Cisco is a perennial leader in delivering state-of-the-art firewall appliances for the widest possible variety of deployments. Cisco's Firepower NGFWs Firewalls represent an advanced firewall solution that combines dedicated hardware, cloud services, and machine learning to block, discover, and respond to threats without manual intervention. Progent's Cisco-certified CCIE firewall experts can assist your organization to plan and execute a smooth migration to Firepower firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and help you integrate Firepower firewalls with Cisco's security services to create and centrally manage IT ecosystems that span local offices, data centers, private clouds and public clouds. Progent can also help you to maintain and troubleshoot older-generation Cisco security appliances. Progent's certified network security experts can help you with policy creation and tuning based on leading best practices so you can build a consistent security posture that applies to all your devices anywhere.
Cisco's Firepower NGFW Firewalls
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a major performance boost compared to Cisco's previous-generation ASA 5500-X firewalls and offer unified control of advanced security capabilities such as application visibility and control, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), DDoS mitigation, and sandboxing. For more information about Cisco's Firepower line of Next Generation Firewalls (NGFWs), see Firepower Series firewalls consulting services.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewalls provide integrated firewall, VPN, and intrusion prevention system services in single-box devices, delivering a wide range of features to meet the security needs of organizations ranging from small and mid-size businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls allow IT security staffs to defend their network perimeter and offer secure offsite and mobile access while utilizing powerful management tools built on Cisco's industry-leading firewall products.
Cisco’s ASA 5500 Series and PIX 500 firewalls have reached end-of-life but are still widely used in smaller organizations as well as in some enterprise data centers. Cisco’s ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have supplanted the ASA 5500 and PIX 500 families of firewalls for new installations. However, Cisco's older model firewalls, if carefully maintained, can deliver a high level of security by supplying multiple services including stateful firewall, VPN, and IPS.
After Cisco's purchase of Sourcefire, the whole line of ASA 5500-X devices can be configured to support Firepower Services, based on Sourcefire's Snort product, which is the market's most popular intrusion protection system. Firepower services bring enhanced capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco CCIE-premier network engineers can assist you to maintain and debug older ASA 5500 Series and PIX firewalls and can also assist you to design and carry out a smooth migration to Cisco’s ASA 5500-X firewalls with Firepower. Progent can also help you to plan, configure, optimize, administer and troubleshoot new firewall solutions based on Cisco's latest ASA 5500-X models with Firepower. Progent's firewall consultants can also assist you to migrate from your Cisco ASA 5500-X Series deployment to Cisco's latest Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X security appliances includes an enhanced replacement for every rack-mountable model in the previous ASA 5500 line of devices. Each ASA 5500-X firewall targets the identical environment as the corresponding earlier models, which offers small and midsize businesses ample room for selecting a solution that meets their security requirements and IT budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and are capable of running Cisco's advanced security services. All models in Cisco's ASA 5500-X family provide consistent security across any combination of physical, virtual, and cloud environments.
For more information about ASA 5500-X security appliances, Cisco Firepower services, and Progent's support for ASA 5500-X firewalls, visit Firepower configuration and troubleshooting consulting
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls work with software or physical modules that enable Cisco's Firepower Services, which offer layered protection against sophisticated threats. Firepower Services are based on technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA firewalls include:
- Multi-layer protection against familiar and zero-day threats
- Advanced Malware Protection that uses big data to discover and mitigate intrusions
- A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at clients, network infrastructure, apps, and content to discover threats that incorporate multiple vectors
- High-resolution Application Visibility and Control that is familiar with thousands of applications and can automatically activate both standard and custom IPS policies based on the severity of threats
Firepower Services for Cisco ASA firewalls provide advanced multi-layered protection
Smaller implementations of Cisco ASA firewalls can be effectively managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility which is provided with all ASA 5500-X versions. ASDM provides a convenient web dashboard for configuring, managing, and debugging ASA 5500-X appliances and service modules.
For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower can be administered using Cisco's Firepower Management Center, implemented as one or several physical units or virtual appliances. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Due to frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names including Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Cisco Firepower Management Center centralizes event and policy control for Firepower firewalls
Cisco's Firepower Management Center provides capabilities beyond those available with Cisco's on-box Adaptive Security Device Manager utility. Extra capabilities include expanded context awareness, Advanced Malware Protection with mitigation for user devices, a dashboard that provides dynamic network infrastructure visualization, automated policy optimization driven by impact evaluation of threats, comprehensive IPS, custom application detectors for Application Visibility and Control (AVC), customized health notifications, enhanced reporting options, and application interfaces for host input and databases. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be handled using either Cisco's ASA 5500-X on-box ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Family of Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) Firewalls leverage technology developed for the Cisco PIX 500 Series firewall, the Cisco IPS 4200 sensor, and Cisco's VPN 3000 family concentrator. These solutions enable the Cisco Adaptive Security Appliances Firewall family to offer a firewall that defends against the broadest range of threats. Cisco ASA 5500 Series Firewalls deliver program security, network containment and control, and safe Virtual Private Network functionality throughout Cisco's product portfolio. This breadth of protection enables the guarding of any network area, which includes the most typical threat conduits such as remote locations, locally-connected internal users, and off-site access VPNs.
