Cisco is a perennial leader in delivering state-of-the-art firewall appliances for the widest possible range of environments. Cisco's Firepower Next Generation Firewalls represent an advanced firewall solution that combines dedicated hardware, cloud services, and machine learning to block, identify, and respond to threats automatically. Progent's Cisco-certified CCIE firewall consultants can assist your organization to design and carry out an efficient upgrade to Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and show you how to integrate Firepower firewalls with Cisco's security services to build and centrally manage network environments that include local offices, data centers, and cloud resources. Progent's firewall consultants can also help you to maintain and troubleshoot older-generation Cisco firewalls. Progent's certified network security experts can assist you with policy creation and tuning driven by leading best practices in order to build a consistent security profile across all your endpoints at any location.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a major performance improvement compared to Cisco's popular ASA 5500-X security appliances and offer centralized management and automation of modern cybersecurity features like application visibility and control (AVC), next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), DDoS mitigation, and multi-node sandboxing. For details about Cisco's Firepower portfolio of NGFWs Firewalls, visit Firepower Series firewalls consulting services.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances provide combined firewall, VPN, and IPS services in compact single-box packages, delivering a broad array of features to match the security and compliance requirements of organizations from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls enable IT security staffs to protect their network edge and provide safe offsite and mobile connectivity while utilizing advanced management mechanisms based on Cisco's industry-leading firewall technology.
Ciscoís ASA 5500 Series and PIX firewalls have reached end-of-life status but are still widely deployed in small and mid-size organizations as well as in some larger data centers. The ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have supplanted the ASA 5500 and PIX families of firewalls for new installations. However, Cisco's older model firewalls, if properly maintained, continue to deliver a high degree of security by providing a variety of services including firewall, IPsec VPN, and IPS.
Since Cisco's acquisition of Sourcefire, the whole line of Cisco ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort product, which is the market's most deployed network intrusion protection system. Firepower services bring powerful new features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco CCIE-premier network consultants can assist your organization to support and debug older ASA 5500 Series and PIX firewall appliances and can also assist you to design and carry out a smooth migration to Ciscoís ASA 5500-X Series firewalls with Firepower. Progent can also assist you to design, integrate, tune, manage and troubleshoot new firewall solutions based on Cisco's current ASA 5500-X firewalls with Firepower. Progent's firewall consultants can also help your organization to upgrade from your Cisco ASA 5500-X Series deployment to Cisco's Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X firewalls includes an improved substitute for each rack-mountable unit in the previous ASA 5500 series of firewalls. Each ASA 5500-X model is suited for the identical environment as the associated earlier models, which offers most plenty of choice for selecting a firewall that aligns with their security needs and budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful protection services. All devices in Cisco's ASA 5500-X family deliver dependable protection across any mix of physical, virtual, and cloud environments.
For more information about ASA 5500-X firewalls, Firepower services, and Progent's support for Cisco ASA security appliances, go to Cisco Firepower integration and debugging expertise
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with either software or physical modules that enable Cisco's Firepower Services, which provide layered protection against sophisticated attacks. Firepower Services are powered by technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X security appliances include:
- Multi-layer defense against familiar and zero-day attacks
- Cisco's Advanced Malware Protection that uses big data to find and mitigate intrusions
- A Next-Generation Intrusion Prevention System that performs contextual analysis that looks at clients, network infrastructure, apps, and content to detect threats that use simultaneous vectors
- High-resolution Application Visibility and Control that is aware of thousands of applications and can automatically activate standard and custom IPS policies depending on the severity of risk
Firepower Services for ASA 5500-X firewalls provide multi-layered threat protection
Simpler implementations of Cisco ASA firewalls can be effectively managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility provided with all ASA 5500-X models. ASDM includes a convenient web dashboard for deploying, managing, and debugging ASA 5500-X devices and modules.
For more complex deployments, ASA 5500-X appliances with Firepower Services can be administered using Firepower Management Center, available as one or more physical or virtual devices. Cisco's Firepower Management Center offers unified firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been delivered under several names that include Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center unifies event and policy control for Cisco Firepower firewall appliances
Firepower Management Center provides features unavailable with Cisco's on-box ASDM tool. Extra capabilities include greater context awareness, Cisco's Advanced Malware Protection with mitigation for user devices, a console that offers real-time network infrastructure visualization, automated policy optimization driven by impact assessment of threats, advanced IPS, custom app discovery for Application Visibility and Control, customized health notifications, improved reporting features, and application interfaces for host input and databases. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be managed via the on-device ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Family of Firewalls
Cisco ASA Firewalls leverage engineering behind the PIX 500 Security Appliance, the IPS 4200 Series Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These technologies converge on the Cisco Adaptive Security Appliances 5500 Series Firewall product line to offer a platform that defends against the widest range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver program protection, local containment, and clean VPN connectivity throughout Cisco's product portfolio. This broad scope of protection allows defense of any network segment, which includes the most common threat vectors such as remote locations, LAN-connected inside users, and remote connected VPNs.
