Cisco is a long-time front-runner in delivering cutting-edge firewalls for the widest possible range of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) provide a modern firewall platform that marshals dedicated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to anticipate, identify, and respond to cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall consultants can help you to design and execute a smooth migration to Cisco Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and help you integrate Firepower firewalls with Cisco's subscription-based security services to create and centrally control network environments that include branch offices, data centers, private clouds and public clouds. Progent's firewall consultants can also assist you to maintain and troubleshoot older-generation Cisco security appliances. Progent's certified network security consultants can assist you with policy creation and tuning based on leading best practices in order to build a consistent and effective security profile across all your endpoints at any location.
Cisco's Firepower NGFW Firewalls
Cisco's Firepower Next Generation Firewalls provide a significant performance boost compared to Cisco's previous-generation ASA 5500-X security appliances and include unified management and automation of modern security capabilities such as application visibility and control (AVC), next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), distributed denial of service (DDoS) mitigation, and multi-node sandboxing. For details about Cisco's Firepower family of NGFWs Firewalls, visit Firepower Series firewalls integration services.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances provide integrated firewall, VPN, and IPS services in single-box devices, delivering a broad range of features to match the security requirements of companies ranging from small and mid-size businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX firewalls allow IT security staffs to protect their network perimeter and offer secure remote access while using advanced administration mechanisms built on Cisco's industry-leading firewall technology.
Ciscoís ASA 5500 and PIX 500 firewalls have reached end-of-life but remain widely used in smaller organizations as well as in a few enterprise data centers. The ASA 5500-X Series Next-Generation Firewalls deliver substantially more value and have supplanted Cisco's ASA 5500 and PIX lines of firewalls for new deployments. However, Cisco's older model firewalls, if carefully maintained, can offer a high degree of security by providing multiple services such as firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's acquisition of Sourcefire, the whole line of ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort technology, which is the world's most deployed intrusion protection system (IPS). Firepower services bring enhanced capabilities including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco CCIE-certified network engineers can help your organization to support and debug legacy ASA 5500 and PIX firewall appliances and can also help you to design and implement a smooth upgrade to Ciscoís ASA 5500-X firewalls with Firepower Services. Progent can also assist you to plan, configure, optimize, manage and troubleshoot new firewall solutions built on Cisco's current ASA 5500-X models with Firepower. Progent's firewall consultants can also help you to migrate from your Cisco ASA 5500-X Series solution to Cisco's Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X firewalls features an improved substitute for every rack-mountable model in the older ASA 5500 line of firewalls. Each ASA 5500-X model is suited for the same market as the associated previous models, which gives most ample room for selecting a solution that aligns with their security requirements and IT budgets. All ASA 5500-X products build on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and support Cisco's powerful security services. All devices in Cisco's ASA 5500-X product line deliver consistent protection across any mix of physical, virtual, and cloud deployments.
For additional details about ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for ASA security appliances, visit Cisco Firepower configuration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls accept software or physical modules that enable Cisco's Firepower Services, which offer layered protection against advanced threats. Firepower Services are powered by technology adopted by Cisco from Sourcefire. Major features of Firepower Services for ASA firewalls include:
- Multi-layer protection against familiar and zero-day attacks
- Advanced Malware Protection that uses big data techniques to find and remediate security breaches
- A Next-Generation Intrusion Prevention System that provides contextual analysis that looks at clients, network infrastructure, software applications, and content to detect threats that use simultaneous approaches
- High-resolution Application Visibility and Control that is aware of thousands of apps and can automatically launch standard and custom IPS policies based on the degree of threats
Firepower Services for ASA 5500-X firewalls offer multi-layered security
Smaller deployments of ASA firewalls can be effectively administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all ASA 5500-X models. ASDM provides a simple web console for deploying, managing, and debugging ASA 5500-X devices and service modules.
For multi-device and multi-site environments, ASA 5500-X appliances with Firepower Services can be managed using Firepower Management Center, available as one or several physical or virtual appliances. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Advanced Malware Protection. Due to frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center unifies event and policy management for Cisco Firepower firewalls
Firepower Management Center offers capabilities unavailable with Cisco's on-device Adaptive Security Device Manager utility. Additional capabilities include expanded context awareness, Advanced Malware Protection with remediation for user devices, a console that offers real-time network visualization, automated policy optimization based on risk evaluation of attacks, comprehensive IPS, custom app discovery for Application Visibility and Control, customized health notifications, enhanced reporting features, and APIs for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed via Cisco's ASA 5500-X on-box ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls build on engineering behind the Cisco PIX 500 family Security Appliance, the Cisco IPS 4200 family sensor, and the Cisco VPN 3000 Series concentrator. These solutions converge on the Cisco Adaptive Security Appliances Firewall product line to offer a firewall that stops the widest range of attacks. Cisco ASA 5500 Series Firewalls deliver program protection, local containment and control, and clean Virtual Private Network connectivity across Cisco's product portfolio. This broad scope of protection allows the guarding of any network area, including the most common attack conduits such as remote locations, locally-connected internal users, and remote access Virtual Private Networks.
