Cisco is a long-time leader in delivering state-of-the-art firewalls for the widest possible variety of deployments. Cisco's Firepower Next Generation Firewalls provide a modern cybersecurity solution that marshals sophisticated hardware, cloud services, and machine learning to anticipate, identify, and mitigate threats without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can help your organization to design and execute an efficient migration to Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and show you how to integrate Firepower firewalls with Cisco's subscription-based security services to create and centrally control network environments that span local offices, data centers, private clouds and public clouds. Progent can also help you to manage and troubleshoot older-generation Cisco security appliances. Progent's certified cybersecurity consultants can assist you with policy creation and tuning driven by industry best practices in order to establish a consistent security posture that applies to all your networked devices at any location.
Cisco's Firepower NGFW Firewalls
Cisco's Firepower Next Generation Firewalls provide a significant performance improvement compared to Cisco's popular ASA 5500-X security appliances and include centralized management and automation of advanced security capabilities like application visibility, next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection (AMP), distributed denial of service (DDoS) mitigation, and sandboxing. For more information about Cisco's Firepower family of NGFWs Firewalls, see Cisco Firepower Series firewalls integration experts.
Cisco's ASA 5500-X Series and Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500, and PIX firewalls offer integrated firewall, IPsec VPN, and intrusion prevention system (IPS) capabilities in single-box devices, delivering a wide array of features to match the security requirements of companies from small and mid-size businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X, ASA 5500, and PIX firewall appliances enable network security staffs to defend their network perimeter and provide safe offsite and mobile connectivity while using powerful administration mechanisms based on Cisco's industry-leading firewall technology.
Ciscoís ASA 5500 Series and PIX firewalls have arrived at end-of-life but are still widely deployed in small and mid-size businesses and in a few enterprise networks. Ciscoís ASA 5500-X Series Next-Generation Firewalls represent significantly more bang for the buck and have supplanted the ASA 5500 and PIX families of firewalls for new deployments. Still, Cisco's older model firewall appliances, if carefully managed, can offer a high level of protection by providing a variety of security functions such as firewall, VPN tunneling, and IPS.
Since Cisco's acquisition of Sourcefire, the whole family of ASA 5500-X devices can be configured to support Firepower Services, based on Sourcefire's Snort product, which is the world's most popular intrusion protection system (IPS). Firepower services provide enhanced capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-certified infrastructure consultants can assist your organization to support and troubleshoot older ASA 5500 and PIX firewall appliances and can also help you to design and carry out an efficient upgrade to Ciscoís ASA 5500-X firewalls with Firepower. Progent can also assist you to plan, deploy, optimize, administer and troubleshoot new firewall ecosystems built on Cisco's latest ASA 5500-X models with Firepower. Progent can also help your organization to upgrade from your Cisco ASA 5500-X Series solution to Cisco's latest Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive family of ASA 5500-X firewalls features an enhanced substitute for each rack-mountable unit in the older ASA 5500 series of devices. Each ASA 5500-X model is suited for the identical environment as the associated earlier models, which offers most ample choice for selecting a firewall that meets their security needs and IT budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and support Cisco's powerful protection services. All models in Cisco's ASA 5500-X family deliver dependable protection across any mix of physical, virtual, and cloud environments.
For additional information about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's support for Cisco ASA firewalls, go to Firepower configuration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls work with software or hardware modules that support Cisco's Firepower Services, which provide layered defense against multi-vector threats. Cisco's Firepower Services are based on technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X firewalls include:
- Layered defense against both familiar and zero-day threats
- Advanced Malware Protection that utilizes big data techniques to find and remediate security breaches
- A Next-Generation Intrusion Prevention System that performs contextual analysis that looks at clients, network infrastructure, software applications, and content to detect attacks that use multiple approaches
- Fine-grained Application Visibility and Control that is aware of thousands of applications and can automatically activate standard and custom IPS policies depending on the severity of risk
Firepower Services for Cisco ASA 5500-X firewalls provide multi-layered protection
Smaller implementations of Cisco ASA firewalls can be efficiently administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility included with all ASA 5500-X versions. ASDM provides an easy-to-use web console for deploying, administering, and troubleshooting ASA 5500-X devices and service modules.
For more complex environments, ASA 5500-X appliances with Firepower Services can be administered with Firepower Management Center, available as one or several physical units or virtual appliances. Firepower Management Center offers centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names that include Cisco Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Firepower Management Center centralizes event and policy management for Firepower firewall appliances
Firepower Management Center provides features beyond those available with Cisco's on-device Adaptive Security Device Manager utility. Additional features include expanded context awareness, Advanced Malware Protection (AMP) with mitigation for user devices, a dashboard that offers dynamic infrastructure visualization, automated policy optimization driven by impact assessment of threats, comprehensive IPS, custom application discovery for Application Visibility and Control (AVC), customized health notifications, enhanced reporting options, and application interfaces for host input and database access. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's ASA 5500-X on-box ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls leverage engineering behind the PIX 500 family firewall, the Cisco IPS 4200 Series Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) Firewall product line to deliver a platform that defends against the broadest variety of attacks. Cisco Adaptive Security Appliances Firewalls deliver program security, local containment and control, and clean Virtual Private Network functionality throughout the entire product portfolio. This broad scope of security enables the guarding of any network section, which includes the most common threat conduits such as remote sites, locally-attached inside users, and off-site connected VPNs.
