Cisco is a perennial front-runner in delivering state-of-the-art firewall appliances for the widest possible variety of environments. Cisco's Firepower NGFWs Firewalls represent a modern firewall solution that marshals dedicated hardware, cloud services, and machine learning to block, identify, and respond to threats without manual intervention. Progent's Cisco-certified CCIE-certified firewall consultants can assist your organization to design and carry out a smooth upgrade to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and help you enhance Firepower appliances with Cisco's subscription-based security services to build and centrally control network ecosystems that span branch offices, data centers, and cloud resources. Progent's firewall consultants can also help you to manage and debug older-generation Cisco firewalls. Progent's certified network security experts can assist you with policy creation driven by leading best practices in order to establish a consistent and effective security profile across all your networked devices anywhere.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a significant performance improvement over Cisco's previous-generation ASA 5500-X security appliances and offer unified management of advanced security capabilities like application visibility and control, next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection (AMP), URL filtering, and sandboxing. For details about Cisco's Firepower family of Next Generation Firewalls (NGFWs), visit Firepower Series firewalls consulting services.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco's ASA 5500-X, ASA 5500 Series, and PIX firewalls offer combined firewall, IPsec VPN, and intrusion prevention system (IPS) capabilities in single-box devices, delivering a broad range of features to meet the security and compliance requirements of companies from small businesses to enterprises and Internet service providers. Cisco's ASA 5500-X, ASA 5500, and PIX firewalls enable IT security teams to protect their network perimeter and offer secure remote access while using powerful administration mechanisms built on Cisco's world-class firewall technology.
Cisco's ASA 5500 Series and PIX 500 firewalls have arrived at end-of-life status but are still widely deployed in small and mid-size businesses and in some larger data centers. The ASA 5500-X Next-Generation Firewalls represent substantially more bang for the buck and have supplanted the ASA 5500 and PIX families of firewalls for new installations. However, Cisco's legacy firewall appliances, if properly maintained, continue to offer a high level of protection by supplying multiple services including stateful firewall, VPN tunneling, and IPS.
Since Cisco's purchase of Sourcefire, the whole family of Cisco ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort technology, which is the world's most popular network intrusion protection system. Firepower services provide powerful new features including advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-certified network consultants can help you to maintain and debug older ASA 5500 and PIX firewalls and can also help you to design and implement a smooth upgrade to Cisco's ASA 5500-X firewalls with Firepower Services. Progent can also assist you to design, integrate, tune, manage and troubleshoot new firewall solutions built on Cisco's latest ASA 5500-X firewalls with Firepower. Progent can also help you to upgrade from your Cisco ASA 5500-X Series deployment to Cisco's latest Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive line of ASA 5500-X firewalls features an improved replacement for every rack-mountable model in the previous ASA 5500 generation of firewalls. Each ASA 5500-X firewall targets the same market as the associated earlier models, which offers most ample choice for picking a firewall that aligns with their security requirements and budgets. All ASA 5500-X products build on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and support Cisco's advanced security services. All models in Cisco's ASA 5500-X family provide dependable protection across any combination of physical, virtual, and cloud deployments.
For more details about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's support for ASA security appliances, visit Firepower integration and debugging expertise
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances accept software or physical modules that support Cisco's Firepower Services, which provide layered defense against advanced attacks. Firepower Services are based on technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA firewalls include:
- Layered protection against familiar and new attacks
- Advanced Malware Protection (AMP) that uses big data techniques to find and remediate intrusions
- A Next-Generation Intrusion Prevention System that performs contextual analysis that covers clients, network infrastructure, software applications, and content to detect threats that incorporate multiple approaches
- High-resolution Application Visibility and Control (AVC that is aware of thousands of applications and can automatically launch both standard and custom IPS policies based on the degree of risk
Firepower Services for Cisco ASA firewalls offer advanced multi-layered threat protection
Smaller deployments of ASA 5500-X firewalls can be effectively administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility provided with all ASA 5500-X versions. ASDM provides an easy-to-use web console for configuring, administering, and debugging ASA 5500-X appliances and modules.
For more complex deployments, ASA 5500-X firewalls with Firepower can be administered with Cisco's Firepower Management Center, implemented as one or more physical or virtual appliances. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under several names that include Cisco Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Firepower Management Center centralizes event and policy control for Firepower firewall appliances
Firepower Management Center provides capabilities unavailable with Cisco's on-box Adaptive Security Device Manager tool. Additional features include expanded context awareness, Advanced Malware Protection with remediation for client devices, a console that offers dynamic network visualization, automated policy optimization driven by risk assessment of attacks, advanced IPS, custom app discovery for Application Visibility and Control, customized health alerts, improved reporting options, and APIs for host input and database access. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be managed using Cisco's ASA 5500-X on-box ASDM or the ASA CLI.
