Cisco is a perennial leader in developing state-of-the-art firewalls for the widest possible variety of environments. Cisco's Firepower NGFWs Firewalls provide an advanced firewall platform that combines sophisticated hardware, cloud-based services, and machine learning to block, identify, and respond to cyber attacks automatically. Progent's Cisco-certified CCIE firewall consultants can assist your organization to design and execute an efficient upgrade to Cisco Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and show you how to enhance Firepower firewalls with Cisco's cloud-based services to create and centrally control network environments that span local offices, data centers, and cloud resources. Progent can also assist you to maintain and troubleshoot older-generation Cisco firewalls. Progent's certified cybersecurity consultants can help you with policy creation and tuning driven by leading best practices so you can establish a consistent security posture across all your endpoints at any location.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a major performance boost compared to Cisco's popular ASA 5500-X firewalls and include centralized control of advanced security capabilities like application visibility and control, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection, distributed denial of service (DDoS) mitigation, and multi-node sandboxing. For more information about Cisco's Firepower line of NGFWs Firewalls, refer to Firepower Series firewalls integration expertise.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewalls offer combined firewall, IPsec VPN, and intrusion prevention system services in single-box packages, delivering a broad array of features to match the security needs of companies ranging from small and mid-size businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances enable IT security teams to defend their network edge and offer safe offsite and mobile connectivity while using powerful administration tools based on Cisco's industry-leading firewall products.
Cisco’s ASA 5500 Series and PIX 500 firewalls have arrived at end-of-life but remain commonly used in smaller organizations as well as in some larger data centers. The ASA 5500-X Series Next-Generation Firewalls represent significantly more value and have superseded the ASA 5500 and PIX 500 lines of firewalls for new installations. However, Cisco's older model firewall appliances, if properly maintained, continue to offer a high degree of security by supplying a variety of services such as firewall, IPsec VPN, and IPS.
Following Cisco's acquisition of Sourcefire, the entire line of ASA 5500-X firewalls can be provisioned to enable Firepower Services, based on Sourcefire's Snort product, which is the market's most popular intrusion protection system. Firepower services provide powerful new capabilities such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco-certified network engineers can assist you to maintain and troubleshoot older ASA 5500 and PIX firewalls and can also help you to plan and carry out a smooth upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to plan, integrate, optimize, manage and troubleshoot new firewall ecosystems built on Cisco's current ASA 5500-X firewalls with Firepower Services. Progent's firewall consultants can also assist your organization to upgrade from your Cisco ASA 5500-X Series deployment to Cisco's Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X security appliances features an improved substitute for each rack-mountable model in the previous ASA 5500 line of devices. Each ASA 5500-X firewall targets the same environment as the associated previous models, which offers most plenty of room for picking a firewall that aligns with their security requirements and budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and support Cisco's powerful protection services. All models in Cisco's ASA 5500-X product line deliver dependable security across any combination of physical, virtual, and cloud deployments.
For additional information about Cisco's ASA 5500-X security appliances, Cisco Firepower services, and Progent's support for Cisco ASA firewalls, see Firepower integration and troubleshooting expertise
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls work with either software or physical modules that enable Cisco's Firepower Services, which provide layered protection against multi-vector attacks. Firepower Services are based on innovative technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA firewalls include:
- Multi-layer protection against familiar and new threats
- Advanced Malware Protection that uses big data techniques to discover and mitigate security breaches
- A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at clients, infrastructure, apps, and content to discover threats that incorporate simultaneous vectors
- Fine-grained Application Visibility and Control that is familiar with thousands of applications and can automatically activate standard and custom IPS policies based on the degree of threats
Firepower Services for Cisco ASA firewalls provide advanced multi-layered protection
Simpler deployments of Cisco ASA 5500-X firewalls can be efficiently administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility included with all ASA 5500-X versions. ASDM includes an easy-to-use web console for configuring, administering, and debugging ASA 5500-X firewalls and modules.
For multi-device and multi-site environments, ASA 5500-X appliances with Firepower Services can be managed with Cisco's Firepower Management Center, implemented as one or several physical or virtual devices. Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under several names that include Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center unifies event and policy control for Cisco Firepower firewalls
Firepower Management Center offers capabilities beyond those available with Cisco's on-device ASDM utility. Additional capabilities include greater context awareness, Advanced Malware Protection (AMP) with remediation for client devices, a console that offers real-time network infrastructure visualization, automated policy optimization driven by impact assessment of attacks, comprehensive IPS, custom application discovery for Application Visibility and Control (AVC), customized health notifications, enhanced reporting options, and APIs for host input and database access. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be handled via the on-box ASDM or the ASA command line interface.
Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on engineering developed for Cisco's PIX 500 family Security Appliance, Cisco's IPS 4200 sensor, and the Cisco VPN 3000 model concentrator. These technologies converge on the Cisco ASA 5500 Series Firewall product line to offer a firewall that defends against the widest range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver application protection, network containment and control, and clean VPN connectivity throughout Cisco's product portfolio. This broad scope of security enables the guarding of any network section, including the most common threat conduits such as remote sites, locally-connected inside users, and remote access VPNs.
The scalable architecture of the ASA 5500 Series allows you to add features by installing service modules and security service cards (SSCs). These easy-to-install options provide the option of adding Intrusion Protection and content protection services such as filtering virus, spyware, and phishing attacks and performing file and URL screening. In addition to enabling your IT staff to respond rapidly to the latest risk environments, the expandable design of the ASA 5500 Series also leverages your capital investment by increasing the life of your security appliances. The Cisco ASA 5500 family also leverages your investment in IT team training by supporting the rich set of PIX 500 security management tools and protocols including the Cisco Adaptive Security Device Manager system, protected command-line interface (CLI) access, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide robust application security through intelligent, application-sensitive inspection processes that examine traffic at Layers 4-7. This produces a safer environment covering Web, voice, and 3G-mobile wireless services. To defend against application-layer assaults and to provide stronger control over the applications and protocols used in their networks, these inspection engines integrate extensive application and protocol knowledgebases and employ protection enforcement solutions that include anomaly sensing and application and protocol state tracking. Also included are assault sensing and remediation techniques including application/protocol command filtering and content verification. Cisco ASA firewall inspection engines also provide control over instant messaging and tunneling applications, enabling businesses to police usage policies and recover network bandwidth for vital business applications.
For more details about Progent's consulting services for ASA 5500 firewalls, go to ASA 5500 series firewalls configuration and troubleshooting support.
Cisco PIX Firewalls
Based around a tested, purpose-built OS that delivers rich protection features, PIX firewalls offer a high level of security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IPsec certification. Cisco PIX security appliances provide protection for a broad array of VoIP and other mixed-media standards including H.323 Version 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, enabling businesses to safeguard deployments of a wide range of contemporary and next-generation Voice over IP and mixed-media applications.
Cisco PIX firewall appliances feature a wealth of setup, monitoring, and troubleshooting features, providing businesses the versatility to use the techniques that most closely match their needs. Management options include common, policy-based management utilities, integrated web-accessible management, and compatibility with remote-monitoring protocols such as SNMP and syslog. The integrated Adaptive Security Device Manager interface offers a powerful Web-based control platform that significantly simplifies the installation, in-place configuration, and tracking of a single Cisco PIX firewall without requiring any additional software beyond a standard browser and Java applet to be running on an administrator's computer.
IT managers can furthermore remotely configure, track, and analyze PIX firewalls using a CLI interface. Safe CLI interface communication is possible through several techniques including Secure Shell Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. PIX security appliances also include dependable auto-update features, a collection of advanced protected remote-management options that ensure security configurations and software images are kept up to date.
For additional information about Progent's support services for PIX firewalls, go to Cisco PIX firewalls integration and debugging support.
Progent's Migration Support for Cisco Firewalls
Since Cisco has stopped offering the PIX and ASA 5500 product lines, many companies are concerned about depending on a critical infrastructure component that may no longer be supported. ASA 5500-X and Firepower Series security appliances have the advantage of being new products and also bring a number of functions and economic benefits in comparison to PIX 500 firewalls. These benefits include significantly higher performance, optional SSL VPN capability, and a modular architecture that guards your investment by enabling you to add new security services whenever you require them. Progent's Cisco certified network engineers can help your company to assess the strategic value of for moving from PIX or ASA 5500 firewalls, create a migration plan that allows for a fast and seamless upgrade, help your IT staff to deploy new ASA 5500-x or Firepower NGFW Series firewalls, and provide online, consulting, and troubleshooting services.
Other Ways Progent Can Assist Your Business with Cisco ASA and PIX Firewalls
Cisco Firepower Series, ASA 5500 Series, and PIX security appliances incorporate a wealth of configuration, monitoring, and troubleshooting features that give you the flexibility to configure these security appliances to align optimally with your company's needs. Progent's CCIE certified network professionals can assist you to design a cost-effective infrastructure that incorporates Cisco security appliances and that provides world-class protection, fault tolerance, throughput, and manageability. Progent's GISA and CISM-premier information security experts can assist your business to create a security strategy appropriate for your business and can set up your firewall to enforce your security policies. Progent's risk evaluation professionals can evaluate the strength of your existing firewall deployment and audit the security of your whole IS network. Progent’s Help Desk Call Center can provide urgent online technical support for Cisco technology and offer fast access to a Cisco CCIE expert.
To find out more information about Progent's professional support for Cisco solutions, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to ask Progent about technical assistance for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.