Cisco is a long-time front-runner in developing cutting-edge firewalls for the broadest possible range of deployments. Cisco's Firepower NGFWs Firewalls represent a modern firewall platform that marshals dedicated hardware, cloud services, and machine learning to block, identify, and respond to threats without manual intervention. Progent's Cisco-certified CCIE firewall experts can help you to plan and execute an efficient migration to Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and show you how to enhance Firepower appliances with Cisco's cloud-based services to create and centrally manage IT environments that include branch offices, data centers, and cloud resources. Progent's firewall consultants can also assist you to manage and troubleshoot older-generation Cisco firewalls. Progent's certified cybersecurity consultants can assist you with policy creation driven by leading best practices in order to build a consistent and effective cybersecurity posture across all your endpoints at any location.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower Next Generation Firewalls provide a significant performance improvement over Cisco's popular ASA 5500-X security appliances and include centralized management of modern security features like application visibility and control, next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection, DDoS mitigation, and sandboxing. For details about Cisco's Firepower line of NGFWs Firewalls, see Firepower firewalls integration expertise.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances offer combined firewall, VPN, and intrusion prevention system (IPS) services in single-box devices, delivering a broad range of features to match the security needs of companies from small businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X, ASA 5500, and PIX firewalls enable IT security teams to defend their network edge and offer safe offsite and mobile connectivity while using advanced management mechanisms built on Cisco's industry-leading firewall technology.
Cisco’s ASA 5500 Series and PIX firewalls have arrived at end-of-life status but remain commonly deployed in small and mid-size businesses and in a few larger data centers. The ASA 5500-X Next-Generation Firewalls represent substantially more bang for the buck and have supplanted the ASA 5500 and PIX 500 families of firewalls for new installations. Still, Cisco's legacy firewalls, if carefully maintained, continue to offer a high level of security by supplying multiple services such as stateful firewall, VPN tunneling, and IPS.
After Cisco's purchase of Sourcefire, the entire family of ASA 5500-X firewalls can be provisioned to enable Firepower Services, based on Sourcefire's Snort technology, which is the market's most deployed network intrusion protection system (IPS). Firepower services bring enhanced capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco-certified network engineers can assist your organization to support and debug legacy ASA 5500 Series and PIX firewall appliances and can also help you to plan and implement a smooth upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to design, integrate, tune, administer and troubleshoot new firewall solutions based on Cisco's current ASA 5500-X models with Firepower. Progent's firewall consultants can also assist you to upgrade from your Cisco ASA 5500-X deployment to Cisco's latest Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X security appliances includes an enhanced substitute for each rack-mountable model in the previous ASA 5500 series of devices. Each ASA 5500-X firewall is suited for the identical environment as the corresponding previous models, which gives most ample choice for picking a firewall that aligns with their security requirements and budgets. All ASA 5500-X products are based on Cisco's proven stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore processors and are capable of running Cisco's advanced security services. All devices in Cisco's ASA 5500-X family provide dependable security across any mix of physical, virtual, and cloud deployments.
For more information about Cisco's ASA 5500-X security appliances, Cisco Firepower services, and Progent's support for ASA 5500-X firewalls, go to Firepower integration and debugging consulting
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls work with software or hardware modules that support Cisco's Firepower Services, which provide layered defense against multi-vector threats. Firepower Services are powered by technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X firewalls include:
- Layered protection against familiar and new attacks
- Advanced Malware Protection (AMP) that uses big data techniques to discover and mitigate intrusions
- A Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at clients, infrastructure, software applications, and content to detect threats that use simultaneous approaches
- High-resolution Application Visibility and Control that is aware of thousands of apps and can automatically launch standard and custom IPS policies based on the degree of threats
Firepower Services for Cisco ASA 5500-X firewalls provide multi-layered threat protection
Simpler implementations of ASA 5500-X firewalls can be efficiently managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all ASA 5500-X models. ASDM provides an easy-to-use web console for configuring, administering, and debugging ASA 5500-X appliances and modules.
For multi-device and multi-site deployments, ASA 5500-X appliances with Firepower can be managed with Cisco's Firepower Management Center, implemented as one or more physical units or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of ongoing rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under several names that include Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Firepower Management Center unifies event and policy control for Cisco Firepower firewalls
Cisco's Firepower Management Center offers capabilities unavailable with Cisco's on-box ASDM tool. Extra capabilities include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for client devices, a dashboard that provides real-time network infrastructure visualization, automated policy tuning driven by impact evaluation of attacks, comprehensive IPS, custom application detectors for Application Visibility and Control, customized health alerts, enhanced reporting options, and application interfaces for host input and database access. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be handled using either the on-device ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on engineering developed for the PIX 500 family firewall, Cisco's IPS 4200 Series sensor, and the VPN 3000 family concentrator. These technologies enable the Cisco ASA 5500 Series Firewall product line to deliver a firewall that stops the widest variety of threats. Cisco Adaptive Security Appliances 5500 Series Firewalls provide program security, local containment, and safe VPN functionality across the entire product line. This broad scope of security enables the guarding of any network area, including the most typical attack vectors such as remote sites, LAN-connected internal users, and remote connected Virtual Private Networks.