The scalable architecture of the Cisco ASA 5500 Series allows you to add features by installing security service modules (SSMs) and security service cards (SSCs). These easy-to-install enhancements give you the option of adding Intrusion Protection and content protection services like filtering virus, worms, and phishing attacks and executing data and URL filtering. In addition to allowing you to react quickly to new risk environments, the extensible architecture of the ASA 5500 family also leverages your capital investment by increasing the useful life of your security appliances. The ASA 5500 family also leverages your investment in IT staff training by supporting the rich set of PIX 500 security management tools and protocols such as the Cisco Adaptive Security Device Manager (ASDM) platform, protected command-line interface (CLI) availability, syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances (ASA) firewalls deliver robust application security via smart, application-sensitive inspection engines that examine network flows at Layers 4-7. This produces a more secure environment including Web, voice, and 3G-mobile wireless connectivity. To protect networks against application-layer assaults and to provide better control over the applications and protocols utilized in their networks, these inspection engines incorporate extensive application and protocol knowledge and rely on security enforcement solutions such as protocol anomaly detection and application and protocol state monitoring. Also included are assault detection and remediation technology including application/protocol command filters and content verification. Cisco ASA firewall inspection engines also provide control over instant messaging and tunneling applications, allowing organizations to police usage policies and preserve bandwidth for vital business applications.
For more details about Progent's support services for Cisco's ASA 5500 security appliances, see Cisco ASA 5500 firewalls integration and debugging support.
Cisco PIX Firewalls
Based around a tested, specialized software platform that delivers a wealth of security services, Cisco PIX firewall appliances offer a high level of security and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security qualification. PIX firewall appliances provide protection for a wide range of VoIP and additional mixed-media standards such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and MGCP, enabling businesses to safeguard deployments of a wide range of contemporary and upcoming IP voice and multimedia applications.
PIX firewalls feature a wealth of setup, monitoring, and analysis options, providing IT managers the flexibility to use the methods that most closely match their requirements. Management options include common, policy-based administration tools, integrated web-accessible management, and compatibility with remote-tracking standards like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a powerful Web-accessible control platform that greatly streamlines the deployment, in-place modification, and tracking of a specific Cisco PIX firewall appliance without the need of any additional utility beyond a standard Web browser and Java plug-in to be running on an administrator's computer.
Administrators can also remotely configure, monitor, and troubleshoot PIX firewall appliances using a command-line interface. Safe command-line interface communication is available through a number of methods including SSHv2 Protocol, Telnet over IPsec, and out-of-band through a console port. PIX firewall appliances also have robust automatic-update capabilities, a collection of revolutionary secure remote-administration options that ensure firewall settings and software images are kept current.
For more information about Progent's consulting services for Cisco PIX security appliances, see PIX 500 firewalls integration and debugging services.
Progent's Migration Consulting for Cisco Firewalls
Because Cisco has stopped selling the PIX 500 and ASA 5500 product lines, many businesses are concerned about depending on a critical infrastructure mechanism that may stop being supported by Cisco. ASA 5500-X and Firepower Series firewalls have the benefit of being new devices and also offer a number of functions and economic benefits in comparison to PIX devices. These advantages include significantly better throughput, optional Secure Sockets Layer VPN capability, and a modular architecture that guards your investment by enabling you to self-install more security services when and if you require them. Progent's Cisco experts can help your company to determine the business value of for upgrading from PIX 500 or Cisco ASA 5500 security appliances, design a migration process that allows for a quick and seamless upgrade, assist your IT staff to set up new ASA 5500-x or Firepower NGFW Series appliances, and provide online, consulting, and troubleshooting services.
Additional Ways Progent Can Assist You with Cisco ASA and PIX Security Appliances
Cisco Firepower NGFW Series, ASA 5500 Series, and PIX family security appliances provide an array of setup, monitoring, and troubleshooting features that offer you the flexibility to set up these firewalls to match your business needs. Progent's CCIE authorized network professionals can assist you to configure and support an efficient infrastructure that includes Cisco security appliances and that provides world-class protection, resilience, performance, and manageability. Progent's GISA and CISM-certified information security consultants can help you to create a security strategy appropriate for your situation and can configure your firewall to support your security strategy. Progent's security evaluation engineers can assess the strength of your existing firewall solution and validate the overall security of your whole IT network. Progentís Help Desk Call Center can provide emergency remote troubleshooting for Cisco technology and can give you quick access to a Cisco network engineer.
To find out more information concerning Progent's engineering help for Cisco technology, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To contact Progent about engineering expertise for Cisco networking, phone 1-800-993-9400 or see Contact Progent.