The scalable architecture of the ASA 5500 family permits you to add security services by installing security service modules and security service cards. These user-installable options give you the option of adding IPS and content protection services such as blocking virus, spyware, and phishing assaults and executing data and web filtering. Beside enabling you to react rapidly to new threat environments, the expandable design of the ASA 5500 family also protects your hardware investment by increasing the life of your firewalls. The Cisco ASA 5500 Series also leverages your investment in IT staff training by utilizing the rich library of PIX security management utilities and protocols such as the Cisco Adaptive Security Device Manager platform, protected command-line interface (CLI) access, verbose syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances (ASA) firewalls deliver a high-level of application protection via smart, application-aware inspection engines that analyze network flows at Layers 4-7. The result is a more secure network including Web, voice, and mobile wireless access. To defend against application-layer assaults and to offer stronger control over the applications and protocols utilized in their environments, these inspection engines integrate broad application and protocol knowledge and employ security enforcement technologies such as protocol anomaly detection and application and protocol state tracking. Also included are assault sensing and mitigation techniques including application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver management of IM and peer-to-peer file sharing, allowing organizations to police usage policies and free up bandwidth for vital business applications.
For more information about Progent's consulting services for ASA 5500 security appliances, go to Cisco ASA 5500 series firewalls configuration and troubleshooting services.
Built around a tested, purpose-built software platform that delivers rich security services, PIX security appliances offer a high level of security and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security certification. Cisco PIX firewall appliances offer security for a broad array of Voice over IP and other mixed-media conventions such as H.323 v. 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), enabling businesses to safeguard deployments of a wide array of current and upcoming VoIP and mixed-media applications.
PIX security appliances offer a wealth of configuration, tracking, and analysis features, giving businesses the versatility to utilize the methods that best meet their requirements. Management solutions include common, policy-based management utilities, integrated web-based administration, and compatibility with remote-tracking standards such as Simple Network Management Protocol and syslog. The integrated ASDM system provides a powerful Web-based control solution that greatly simplifies the deployment, ongoing configuration, and monitoring of a single Cisco PIX firewall without the need of any additional utility beyond an ordinary browser and Java plug-in to be installed on a manager's PC.
IT managers can furthermore remotely configure, monitor, and troubleshoot PIX security appliances via a command-line interface (CLI). Safe command-line interface access is possible using a number of methods including Secure Shell Protocol, Telnet through IPsec, and out-of-band via a console port. PIX firewalls also have dependable automatic-update capabilities, a set of revolutionary secure remote-management options that ensure firewall settings and software images are always up to date.
For additional details about Progent's support services for Cisco PIX security appliances, visit PIX firewalls integration and troubleshooting services.
Progent's Migration Consulting for Cisco Firewalls
Since Cisco has ceased offering the PIX 500 and ASA 5500 product lines, many businesses are uncomfortable with depending on a critical infrastructure component that might no longer be supported. ASA 5500-X and Firepower NGFW Series firewalls offer the advantage of being current devices and also offer a number of technical and financial benefits in comparison to PIX devices. These advantages include substantially higher throughput, optional SSL VPN support, and a modular architecture that protects your investment by allowing you to self-install new security services whenever you require them. Progent's CCIE-certified network engineers can assist you to assess the business value of for moving from PIX or Cisco ASA 5500 security appliances, design a migration plan that allows for a quick and seamless changeover, assist you to install new ASA 5500-x or Firepower NGFW Series firewalls, and provide online, consulting, and technical support services.
Additional Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco Firepower Series, ASA Series, and PIX family firewalls incorporate a wealth of configuration, tracking, and analysis features that give you the flexibility to deploy these security appliances to match your business needs. Progent's CCIE authorized network consultants can show you how to build an efficient network infrastructure that incorporates Cisco firewall technology and that provides world-class security, fault tolerance, performance, and recoverability. Progent's CISA and CISSP-ISSP-certified information security professionals can assist you to develop a security policy that makes sense for your business and can set up your security appliance to support your security strategy. Progent's security evaluation consultants can assess the effectiveness of your existing firewall deployment and help determine the security of your entire IS environment. Progent’s Help Desk Call Center can deliver urgent online troubleshooting for Cisco products and offer quick access to a Cisco network engineer.
To learn more information about Progent's professional assistance for Cisco products, select a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to ask Progent about technical assistance for Cisco products, call 1-800-993-9400 or see Contact Progent.