Cisco is a long-time leader in developing state-of-the-art firewalls for the broadest possible range of environments. Cisco's Firepower Next Generation Firewalls provide a modern firewall platform that combines sophisticated hardware, cloud services, and machine learning to anticipate, discover, and respond to cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can assist your organization to plan and execute a smooth upgrade to Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and show you how to integrate Firepower firewalls with Cisco's security services to create and centrally manage IT ecosystems that span local offices, data centers, private clouds and public clouds. Progent can also assist you to manage and troubleshoot older-generation Cisco security appliances. Progent's certified network security experts can assist you with policy creation and tuning based on leading best practices in order to build a consistent and effective cybersecurity posture that applies to all your networked devices at any location.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower NGFWs Firewalls provide a major performance boost over Cisco's previous-generation ASA 5500-X security appliances and include centralized management and automation of modern security features such as application visibility, next-generation intrusion protection with risk prioritization, advanced malware protection (AMP), DDoS mitigation, and multi-node sandboxing. For more information about Cisco's Firepower portfolio of Next Generation Firewalls, see Cisco Firepower Series firewalls integration services.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewall appliances provide combined firewall, IPsec VPN, and IPS services in single-box packages, delivering a broad array of features to match the security requirements of companies ranging from small businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X, ASA 5500, and PIX firewalls allow network security teams to protect their network edge and offer safe remote access while utilizing powerful management mechanisms based on Cisco's world-class firewall technology.
Cisco’s ASA 5500 Series and PIX 500 firewalls have arrived at end-of-life (EOL) but are still widely used in smaller organizations as well as in a few larger networks. Cisco’s ASA 5500-X Next-Generation Firewalls deliver substantially more value and have supplanted Cisco's ASA 5500 and PIX families of firewalls for new installations. However, Cisco's older model firewalls, if properly managed, can deliver a high level of security by supplying a variety of features including firewall, VPN tunneling, and IPS.
Since Cisco's purchase of Sourcefire, the whole line of ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort product, which is the world's most popular intrusion protection system (IPS). Firepower services provide powerful new capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-premier infrastructure consultants can help you to maintain and troubleshoot legacy ASA 5500 Series and PIX firewall appliances and can also help you to design and implement a smooth upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also assist you to plan, integrate, tune, administer and debug new firewall ecosystems based on Cisco's current ASA 5500-X firewalls with Firepower Services. Progent can also help your organization to upgrade from your Cisco ASA 5500-X Series solution to Cisco's latest Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X firewalls includes an improved substitute for every rack-mountable unit in the older ASA 5500 series of firewalls. Each ASA 5500-X firewall is suited for the same market as the corresponding earlier models, which offers most ample room for picking a solution that aligns with their security needs and IT budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and support Cisco's powerful protection services. All devices in Cisco's ASA 5500-X family provide consistent security across any mix of physical, virtual, and cloud environments.
For more information about Cisco's ASA 5500-X security appliances, Cisco Firepower services, and Progent's support for ASA firewalls, go to Firepower configuration and debugging expertise
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls work with either software or hardware modules that support Firepower Services, which provide layered defense against sophisticated threats. Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA security appliances include:
- Layered defense against familiar and zero-day attacks
- Advanced Malware Protection (AMP) that uses big data to find and mitigate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at users, network infrastructure, software applications, and content to detect threats that incorporate multiple vectors
- High-resolution Application Visibility and Control that is familiar with thousands of applications and can automatically activate both standard and customized IPS policies depending on the severity of threats
Firepower Services for ASA firewalls provide advanced multi-layered threat protection
Simpler implementations of ASA 5500-X firewalls can be efficiently managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all ASA 5500-X versions. ASDM includes an easy-to-use web dashboard for configuring, administering, and debugging ASA 5500-X firewalls and service modules.
For more complex environments, ASA 5500-X firewalls with Firepower can be managed using Firepower Management Center, available as one or several physical or virtual appliances. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names that include Cisco Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center unifies event and policy management for Firepower firewalls
Cisco's Firepower Management Center provides features beyond those available with Cisco's on-device Adaptive Security Device Manager tool. Additional features include greater context awareness, Cisco's Advanced Malware Protection with mitigation for user devices, a dashboard that provides real-time infrastructure visualization, automated policy optimization driven by impact evaluation of threats, advanced IPS, custom app discovery for Application Visibility and Control, customized health alerts, enhanced reporting features, and application interfaces for host input and database access. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed using the on-device ASDM or the ASA CLI.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on engineering developed for Cisco's PIX 500 Series firewall, Cisco's IPS 4200 Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These solutions converge on the Cisco ASA 5500 Series Firewall product line to deliver a platform that stops the broadest range of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver application security, local containment and control, and safe Virtual Private Network functionality throughout Cisco's product line. This broad scope of security enables defense of any network segment, including the most common threat vectors such as remote locations, LAN-attached inside users, and off-site connected Virtual Private Networks.
