Cisco is a long-time leader in developing cutting-edge firewall appliances for the broadest possible variety of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) provide an advanced cybersecurity platform that marshals dedicated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to anticipate, identify, and mitigate cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can help you to plan and carry out a smooth migration to Cisco Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and show you how to integrate Firepower appliances with Cisco's security services to create and centrally manage IT ecosystems that include local offices, data centers, and cloud resources. Progent can also assist you to manage and debug legacy Cisco firewalls. Progent's certified cybersecurity experts can assist you with policy creation based on industry best practices in order to build a consistent cybersecurity posture that applies to all your devices anywhere.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a significant performance improvement compared to Cisco's previous-generation ASA 5500-X security appliances and offer unified management and automation of advanced cybersecurity capabilities like application visibility, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection, distributed denial of service (DDoS) mitigation, and sandboxing. For more information about Cisco's Firepower family of Next Generation Firewalls (NGFWs), see Firepower Series firewalls integration experts.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco's ASA 5500-X, ASA 5500, and PIX 500 firewall appliances offer integrated firewall, VPN, and intrusion prevention system (IPS) capabilities in single-box packages, delivering a wide array of features to meet the security needs of organizations from small businesses to enterprises and ISPs. Cisco's ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewalls allow network security teams to defend their network edge and offer safe offsite and mobile connectivity while using powerful management mechanisms based on Cisco's world-class firewall technology.
Cisco's ASA 5500 Series and PIX 500 firewall appliances have arrived at end-of-life status but are still commonly deployed in smaller organizations and in some enterprise networks. Cisco's ASA 5500-X Series Next-Generation Firewalls deliver substantially more value and have superseded the ASA 5500 and PIX 500 lines of firewalls for new deployments. Still, Cisco's legacy firewalls, if properly managed, can offer a high level of security by supplying a variety of security functions such as stateful firewall, VPN tunneling, and IPS.
Since Cisco's acquisition of Sourcefire, the whole family of ASA 5500-X firewalls can be configured to enable Firepower Services, based on Sourcefire's Snort technology, which is the world's most popular network intrusion protection system (IPS). Firepower services provide enhanced capabilities such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco CCIE-certified network consultants can help your organization to maintain and debug legacy ASA 5500 and PIX 500 firewalls and can also assist you to plan and implement a smooth migration to Cisco's ASA 5500-X firewalls with Firepower. Progent can also help you to design, configure, optimize, administer and troubleshoot new firewall ecosystems built on Cisco's current ASA 5500-X firewalls with Firepower Services. Progent's firewall consultants can also assist you to migrate from your Cisco ASA 5500-X deployment to Cisco's Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X security appliances features an enhanced replacement for every rack-mountable model in the previous ASA 5500 line of firewalls. Each ASA 5500-X model is suited for the same market as the corresponding earlier models, which gives most plenty of room for selecting a solution that aligns with their security requirements and IT budgets. All ASA 5500-X products build on Cisco's proven stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and support Cisco's advanced protection services. All models in Cisco's ASA 5500-X family provide consistent protection across any mix of physical, virtual, and cloud environments.
For more details about ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA 5500-X firewalls, visit Firepower configuration and debugging consulting
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with software or hardware modules that enable Firepower Services, which provide layered defense against multi-vector threats. Cisco's Firepower Services are based on innovative technology adopted by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA firewalls include:
- Multi-layer protection against familiar and new threats
- Advanced Malware Protection that utilizes big data to find and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that looks at users, infrastructure, apps, and content to discover threats that use multiple vectors
- Fine-grained Application Visibility and Control that is familiar with thousands of apps and can automatically activate standard and customized IPS policies depending on the degree of threats
Firepower Services for ASA firewalls provide multi-layered protection
Smaller implementations of Cisco ASA 5500-X firewalls can be effectively administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool provided with all ASA 5500-X versions. ASDM provides a convenient web console for configuring, administering, and debugging ASA 5500-X appliances and modules.
For multi-device and multi-site environments, ASA 5500-X firewalls with Firepower can be managed using Cisco's Firepower Management Center, implemented as one or several physical units or virtual appliances. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of ongoing rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under several names that include Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Firepower Management Center unifies event and policy management for Firepower firewalls
Firepower Management Center offers capabilities unavailable with Cisco's on-device Adaptive Security Device Manager utility. Extra features include greater context awareness, Advanced Malware Protection with remediation for user devices, a dashboard that offers real-time network infrastructure visualization, automated policy tuning based on impact assessment of threats, comprehensive IPS, custom application discovery for Application Visibility and Control, customized health notifications, improved reporting features, and application interfaces for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed via the on-device ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on engineering developed for Cisco's PIX 500 family Security Appliance, Cisco's IPS 4200 Intrusion Prevention System, and the Cisco VPN 3000 Series concentrator. These solutions converge on the Cisco Adaptive Security Appliances 5500 Series Firewall product line to deliver a platform that stops the widest range of threats. Cisco Adaptive Security Appliances (ASA) Firewalls deliver program protection, local containment and control, and safe VPN functionality throughout the entire product line. This broad scope of protection allows defense of any network section, including the most common threat conduits like remote locations, locally-attached inside users, and remote connected Virtual Private Networks.
