Cisco is a long-time leader in delivering cutting-edge firewalls for the widest possible range of environments. Cisco's Firepower Next Generation Firewalls provide a modern cybersecurity solution that combines sophisticated hardware, cloud-based services, and machine learning to block, discover, and respond to cyber attacks automatically. Progent's Cisco-certified CCIE firewall consultants can assist you to plan and carry out an efficient migration to Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and show you how to enhance Firepower firewalls with Cisco's cloud-based services to create and centrally control network ecosystems that include branch offices, data centers, and cloud resources. Progent can also assist you to manage and debug older-generation Cisco security appliances. Progent's certified network security consultants can assist you with policy creation and tuning driven by leading best practices in order to establish a consistent and effective security profile that applies to all your networked endpoints at any location.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a significant performance boost compared to Cisco's popular ASA 5500-X security appliances and offer centralized management and automation of advanced security features such as application visibility, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection (AMP), distributed denial of service (DDoS) mitigation, and sandboxing. For details about Cisco's Firepower family of Next Generation Firewalls, refer to Firepower Series firewalls consulting experts.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500, and PIX 500 firewalls provide combined firewall, IPsec VPN, and intrusion prevention system (IPS) services in single-box devices, delivering a broad range of features to meet the security requirements of organizations from small and mid-size businesses to enterprises and ISPs. Ciscoís ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances enable network security staffs to protect their network edge and provide secure remote connectivity while utilizing advanced administration mechanisms built on Cisco's world-class firewall products.
Ciscoís ASA 5500 Series and PIX 500 firewall appliances have arrived at end-of-life (EOL) status but remain commonly deployed in small and mid-size businesses as well as in some enterprise data centers. Ciscoís ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have supplanted Cisco's ASA 5500 and PIX families of firewalls for new installations. Still, Cisco's legacy firewalls, if carefully maintained, can deliver a high level of protection by providing multiple features such as stateful firewall, IPsec VPN, and IPS.
Since Cisco's acquisition of Sourcefire, the whole family of ASA 5500-X firewalls can be provisioned to enable Firepower Services, built on Sourcefire's Snort technology, which is the world's most deployed network intrusion protection system. Firepower services bring powerful new features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco CCIE-premier infrastructure consultants can help you to support and troubleshoot older ASA 5500 Series and PIX firewalls and can also assist you to plan and carry out a smooth migration to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also help you to plan, configure, optimize, manage and debug new firewall ecosystems based on Cisco's current ASA 5500-X firewalls with Firepower. Progent's firewall consultants can also assist you to upgrade from your Cisco ASA 5500-X deployment to Cisco's Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X firewalls includes an enhanced replacement for each rack-mountable model in the previous ASA 5500 line of devices. Each ASA 5500-X model is suited for the same environment as the associated previous models, which offers most plenty of room for selecting a solution that aligns with their security requirements and budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore processors and support Cisco's powerful security services. All devices in Cisco's ASA 5500-X family deliver consistent protection across any combination of physical, virtual, and cloud environments.
For more information about ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for ASA 5500-X firewalls, see Cisco Firepower integration and troubleshooting consulting
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls work with either software or physical modules that enable Firepower Services, which provide layered protection against multi-vector threats. Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X security appliances include:
- Layered protection against both familiar and new attacks
- Cisco's Advanced Malware Protection that uses big data techniques to discover and mitigate intrusions
- A Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at clients, infrastructure, software applications, and content to detect attacks that incorporate simultaneous approaches
- High-resolution Application Visibility and Control (AVC that is familiar with thousands of apps and can automatically launch both standard and customized IPS policies depending on the degree of risk
Firepower Services for Cisco ASA firewalls provide advanced multi-layered security
Simpler implementations of ASA 5500-X firewalls can be effectively administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all ASA 5500-X models. ASDM provides a simple web console for configuring, managing, and troubleshooting ASA 5500-X devices and modules.
For more complex environments, ASA 5500-X appliances with Firepower can be managed using Cisco's Firepower Management Center, implemented as one or several physical or virtual devices. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under several names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center unifies event and policy control for Cisco Firepower firewall appliances
Cisco's Firepower Management Center offers features beyond those available with Cisco's on-box ASDM utility. Additional capabilities include expanded context awareness, Advanced Malware Protection (AMP) with remediation for client devices, a dashboard that offers real-time infrastructure visualization, automated policy tuning based on impact evaluation of attacks, comprehensive IPS, custom application discovery for Application Visibility and Control, customized health alerts, improved reporting features, and APIs for host input and database access. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be handled via the on-box ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances Firewalls leverage technology developed for the PIX 500 Series Security Appliance, the IPS 4200 Series sensor, and Cisco's VPN 3000 Series concentrator. These technologies converge on the Cisco Adaptive Security Appliances Firewall product line to deliver a firewall that defends against the widest range of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls provide application protection, local containment, and safe Virtual Private Network connectivity across Cisco's product line. This breadth of security allows defense of any network segment, which includes the most common attack conduits such as remote sites, locally-connected inside users, and remote connected Virtual Private Networks.
