Cisco is a perennial leader in delivering state-of-the-art firewalls for the broadest possible variety of environments. Cisco's Firepower NGFWs Firewalls provide an advanced firewall solution that marshals dedicated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to anticipate, discover, and respond to threats automatically. Progent's Cisco-certified CCIE firewall experts can assist you to design and execute an efficient migration to Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and show you how to enhance Firepower firewalls with Cisco's subscription-based security services to build and centrally manage IT environments that span branch offices, data centers, and cloud resources. Progent can also help you to maintain and debug legacy Cisco firewalls. Progent's certified network security experts can help you with policy creation and tuning based on leading best practices so you can establish a consistent and effective security profile across all your networked endpoints anywhere.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls deliver a significant performance improvement compared to Cisco's popular ASA 5500-X firewalls and include centralized control of modern security features like application visibility and control (AVC), next-generation intrusion protection with risk prioritization, advanced malware protection (AMP), distributed denial of service (DDoS) mitigation, and multi-node sandboxing. For details about Cisco's Firepower family of Next Generation Firewalls, refer to Cisco Firepower firewalls consulting experts.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls offer combined firewall, VPN, and IPS services in compact single-box packages, delivering a wide range of features to meet the security and compliance requirements of companies ranging from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X, ASA 5500, and PIX firewall appliances enable network security teams to protect their network perimeter and provide secure remote access while using advanced management tools based on Cisco's industry-leading firewall products.
Ciscoís ASA 5500 Series and PIX firewalls have reached end-of-life status but are still commonly deployed in small and mid-size organizations and in a few larger networks. The ASA 5500-X Next-Generation Firewalls represent significantly more value and have superseded Cisco's ASA 5500 and PIX 500 families of firewalls for new deployments. However, Cisco's older model firewalls, if properly maintained, continue to offer a high level of protection by providing multiple security functions including stateful firewall, VPN, and IPS.
Following Cisco's purchase of Sourcefire, the whole line of Cisco ASA 5500-X devices can be configured to support Firepower Services, based on Sourcefire's Snort product, which is the world's most deployed intrusion protection system (IPS). Firepower services bring powerful new features including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco CCIE-premier network consultants can help your organization to support and troubleshoot older ASA 5500 and PIX firewalls and can also assist you to design and carry out a smooth migration to Ciscoís ASA 5500-X firewalls with Firepower. Progent can also assist you to design, integrate, tune, manage and debug new firewall ecosystems based on Cisco's current ASA 5500-X models with Firepower. Progent can also help your organization to upgrade from your Cisco ASA 5500-X solution to Cisco's Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X firewalls features an enhanced substitute for every rack-mountable unit in the previous ASA 5500 series of firewalls. Each ASA 5500-X firewall is suited for the same market as the associated earlier models, which offers most ample room for selecting a solution that aligns with their security needs and budgets. All ASA 5500-X products build on Cisco's proven stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and support Cisco's powerful protection services. All models in Cisco's ASA 5500-X product line deliver consistent security across any mix of physical, virtual, and cloud deployments.
For more information about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's support for ASA security appliances, visit Cisco Firepower integration and troubleshooting consulting
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls work with software or hardware modules that enable Cisco's Firepower Services, which offer layered defense against sophisticated attacks. Firepower Services are powered by innovative technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA security appliances include:
- Multi-layer protection against both familiar and new attacks
- Cisco's Advanced Malware Protection (AMP) that utilizes big data to discover and mitigate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers clients, infrastructure, apps, and content to detect threats that incorporate simultaneous approaches
- Fine-grained Application Visibility and Control that is familiar with thousands of applications and can automatically activate standard and custom IPS policies based on the degree of threats
Firepower Services for Cisco ASA firewalls offer advanced multi-layered threat protection
Smaller implementations of ASA firewalls can be effectively managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool included with all ASA 5500-X versions. ASDM includes a simple web dashboard for deploying, administering, and troubleshooting ASA 5500-X devices and service modules.
For multi-device and multi-site environments, ASA 5500-X firewalls with Firepower can be administered with Cisco's Firepower Management Center, implemented as one or several physical units or virtual appliances. Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Advanced Malware Protection. Because of frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been delivered under various names including Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center unifies event and policy control for Firepower firewalls
Cisco's Firepower Management Center provides capabilities beyond those available with Cisco's on-device Adaptive Security Device Manager utility. Additional capabilities include expanded context awareness, Cisco's Advanced Malware Protection with remediation for client devices, a console that provides real-time infrastructure visualization, automated policy optimization based on risk evaluation of threats, advanced IPS, custom application detectors for Application Visibility and Control, customized health notifications, enhanced reporting options, and APIs for host input and databases. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed via the on-box ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls leverage engineering behind the Cisco PIX 500 family Security Appliance, Cisco's IPS 4200 sensor, and the VPN 3000 family concentrator. These technologies enable the Cisco Adaptive Security Appliances 5500 Series Firewall product line to deliver a platform that stops the widest variety of attacks. Cisco ASA Firewalls deliver application security, local containment, and safe VPN functionality throughout Cisco's product line. This broad scope of protection allows defense of any network segment, which includes the most typical attack vectors like remote locations, LAN-attached inside users, and remote access VPNs.