The expandable architecture of the Cisco ASA 5500 family allows you to add features via security service modules and security service cards. These user-installable options provide the ability to add IPS and content protection functions such as blocking virus, worms, and phishing attacks and performing data and URL screening. In addition to enabling your IT staff to react quickly to new threat vectors, the extensible design of the Cisco ASA 5500 Series also leverages your hardware investment by prolonging the useful life of your security appliances. The ASA 5500 Series also protects your investment in administrative team training by utilizing the familiar library of PIX 500 security management tools and protocols including the Cisco Adaptive Security Device Manager system, protected command-line interface (CLI) availability, verbose syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances 5500 Series firewalls provide a high-level of application security through intelligent, application-aware inspection engines that analyze traffic at Layers 4-7. This results in a more secure network covering Web, voice, and 3G-mobile wireless access. To defend against application-layer attacks and to provide stronger policing of the programs and protocols used in their environments, Cisco's inspection engines integrate extensive application and protocol knowledgebases and rely on security enforcement solutions such as protocol anomaly detection and state tracking. Also incorporated are attack detection and mitigation technology such as application and protocol command filters and URL deobfuscation. Cisco ASA firewall inspection engines also deliver control over IM and peer-to-peer file sharing, enabling organizations to police usage policies and preserve bandwidth for crucial business applications.
For additional information about Progent's support services for ASA 5500 firewalls, visit Cisco ASA 5500 series firewalls configuration and debugging consulting.
Based around a tested, specialized OS that offers rich protection services, Cisco PIX firewall appliances provide a high level of security and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security certification. Cisco PIX security appliances offer security for a wide array of VoIP and additional multimedia standards including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping organizations to protect installations of a wide range of current and upcoming VoIP and multimedia applications.
Cisco PIX security appliances feature a wealth of setup, tracking, and troubleshooting features, giving businesses the versatility to use the methods that best meet their requirements. Administrative solutions include common, policy-based management utilities, integrated web-accessible administration, and compatibility with remote-monitoring standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a world-class Web-accessible control platform that significantly streamlines the deployment, in-place configuration, and tracking of a specific PIX firewall without requiring any additional utility other than an ordinary browser and Java applet to be running on an administrator's computer.
IT managers can furthermore remotely set up, monitor, and troubleshoot PIX firewall appliances via a command-line interface. Safe command-line interface communication is possible through several methods including Secure Shell (SSHv2) Protocol, Telnet over IPsec, and out-of-band through a console port. Cisco PIX firewall appliances also have dependable auto-update features, a collection of revolutionary secure remote-administration services that make sure that security configurations and software images are always current.
For more information about Progent's support services for Cisco PIX security appliances, visit PIX firewalls integration and troubleshooting services.
Progent's Migration Consulting Support for Cisco Firewalls
Since Cisco has discontinued selling the PIX and ASA 5500 product lines, many businesses are concerned about depending on a critical security mechanism that may stop being supported. ASA 5500-X and Firepower NGFW Series security appliances have the benefit of being new devices and also offer a number of technical and economic advantages in comparison to PIX 500 firewalls. These advantages include significantly higher performance, optional SSL tunneling capability, and an expandable architecture that protects your investment by allowing you to self-install more security features whenever you require them. Progent's Cisco certified network engineers can help your company to assess the strategic value of for moving from PIX or Cisco ASA 5500 firewalls, create a migration process that permits a quick and seamless changeover, help your IT staff to configure new ASA 5500-x Series or Firepower Series appliances, and provide remote training, consulting, and technical support services.
Additional Ways Progent Can Help Your Business with Cisco ASA and PIX Security Appliances
Cisco Firepower NGFW Series, ASA Series, and PIX firewalls provide an array of configuration, tracking, and analysis features which give you the ability to deploy these firewalls to align optimally with your company's needs. Progent's CCIE certified network consultants can show you how to configure and support an efficient infrastructure that incorporates Cisco firewall technology and that offers world-class security, resilience, throughput, and manageability. Progent's GISA and CISM-premier information security engineers can help you to develop a security strategy appropriate for your environment and can configure your firewall to enforce your security policies. Progent's risk evaluation engineers can assess the strength of your existing firewall solution and audit the security of your entire IT environment. Progentís Help Desk Call Center can deliver urgent remote troubleshooting for Cisco products and can give you fast access to a Cisco network engineer.
For additional information about Progent's engineering assistance for Cisco networking products, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to ask Progent about professional support for Cisco networking, call 1-800-993-9400 or refer to Contact Progent.