Cisco ASA 5500 Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) Firewalls build on engineering behind Cisco's PIX 500 firewall, Cisco's IPS 4200 family sensor, and the Cisco VPN 3000 model concentrator. These technologies enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to deliver a platform that defends against the widest range of attacks. Cisco ASA 5500 Series Firewalls deliver program security, network containment, and clean Virtual Private Network functionality across the entire product portfolio. This broad scope of security enables the guarding of any network section, including the most common attack vectors such as remote sites, LAN-connected inside users, and off-site access VPNs.
The expandable design of the ASA 5500 Series allows you to add services via security service modules (SSMs) and cards. These user-installable enhancements give you the option of adding IPS and content protection services such as filtering virus, worms, and phishing attacks and executing file and URL screening. In addition to enabling you to react quickly to new threat vectors, the extensible architecture of the ASA 5500 Series also protects your hardware investment by prolonging the life of your security appliances. The ASA 5500 family also leverages your investment in administrative team education by supporting the rich set of PIX security management tools and protocols such as the Cisco ASDM system, protected command-line interface (CLI) availability, syslog, and Simple Network Management Protocol (SNMP).
Cisco ASA firewalls provide a high-level of application security through intelligent, application-sensitive inspection engines that examine network flows at Layers 4-7. The result is a safer environment including Web, voice, and mobile wireless connectivity. To defend networks against application-layer attacks and to offer stronger control over the programs and protocols used in their networks, these inspection engines incorporate extensive application and protocol knowledgebases and employ security enforcement solutions such as anomaly detection and state tracking. Also included are attack detection and mitigation techniques such as application and protocol command filters and URL deobfuscation. Cisco ASA 5500 Series firewall inspection engines also deliver control over instant messaging and tunneling applications, enabling businesses to police usage policies and recover network bandwidth for important business processes.
For additional information about Progent's support services for ASA 5500 firewalls, go to ASA 5500 series firewalls configuration and debugging support.
Cisco PIX Firewalls
Built upon a hardened, purpose-built operating system that delivers rich security features, PIX security appliances offer a high level of security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. Cisco PIX firewalls provide protection for a wide range of Voice over IP and additional mixed-media conventions such as H.323 v. 4, SIP, SCCP, RTSP, and MGCP, helping businesses to safeguard deployments of a broad array of current and upcoming VoIP and mixed-media applications.
PIX firewalls offer a wealth of configuration, tracking, and analysis options, giving businesses the versatility to use the methods that most closely meet their requirements. Administrative solutions include common, policy-based administration tools, integrated web-accessible management, and compatibility with remote-tracking protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system offers a world-class Web-based management solution that greatly simplifies the installation, ongoing modification, and monitoring of a specific Cisco PIX firewall appliance without the need of any extra software other than an ordinary Web browser and Java plug-in to be installed on an administrator's computer.
Administrators can also remotely configure, track, and troubleshoot PIX security appliances via a command-line interface (CLI). Safe command-line interface access is possible using several techniques including Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. PIX firewalls also include dependable auto-update features, a set of revolutionary protected remote-administration services that ensure firewall configurations and software images are always up to date.
For additional details about Progent's consulting services for Cisco PIX firewalls, go to Cisco PIX 500 firewalls integration and troubleshooting consulting.
Progent's Migration Support Services for Cisco Firewalls
Because Cisco has discontinued selling the PIX 500 and ASA 5500 families of firewalls, many businesses are uncomfortable with relying on a key infrastructure component that may no longer be supported. ASA 5500-X and Firepower Series firewalls have the benefit of being new products and also bring a number of technical and economic advantages in comparison to PIX firewalls. These advantages include significantly better throughput, optional SSL tunneling capability, and an expandable architecture that guards your investment by allowing you to add new security features whenever you require them. Progent's CCIE-certified network engineers can help your company to assess the business case for moving from PIX 500 or Cisco ASA 5500 security appliances, create a migration process that allows for a quick and non-disruptive changeover, help your IT staff to configure new ASA 5500-x or Firepower NGFW Series appliances, and provide remote training, consulting, and troubleshooting services.
Other Ways Progent Can Help Your Business with Cisco ASA and PIX Security Appliances
Cisco Firepower NGFW Series, ASA Series, and PIX security appliances provide an array of configuration, tracking, and troubleshooting features which give you the ability to deploy these security appliances to align optimally with your business requirements. Progent's CCIE authorized network experts can show you how to configure and support a cost-effective network infrastructure that includes Cisco firewall technology and that provides advanced protection, resilience, throughput, and recoverability. Progent's GISA and CISSP-ISSP-certified information security engineers can help your business to create a security strategy appropriate for your business and can set up your security appliance to enforce your security policies. Progent's security assessment experts can assess the strength of your current firewall solution and audit the overall security of your entire IS environment. Progent's Help Desk support team can provide urgent remote troubleshooting for Cisco products and offer quick access to a Cisco CCIE expert.
To find out more details concerning Progent's consulting assistance for Cisco networking products, choose a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to contact Progent about technical expertise for Cisco networking, phone 1-800-993-9400 or see Contact Progent.