3G-mobile wireless services. To defend networks against application-layer attacks and to provide better control over the programs and protocols used in their environments, these inspection engines incorporate broad application and protocol knowledge and employ security enforcement solutions such as protocol anomaly sensing and state tracking. Also incorporated are assault sensing and remediation techniques including application and protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver control over instant messaging and tunneling applications, enabling organizations to police usage policies and free up network bandwidth for critical business applications.
For more details about Progent's consulting services for ASA 5500 security appliances, go to ASA 5500 series firewalls configuration and debugging services.
PIX Firewall Appliances
Built upon a tested, purpose-built operating system that offers a wealth of protection services, PIX firewall appliances offer a high level of security and have been awarded EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. PIX firewall appliances provide protection for a broad array of VoIP and additional multimedia conventions including H.323 v. 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol, enabling organizations to protect deployments of a broad array of contemporary and upcoming IP voice and multimedia applications.
Cisco PIX firewalls feature a variety of setup, monitoring, and troubleshooting features, giving IT managers the versatility to utilize the methods that most closely match their requirements. Management options include centralized, policy-based management utilities, integrated web-based administration, and compatibility with remote-tracking protocols like Simple Network Management Protocol and syslog. The integrated ASDM interface provides a world-class Web-accessible management platform that greatly streamlines the deployment, ongoing configuration, and monitoring of a specific Cisco PIX firewall without requiring any extra software other than an ordinary browser and Java plug-in to be installed on a manager's computer.
IT managers can furthermore remotely set up, monitor, and troubleshoot PIX firewall appliances via a command-line interface (CLI). Safe command-line interface access is available through a number of techniques including SSHv2 Protocol, Telnet over IP Security, and out-of-band via a console port. PIX firewalls also have dependable auto-update capabilities, a collection of advanced protected remote-administration options that ensure security settings and software images are always current.
For additional details about Progent's support services for Cisco PIX firewalls, see Cisco PIX 500 firewalls integration and debugging consulting.
Progent's Migration Consulting Support for Cisco Firewalls
Because Cisco has ceased offering the PIX and ASA 5500 product lines, many businesses are concerned about relying on a key infrastructure mechanism that might no longer be supported by Cisco. Cisco ASA 5500-X and Firepower Series firewalls offer the benefit of being new products and also offer several technical and financial advantages in comparison to PIX firewalls. These benefits include substantially higher throughput, optional Secure Sockets Layer VPN support, and a modular architecture that guards your investment by allowing you to add more security services when and if you require them. Progent's Cisco network engineers can help you to determine the strategic case for migrating from PIX 500 or ASA 5500 security appliances, create a migration process that allows for a fast and seamless upgrade, assist your IT staff to configure new ASA 5500-x Series or Firepower NGFW Series firewalls, and offer online, consulting, and technical support services.
Additional Ways Progent Can Assist You with Cisco Firewalls
Cisco's Firepower NGFW Series, ASA 5500 Series, and PIX firewalls provide an array of setup, tracking, and analysis options which offer you the flexibility to configure these firewalls to align optimally with your company's requirements. Progent's CCIE authorized network consultants can show you how to build an efficient network infrastructure that includes Cisco security appliances and that offers advanced security, fault tolerance, performance, and recoverability. Progent's CISA and CISSP-ISSP-certified information security engineers can assist you to develop a security policy that makes sense for your situation and can set up your firewall to support your security strategy. Progent's risk assessment professionals can assess the strength of your existing firewall deployment and audit the security of your whole IT network. Progent’s Technical Response Center (TRC) can deliver emergency remote technical support for Cisco technology and can give you fast access to a Cisco network engineer.
To find out additional information concerning Progent's consulting expertise for Cisco technology, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to contact Progent about technical help for Cisco technology, call 1-800-993-9400 or see Contact Progent.