The expandable architecture of the Cisco ASA 5500 Series permits you to add more features via security service modules (SSMs) and security service cards (SSCs). These user-installable options give you the option of adding Intrusion Protection and content protection functions such as filtering virus, worms, and phishing assaults and executing data and web filtering. In addition to enabling you to react quickly to new risk vectors, the expandable architecture of the ASA 5500 Series also protects your hardware investment by prolonging the useful life of your firewalls. The Cisco ASA 5500 family also protects your investment in administrative team education by supporting the familiar library of PIX management utilities and protocols such as the Cisco Adaptive Security Device Manager (ASDM) system, protected command-line interface (CLI) access, verbose syslog, and SNMP.
Cisco Adaptive Security Appliances firewalls provide a high-level of application protection via smart, application-sensitive inspection processes that analyze network flows at Layers 4-7. The result is a safer network including Web, voice, and mobile wireless services. To protect networks against application-layer attacks and to provide stronger control over the programs and protocols utilized in their networks, these inspection engines incorporate extensive application and protocol knowledgebases and employ protection enforcement solutions that include protocol anomaly detection and state monitoring. Also incorporated are assault detection and mitigation technology including application and protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver management of instant messaging and tunneling applications, allowing organizations to police usage policies and recover network bandwidth for important business applications.
For additional information about Progent's support services for ASA 5500 firewalls, see Cisco ASA 5500 firewalls configuration and debugging consulting.
Based around a tested, specialized software platform that offers rich protection services, Cisco PIX security appliances provide excellent security and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security (IPsec) qualification. Cisco PIX security appliances offer security for a broad range of Voice over IP and other mixed-media conventions such as H.323 v. 4, SIP, Cisco Skinny Client Control Protocol, RTSP, and MGCP, enabling businesses to protect installations of a wide array of contemporary and upcoming Voice over IP and mixed-media applications.
PIX firewalls offer a variety of setup, tracking, and analysis options, providing IT managers the flexibility to use the methods that most closely meet their requirements. Management options include centralized, policy-based administration tools, integrated web-accessible management, and support for remote-monitoring protocols like Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system offers a world-class Web-accessible control solution that significantly streamlines the installation, in-place modification, and monitoring of a specific PIX security appliance without requiring any extra software other than an ordinary Web browser and Java applet to be running on a manager's computer.
Administrators can furthermore remotely set up, track, and analyze Cisco PIX security appliances using a CLI interface. Safe command-line interface (CLI) communication is available using several techniques including SSHv2 Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. PIX firewalls also have robust automatic-update capabilities, a set of revolutionary secure remote-administration options that make sure that security settings and software images are always up to date.
For additional details about Progent's support services for Cisco PIX 500 security appliances, see PIX 500 firewalls integration and debugging consulting.
Progent's Migration Support for Cisco Firewalls
Since Cisco has discontinued offering the PIX and ASA 5500 product lines, many businesses are uncomfortable with relying on a key infrastructure component that might stop being supported. ASA 5500-X and Firepower NGFW Series security appliances offer the benefit of being new products and also bring a number of functions and economic benefits in comparison to PIX 500 devices. These benefits include significantly higher throughput, optional Secure Sockets Layer tunneling support, and a modular design that guards your investment by allowing you to add new security features whenever you require them. Progent's Cisco experts can assist your company to assess the strategic case for upgrading from PIX 500 or Cisco ASA 5500 firewalls, create a migration process that permits a fast and non-disruptive changeover, help your IT staff to install new ASA 5500-x or Firepower Series firewalls, and offer online, consulting, and technical support services.
Additional Ways Progent Can Assist You with Cisco ASA and PIX Security Appliances
Cisco's Firepower Series, ASA 5500 Series, and PIX security appliances incorporate a wealth of configuration, tracking, and analysis options which offer you the ability to set up these firewalls to align optimally with your company's requirements. Progent's CCIE certified network consultants can show you how to build an efficient infrastructure that incorporates Cisco firewalls and that offers advanced security, fault tolerance, performance, and manageability. Progent's GISA and CISM-certified information security consultants can assist your business to develop a security policy appropriate for your situation and can configure your firewall to support your security strategy. Progent's risk evaluation consultants can evaluate the strength of your current firewall solution and validate the security of your entire IT environment. Progent's Technical Response Center can provide emergency online troubleshooting for Cisco products and offer quick access to a Cisco network engineer.
To see additional information about Progent's engineering assistance for Cisco technology, choose a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to get in touch with Progent about consulting expertise for Cisco products, phone 1-800-993-9400 or go to Contact Progent.