Cisco is a long-time leader in delivering cutting-edge firewalls for the broadest possible range of deployments. Cisco's Firepower Next Generation Firewalls (NGFWs) represent a modern firewall platform that marshals sophisticated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to anticipate, discover, and mitigate threats automatically. Progent's Cisco-certified CCIE firewall experts can help you to plan and carry out a smooth upgrade to Cisco Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you integrate Firepower appliances with Cisco's subscription-based security services to build and centrally manage network ecosystems that span branch offices, data centers, and cloud resources. Progent can also help you to maintain and troubleshoot legacy Cisco security appliances. Progent's certified network security experts can assist you with policy creation based on leading best practices in order to establish a consistent and effective security profile across all your networked endpoints at any location.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a major performance boost compared to Cisco's previous-generation ASA 5500-X security appliances and include unified control of advanced security capabilities like application visibility, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection (AMP), URL filtering, and sandboxing. For details about Cisco's Firepower family of NGFWs Firewalls, visit Cisco Firepower firewalls consulting expertise.
Cisco's ASA 5500-X Series and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances provide integrated firewall, IPsec VPN, and intrusion prevention system services in single-box devices, delivering a broad range of features to meet the security needs of companies from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances allow network security staffs to defend their network perimeter and offer safe remote connectivity while using advanced management tools built on Cisco's world-class firewall technology.
Ciscoís ASA 5500 and PIX 500 firewalls have reached end-of-life (EOL) status but remain widely used in small and mid-size organizations and in some larger networks. The ASA 5500-X Next-Generation Firewalls deliver significantly more bang for the buck and have supplanted the ASA 5500 and PIX families of firewalls for new deployments. However, Cisco's older model firewalls, if carefully maintained, continue to deliver a high degree of security by supplying multiple features including firewall, VPN tunneling, and IPS.
Following Cisco's purchase of Sourcefire, the entire line of ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort technology, which is the market's most popular network intrusion protection system (IPS). Firepower services bring enhanced features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco CCIE-certified infrastructure consultants can assist you to maintain and debug legacy ASA 5500 and PIX 500 firewalls and can also assist you to design and implement an efficient upgrade to Ciscoís ASA 5500-X firewalls with Firepower. Progent can also assist you to plan, integrate, optimize, manage and debug new firewall ecosystems based on Cisco's current ASA 5500-X firewalls with Firepower. Progent's firewall consultants can also assist you to migrate from your Cisco ASA 5500-X Series solution to Cisco's Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X security appliances includes an enhanced substitute for each rack-mountable unit in the previous ASA 5500 series of firewalls. Each ASA 5500-X firewall targets the identical environment as the associated earlier models, which gives most plenty of choice for picking a firewall that meets their security requirements and IT budgets. All ASA 5500-X products build on Cisco's tested stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and support Cisco's powerful security services. All models in Cisco's ASA 5500-X product line provide dependable security across any mix of physical, virtual, and cloud environments.
For more details about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's support for Cisco ASA security appliances, see Cisco Firepower configuration and debugging consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls accept either software or hardware modules that support Firepower Services, which provide layered protection against advanced threats. Firepower Services are based on technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X firewalls include:
- Multi-layer protection against both familiar and new threats
- Advanced Malware Protection (AMP) that uses big data to find and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at clients, infrastructure, software applications, and content to detect threats that incorporate multiple approaches
- High-resolution Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically launch standard and customized IPS policies based on the degree of threats
Firepower Services for Cisco ASA firewalls provide multi-layered threat protection
Smaller deployments of Cisco ASA firewalls can be efficiently administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility provided with all ASA 5500-X models. ASDM provides an easy-to-use web console for configuring, managing, and troubleshooting ASA 5500-X firewalls and modules.
For multi-device and multi-site deployments, ASA 5500-X appliances with Firepower Services can be managed using Cisco's Firepower Management Center, available as one or more physical units or virtual devices. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names including Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center centralizes event and policy management for Firepower firewall appliances
Cisco's Firepower Management Center provides features beyond those available with Cisco's on-device Adaptive Security Device Manager utility. Additional features include greater context awareness, Advanced Malware Protection with remediation for client devices, a dashboard that provides dynamic infrastructure visualization, automated policy tuning driven by risk assessment of attacks, advanced IPS, custom app detectors for Application Visibility and Control (AVC), customized health notifications, enhanced reporting features, and application interfaces for host input and databases. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be managed using Cisco's ASA 5500-X on-box ASDM or the ASA CLI.
Cisco ASA 5500 Series Firewalls
Cisco ASA 5500 Series Firewalls leverage technology behind the Cisco PIX 500 Series firewall, Cisco's IPS 4200 Series sensor, and Cisco's VPN 3000 family concentrator. These solutions converge on the Cisco Adaptive Security Appliances Firewall family to deliver a firewall that stops the broadest variety of threats. Cisco ASA Firewalls deliver program security, network containment and control, and clean VPN functionality across Cisco's product portfolio. This broad scope of protection allows the guarding of any network section, which includes the most typical threat conduits like remote sites, LAN-connected inside users, and remote connected VPNs.