The scalable design of the Cisco ASA 5500 Series enables you to add more features via service modules and security service cards (SSCs). These user-installable options provide the ability to add IPS and content protection services like filtering virus, worms, and phishing assaults and executing file and web filtering. Beside allowing you to respond rapidly to the latest risk vectors, the extensible design of the Cisco ASA 5500 family also leverages your hardware investment by increasing the life of your firewalls. The Cisco ASA 5500 family also protects your investment in IT staff training by supporting the rich library of PIX security management utilities and protocols such as the Cisco ASDM system, protected command-line interface (CLI) availability, syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide a high-level of application protection via intelligent, application-sensitive inspection engines that analyze traffic at Layers 4-7. This produces a better protected network including Web, voice, and 3G-mobile wireless connectivity. To defend against application-layer assaults and to provide stronger policing of the programs and protocols utilized in their environments, Cisco's inspection engines incorporate extensive application and protocol knowledgebases and rely on security enforcement technologies that include protocol anomaly detection and state tracking. Also included are attack sensing and remediation techniques such as application/protocol command filters and URL deobfuscation. Cisco ASA firewall inspection engines also provide control over IM and peer-to-peer file sharing, enabling businesses to police usage policies and conserve bandwidth for important business applications.
For more information about Progent's consulting services for ASA 5500 security appliances, see Cisco ASA 5500 series firewalls integration and troubleshooting support.
PIX Firewall Appliances
Built upon a hardened, specialized operating system that offers rich protection services, PIX firewall appliances offer excellent protection and have received EAL 4 status and ICSA Labs Firewall and IPsec certification. Cisco PIX firewalls provide security for a wide array of VoIP and additional multimedia conventions including H.323 v. 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping businesses to protect deployments of a wide range of contemporary and next-generation IP voice and video applications.
Cisco PIX security appliances feature a wealth of configuration, tracking, and troubleshooting options, giving IT managers the versatility to utilize the techniques that best meet their requirements. Management options include common, policy-based administration tools, integrated web-accessible management, and compatibility with remote-tracking standards such as Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a world-class Web-based management platform that greatly streamlines the deployment, in-place modification, and monitoring of a single Cisco PIX security appliance without the need of any additional utility beyond a standard browser and Java applet to be installed on an administrator's PC.
IT managers can also remotely configure, track, and analyze PIX security appliances using a CLI interface. Safe command-line interface (CLI) communication is possible through several methods such as SSHv2 Protocol, Telnet over IP Security, and out-of-band via a console port. PIX firewall appliances also include dependable automatic-update features, a set of advanced protected remote-management options that ensure security configurations and software images are kept current.
For more information about Progent's support services for Cisco PIX security appliances, see Cisco PIX firewalls configuration and troubleshooting support.
Progent's Migration Support Services for Cisco Firewalls
Because Cisco has ceased offering the PIX and ASA 5500 families of firewalls, many businesses are uncomfortable with depending on a critical infrastructure component that may stop being supported by Cisco. Cisco ASA 5500-X and Firepower Series firewalls have the benefit of being current devices and also bring several functions and budgetary benefits in comparison to PIX 500 devices. These benefits include substantially higher performance, optional SSL VPN support, and a modular architecture that guards your investment by enabling you to self-install new security features when and if you require them. Progent's Cisco certified network engineers can help your company to assess the strategic value of for migrating from PIX or Cisco ASA 5500 security appliances, create a migration process that allows for a quick and non-disruptive changeover, help your IT staff to deploy new ASA 5500-x or Firepower NGFW Series firewalls, and provide online, consulting, and troubleshooting services.
Additional Ways Progent Can Assist Your Business with Cisco ASA and PIX Security Appliances
Cisco's Firepower NGFW Series, ASA Series, and PIX firewalls incorporate an array of setup, monitoring, and troubleshooting features that give you the flexibility to set up these security appliances to align optimally with your company's needs. Progent's CCIE certified network professionals can help you to build an efficient infrastructure that incorporates Cisco firewall technology and that offers world-class security, resilience, performance, and recoverability. Progent's GISA and CISSP-ISSP-premier IS security engineers can help your business to create a security strategy appropriate for your environment and can set up your firewall to support your security policies. Progent's security evaluation experts can assess the strength of your existing firewall solution and audit the security of your entire IT environment. Progent’s Technical Response Center can deliver emergency remote technical support for Cisco technology and can give you quick access to a Cisco network engineer.
To find out more details concerning Progent's consulting expertise for Cisco products, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to ask Progent about engineering help for Cisco technology, call 1-800-993-9400 or go to Contact Progent.