The expandable design of the Cisco ASA 5500 Series enables you to add more services via service modules and cards. These user-installable enhancements give you the option of adding Intrusion Protection and content protection functions like filtering virus, spyware, and phishing attacks and executing file and URL filtering. Beside enabling your IT staff to respond rapidly to the latest risk environments, the extensible design of the Cisco ASA 5500 Series also leverages your hardware investment by prolonging the life of your firewalls. The ASA 5500 Series also leverages your investment in administrative team training by utilizing the familiar library of PIX 500 management tools and protocols such as the Cisco ASDM platform, secure command-line interface access, verbose syslog, and SNMP.
Cisco ASA 5500 Series firewalls provide a high-level of application protection via intelligent, application-aware inspection engines that examine traffic at Layers 4-7. The result is a more secure network covering Web, voice, and 3G-mobile wireless services. To protect against application-layer assaults and to provide better policing of the programs and protocols utilized in their networks, these inspection engines integrate broad application and protocol knowledge and employ security enforcement solutions that include protocol anomaly detection and state monitoring. Also included are assault detection and remediation techniques such as application and protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide control over instant messaging and tunneling applications, allowing businesses to enforce usage policies and preserve network bandwidth for critical business processes.
For additional details about Progent's support services for ASA 5500 security appliances, go to Cisco ASA 5500 series firewalls configuration and debugging consulting.
PIX Firewall Appliances
Built around a tested, specialized software platform that delivers rich protection features, PIX security appliances offer excellent protection and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security certification. PIX firewalls provide protection for a broad range of Voice over IP and additional multimedia standards such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol (SCCP), RTSP, and MGCP, helping businesses to protect deployments of a wide array of contemporary and next-generation Voice over IP and video applications.
Cisco PIX firewalls offer a wealth of setup, monitoring, and analysis options, giving IT managers the versatility to use the methods that best meet their requirements. Management options include centralized, policy-based administration utilities, integrated web-based administration, and support for remote-tracking protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a powerful Web-accessible management platform that greatly simplifies the deployment, in-place configuration, and monitoring of a specific Cisco PIX firewall without requiring any additional utility beyond an ordinary browser and Java applet to be running on a manager's computer.
Administrators can also remotely set up, monitor, and analyze PIX firewalls via a CLI interface. Secure command-line interface access is possible through several techniques including Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. PIX firewalls also have dependable automatic-update capabilities, a collection of revolutionary secure remote-management services that ensure security configurations and software images are kept up to date.
For more details about Progent's consulting services for Cisco PIX 500 firewalls, visit Cisco PIX 500 firewalls configuration and debugging services.
Progent's Migration Consulting Services for Cisco Firewalls
Since Cisco has discontinued offering the PIX and ASA 5500 families of firewalls, many companies are uncomfortable with depending on a critical infrastructure component that may no longer be supported by Cisco. Cisco ASA 5500-X and Firepower NGFW Series security appliances have the advantage of being current devices and also bring a number of functions and economic advantages in comparison to PIX 500 firewalls. These advantages include significantly better performance, optional SSL tunneling support, and an expandable architecture that guards your investment by enabling you to self-install new security features whenever you require them. Progent's Cisco certified experts can assist your company to determine the strategic case for upgrading from PIX 500 or Cisco ASA 5500 security appliances, create a migration process that allows for a fast and non-disruptive upgrade, assist you to configure new ASA 5500-x or Firepower Series firewalls, and provide remote training, consulting, and technical support services.
Additional Ways Progent Can Help You with Cisco Firewalls
Cisco Firepower Series, ASA Series, and PIX security appliances incorporate an array of setup, tracking, and analysis features that give you the ability to set up these firewalls to align optimally with your business needs. Progent's CCIE authorized network experts can assist you to configure and support an efficient network infrastructure that incorporates Cisco firewall technology and that provides world-class protection, resilience, performance, and recoverability. Progent's CISA and CISSP-ISSP-certified IS security professionals can help you to develop a security strategy that makes sense for your business and can set up your firewall to enforce your security strategy. Progent's security evaluation experts can assess the strength of your existing firewall solution and validate the security of your entire IT network. Progentís Technical Response Center (TRC) can deliver emergency online technical support for Cisco technology and offer fast access to a Cisco expert.
To see additional information concerning Progent's professional expertise for Cisco solutions, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to contact Progent about technical support for Cisco technology, phone 1-800-993-9400 or see Contact Progent.