The scalable architecture of the Cisco ASA 5500 Series enables you to add more security services via service modules and security service cards (SSCs). These user-installable enhancements provide the option of adding IPS and content protection services like blocking virus, spyware, and phishing assaults and performing file and URL screening. In addition to allowing you to react rapidly to new threat environments, the extensible architecture of the Cisco ASA 5500 family also protects your capital investment by prolonging the life of your firewalls. The Cisco ASA 5500 family also leverages your investment in IT team training by supporting the rich library of PIX management utilities and protocols including the Cisco Adaptive Security Device Manager (ASDM) platform, secure command-line interface (CLI) access, syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances (ASA) firewalls deliver robust application protection through smart, application-aware inspection processes that examine network flows at Layers 4-7. This produces a safer network covering Web, voice, and 3G-mobile wireless access. To protect against application-layer assaults and to provide stronger policing of the programs and protocols utilized in their environments, these inspection engines incorporate extensive application and protocol knowledge and rely on protection enforcement technologies such as protocol anomaly sensing and state monitoring. Also incorporated are assault sensing and remediation techniques such as application and protocol command filters and content verification. Cisco ASA 5500 Series firewall inspection engines also deliver control over instant messaging and peer-to-peer file sharing, enabling organizations to police usage policies and conserve network bandwidth for important business processes.
For more information about Progent's consulting services for ASA 5500 firewalls, visit Cisco ASA 5500 series firewalls integration and troubleshooting support.
PIX Security Appliance Series
Based around a hardened, purpose-built operating system that offers rich security services, PIX security appliances offer excellent protection and have earned EAL 4 status and ICSA Firewall and IP Security (IPsec) qualification. PIX firewall appliances provide protection for a wide range of Voice over IP and other mixed-media standards including H.323 v. 4, SIP, Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol (MGCP), enabling organizations to protect deployments of a wide array of current and next-generation Voice over IP and video applications.
Cisco PIX security appliances feature a variety of configuration, tracking, and analysis features, providing IT managers the flexibility to use the methods that best match their needs. Management solutions include centralized, policy-based administration utilities, integrated web-accessible management, and support for remote-monitoring protocols like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system offers a powerful Web-based control solution that significantly simplifies the deployment, ongoing configuration, and tracking of a single Cisco PIX firewall without requiring any additional software other than an ordinary Web browser and Java plug-in to be installed on a manager's computer.
IT managers can furthermore remotely configure, monitor, and analyze PIX firewall appliances using a command-line interface. Secure command-line interface communication is available using a number of methods such as Secure Shell Protocol, Telnet through IP Security, and out-of-band via a console port. Cisco PIX firewalls also include robust auto-update features, a collection of advanced secure remote-management options that ensure firewall settings and software images are always up to date.
For more information about Progent's consulting services for Cisco PIX firewalls, visit PIX firewalls configuration and debugging consulting.
Progent's Migration Consulting for Cisco Firewalls
Because Cisco has discontinued offering the PIX and ASA 5500 families of firewalls, many companies are concerned about relying on a key security mechanism that may no longer be supported by Cisco. Cisco ASA 5500-X and Firepower NGFW Series firewalls have the benefit of being current products and also bring several technical and economic advantages in comparison to PIX 500 devices. These benefits include significantly better performance, optional SSL VPN capability, and an expandable design that protects your investment by enabling you to self-install new security features when and if you need them. Progent's Cisco certified experts can assist your company to determine the business value of for migrating from PIX or ASA 5500 security appliances, design a migration process that permits a quick and seamless changeover, assist you to deploy new ASA 5500-x or Firepower Series firewalls, and offer online, consulting, and technical support services.
Other Ways Progent Can Help Your Business with Cisco Firewalls
Cisco Firepower NGFW Series, ASA 5500 Series, and PIX security appliances provide an array of configuration, tracking, and analysis options which give you the ability to set up these security appliances to align optimally with your business needs. Progent's CCIE authorized network experts can show you how to design a cost-effective network infrastructure that incorporates Cisco security appliances and that provides advanced security, resilience, throughput, and recoverability. Progent's CISA and CISSP-ISSP-certified IS security professionals can help your business to develop a security strategy appropriate for your situation and can configure your firewall to support your security strategy. Progent's risk evaluation consultants can assess the strength of your current firewall solution and audit the security of your entire information system network. Progentís Technical Response Center can provide urgent remote troubleshooting for Cisco products and can give you fast access to a Cisco CCIE expert.
For additional details concerning Progent's engineering support for Cisco technology, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to ask Progent about engineering expertise for Cisco products, phone 1-800-993-9400 or visit Contact Progent.