The expandable architecture of the Cisco ASA 5500 family enables you to add features via security service modules (SSMs) and cards. These user-installable options give you the option of adding IPS and content protection functions like filtering virus, worms, and phishing assaults and executing data and web filtering. In addition to enabling your IT staff to react quickly to new threat environments, the expandable design of the Cisco ASA 5500 Series also leverages your capital investment by increasing the useful life of your firewalls. The ASA 5500 Series also leverages your investment in administrative staff training by supporting the rich set of PIX security management utilities and protocols including the Cisco Adaptive Security Device Manager system, protected command-line interface (CLI) access, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco ASA 5500 Series firewalls provide a high-level of application protection through smart, application-aware inspection engines that analyze traffic at Layers 4-7. This results in a more secure environment covering Web, voice, and 3G-mobile wireless services. To protect networks against application-layer attacks and to offer better policing of the applications and protocols utilized in their environments, these inspection engines incorporate broad application and protocol knowledgebases and rely on security enforcement technologies such as protocol anomaly detection and application and protocol state monitoring. Also included are assault sensing and mitigation techniques such as application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver management of IM and tunneling applications, allowing businesses to enforce usage policies and free up network bandwidth for critical business applications.
For additional details about Progent's consulting services for ASA 5500 firewalls, visit ASA 5500 firewalls integration and debugging consulting.
Cisco PIX Firewalls
Based around a hardened, specialized operating system that delivers rich protection services, Cisco PIX security appliances offer a high level of protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. Cisco PIX firewall appliances provide security for a wide range of Voice over IP and additional mixed-media standards such as H.323 v. 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and MGCP, helping businesses to protect installations of a wide range of current and upcoming VoIP and mixed-media applications.
PIX security appliances offer a variety of setup, monitoring, and troubleshooting options, providing businesses the versatility to use the methods that most closely meet their needs. Management options include common, policy-based administration utilities, integrated web-accessible management, and compatibility with remote-tracking standards like Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a world-class Web-based management platform that significantly simplifies the deployment, in-place modification, and tracking of a specific Cisco PIX firewall without the need of any additional software beyond an ordinary Web browser and Java plug-in to be running on a manager's PC.
IT managers can furthermore remotely set up, monitor, and analyze PIX firewall appliances using a CLI interface. Secure command-line interface access is available using several methods including Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. PIX firewall appliances also include dependable automatic-update features, a set of advanced protected remote-administration services that ensure firewall configurations and software images are kept up to date.
For additional information about Progent's consulting services for PIX 500 security appliances, see Cisco PIX firewalls configuration and troubleshooting support.
Progent's Migration Consulting Services for Cisco Firewalls
Since Cisco has discontinued offering the PIX 500 and ASA 5500 families of firewalls, many companies are concerned about depending on a critical infrastructure mechanism that may no longer be supported by Cisco. Cisco ASA 5500-X and Firepower Series firewalls have the benefit of being current products and also bring a number of technical and economic benefits in comparison to PIX 500 devices. These advantages include substantially higher performance, optional Secure Sockets Layer VPN capability, and an expandable design that protects your investment by allowing you to add new security services whenever you require them. Progent's Cisco experts can help your company to determine the strategic case for upgrading from PIX 500 or ASA 5500 firewalls, create a migration plan that permits a fast and non-disruptive upgrade, help your IT staff to deploy new ASA 5500-x or Firepower Series appliances, and provide remote training, consulting, and troubleshooting services.
Additional Ways Progent Can Assist You with Cisco Firewalls
Cisco Firepower Series, ASA 5500 Series, and PIX security appliances incorporate an array of configuration, monitoring, and troubleshooting options which offer you the flexibility to deploy these firewalls to align optimally with your business requirements. Progent's CCIE authorized network experts can show you how to design a cost-effective infrastructure that incorporates Cisco security appliances and that provides world-class security, resilience, performance, and recoverability. Progent's GISA and CISSP-ISSP-certified information security consultants can assist your business to develop a security strategy that makes sense for your situation and can configure your firewall to enforce your security policies. Progent's risk assessment professionals can assess the effectiveness of your current firewall deployment and help determine the security of your entire IS environment. Progentís Help Desk Call Center can deliver urgent remote technical support for Cisco technology and can give you quick access to a Cisco network engineer.
To learn more information about Progent's professional support for Cisco networking products, choose a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To contact Progent about consulting expertise for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.