The scalable architecture of the ASA 5500 Series allows you to add more security services via security service modules and security service cards (SSCs). These easy-to-install options provide the option of adding Intrusion Protection and content protection services such as blocking virus, spyware, and phishing assaults and executing file and URL screening. In addition to enabling your IT staff to react rapidly to new threat vectors, the expandable architecture of the Cisco ASA 5500 family also leverages your hardware investment by prolonging the useful life of your security appliances. The ASA 5500 Series also leverages your investment in administrative staff education by utilizing the rich library of PIX 500 management utilities and protocols such as the Cisco Adaptive Security Device Manager (ASDM) system, secure command-line interface (CLI) availability, syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide robust application protection through smart, application-aware inspection engines that examine traffic at Layers 4-7. This produces a safer network covering Web, voice, and mobile wireless connectivity. To defend against application-layer attacks and to offer stronger control over the applications and protocols utilized in their environments, Cisco's inspection engines incorporate broad application and protocol knowledge and employ protection enforcement technologies that include protocol anomaly sensing and state monitoring. Also included are attack detection and remediation technology such as application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also provide control over IM and tunneling applications, enabling organizations to enforce usage policies and recover bandwidth for important business processes.
For additional details about Progent's support services for Cisco's ASA 5500 security appliances, go to ASA 5500 series firewalls integration and troubleshooting consulting.
PIX Firewall Appliances
Built around a hardened, specialized OS that delivers rich protection features, Cisco PIX firewall appliances provide excellent security and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security (IPsec) certification. PIX security appliances offer security for a wide array of Voice over IP and other multimedia conventions such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and MGCP, helping businesses to safeguard installations of a wide range of contemporary and next-generation IP voice and mixed-media applications.
Cisco PIX firewall appliances offer a variety of configuration, tracking, and analysis features, providing businesses the flexibility to use the techniques that most closely meet their needs. Management solutions include common, policy-based administration utilities, integrated web-accessible administration, and compatibility with remote-monitoring standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager system offers a world-class Web-accessible management platform that significantly simplifies the deployment, ongoing configuration, and tracking of a specific Cisco PIX firewall appliance without the need of any extra utility other than an ordinary browser and Java plug-in to be installed on an administrator's PC.
Administrators can furthermore remotely configure, monitor, and analyze PIX firewall appliances via a command-line interface (CLI). Secure command-line interface access is available using several techniques including Secure Shell Protocol, Telnet through IP Security, and out-of-band via a console port. Cisco PIX firewall appliances also include dependable auto-update capabilities, a collection of revolutionary protected remote-management services that ensure security configurations and software images are kept current.
For additional information about Progent's consulting services for Cisco PIX firewalls, go to Cisco PIX 500 firewalls configuration and troubleshooting services.
Progent's Migration Support Services for Cisco Firewalls
Since Cisco has stopped selling the PIX and ASA 5500 product lines, many businesses are concerned about relying on a critical infrastructure component that may stop being supported by Cisco. Cisco ASA 5500-X and Firepower Series security appliances offer the advantage of being new products and also offer a number of functions and budgetary benefits in comparison to PIX 500 firewalls. These benefits include significantly higher performance, optional SSL tunneling support, and an expandable architecture that protects your investment by allowing you to add more security features when and if you need them. Progent's Cisco network engineers can help you to assess the business case for migrating from PIX 500 or Cisco ASA 5500 security appliances, design a migration process that allows for a quick and non-disruptive upgrade, help your IT staff to install new ASA 5500-x or Firepower Series appliances, and offer online, consulting, and technical support services.
Additional Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco Firepower Series, ASA 5500 Series, and PIX family security appliances incorporate an array of setup, tracking, and analysis options that give you the ability to configure these security appliances to match your company's requirements. Progent's CCIE authorized network experts can show you how to build a cost-effective network infrastructure that incorporates Cisco firewall technology and that provides advanced protection, resilience, throughput, and recoverability. Progent's CISA and CISM-premier IS security consultants can help you to develop a security policy appropriate for your business and can set up your PIX or ASA firewall to support your security strategy. Progent's risk evaluation professionals can assess the strength of your existing firewall deployment and help determine the overall security of your whole information system network. Progent’s Technical Response Center can deliver emergency remote troubleshooting for Cisco technology and can give you fast access to a Cisco network engineer.
To learn additional details about Progent's professional support for Cisco solutions, choose a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to ask Progent about technical expertise for Cisco products, phone 1-800-993-9400 or refer to Contact Progent.