The scalable architecture of the ASA 5500 family permits you to add features via service modules and security service cards. These user-installable enhancements give you the ability to add IPS and content protection functions such as filtering virus, worms, and phishing assaults and performing file and URL filtering. Beside enabling your IT staff to react rapidly to new threat vectors, the extensible design of the ASA 5500 Series also leverages your capital investment by prolonging the useful life of your security appliances. The Cisco ASA 5500 family also leverages your investment in administrative staff education by utilizing the rich set of PIX 500 security management tools and protocols including the Cisco ASDM system, secure command-line interface (CLI) access, verbose syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances firewalls deliver robust application security through smart, application-aware inspection processes that analyze network flows at Layers 4-7. This produces a more secure network covering Web, voice, and 3G-mobile wireless access. To protect networks against application-layer attacks and to offer stronger control over the applications and protocols used in their networks, these inspection engines incorporate extensive application and protocol knowledgebases and employ protection enforcement technologies such as protocol anomaly detection and state tracking. Also included are attack sensing and remediation technology including application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver control over IM and peer-to-peer file sharing, allowing businesses to police usage policies and conserve network bandwidth for vital business applications.
For additional details about Progent's consulting services for Cisco's ASA 5500 firewalls, go to ASA 5500 firewalls integration and debugging consulting.
Cisco PIX Firewall Appliances
Built around a tested, specialized OS that offers a wealth of security features, Cisco PIX firewalls offer excellent protection and have been awarded EAL 4 status and ICSA Labs Firewall and IP Security qualification. PIX firewalls provide protection for a wide array of VoIP and other mixed-media standards including H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and MGCP, enabling businesses to protect deployments of a wide range of contemporary and next-generation IP voice and video applications.
PIX firewall appliances offer a variety of configuration, tracking, and analysis options, providing IT managers the versatility to utilize the techniques that best match their requirements. Administrative options include common, policy-based management tools, integrated web-accessible administration, and compatibility with remote-tracking standards like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a world-class Web-based management solution that significantly streamlines the deployment, ongoing configuration, and tracking of a specific Cisco PIX firewall appliance without requiring any extra software beyond a standard Web browser and Java plug-in to be running on an administrator's computer.
Administrators can also remotely set up, monitor, and troubleshoot Cisco PIX security appliances using a command-line interface (CLI). Secure CLI interface communication is possible through several methods such as SSHv2 Protocol, Telnet over IP Security, and out-of-band via a console port. Cisco PIX security appliances also include dependable automatic-update capabilities, a set of revolutionary secure remote-administration options that ensure security configurations and software images are kept up to date.
For more details about Progent's consulting services for Cisco PIX 500 security appliances, go to PIX firewalls integration and troubleshooting consulting.
Progent's Migration Consulting Support for Cisco Firewalls
Since Cisco has ceased offering the PIX 500 and ASA 5500 families of firewalls, many companies are uncomfortable with depending on a critical security mechanism that might no longer be supported. ASA 5500-X and Firepower Series security appliances have the advantage of being current devices and also offer a number of technical and economic benefits in comparison to PIX 500 devices. These benefits include substantially better throughput, optional Secure Sockets Layer tunneling support, and a modular design that protects your investment by allowing you to self-install more security services when and if you require them. Progent's Cisco certified network engineers can assist your company to assess the strategic value of for upgrading from PIX 500 or ASA 5500 firewalls, design a migration process that allows for a quick and non-disruptive changeover, assist you to configure new ASA 5500-x Series or Firepower NGFW Series firewalls, and provide online, consulting, and troubleshooting services.
Additional Ways Progent Can Help Your Business with Cisco Firewalls
Cisco's Firepower NGFW Series, ASA Series, and PIX family firewalls incorporate an array of setup, tracking, and analysis options which offer you the ability to configure these security appliances to align optimally with your business requirements. Progent's CCIE authorized network consultants can assist you to configure and support an efficient network infrastructure that includes Cisco security appliances and that offers world-class protection, fault tolerance, performance, and recoverability. Progent's CISA and CISM-certified IS security consultants can assist you to develop a security policy that makes sense for your environment and can set up your security appliance to enforce your security strategy. Progent's security assessment consultants can assess the strength of your current firewall deployment and validate the overall security of your entire information system environment. Progentís Help Desk support team can provide urgent online technical support for Cisco technology and can give you quick access to a Cisco network engineer.
To learn additional details concerning Progent's engineering expertise for Cisco solutions, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To get in touch with Progent about consulting help for Cisco products, call 1-800-993-9400 or refer to Contact Progent.