Cisco is a long-time front-runner in developing cutting-edge firewalls for the widest possible range of environments. Cisco's Firepower Next Generation Firewalls represent an advanced cybersecurity solution that marshals sophisticated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to anticipate, identify, and mitigate threats automatically. Progent's Cisco-certified CCIE firewall consultants can help your organization to plan and execute an efficient upgrade to Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and help you integrate Firepower appliances with Cisco's security services to create and centrally control IT ecosystems that span local offices, data centers, and cloud resources. Progent's firewall consultants can also help you to maintain and troubleshoot legacy Cisco security appliances. Progent's certified cybersecurity experts can help you with policy creation and tuning driven by industry best practices in order to establish a consistent and effective security profile across all your networked devices anywhere.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls provide a significant performance boost over Cisco's popular ASA 5500-X firewalls and include centralized control of modern cybersecurity features like application visibility, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection, DDoS mitigation, and multi-node sandboxing. For details about Cisco's Firepower portfolio of Next Generation Firewalls, visit Cisco Firepower firewalls consulting experts.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500, and PIX 500 firewalls offer integrated firewall, VPN, and intrusion prevention system services in compact single-box devices, delivering a wide array of features to meet the security needs of organizations from small and mid-size businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances allow network security teams to defend their network edge and provide safe remote access while using powerful administration tools based on Cisco's industry-leading firewall products.
Cisco’s ASA 5500 Series and PIX firewall appliances have reached end-of-life status but remain commonly deployed in smaller organizations and in some enterprise networks. The ASA 5500-X Next-Generation Firewalls represent significantly more bang for the buck and have supplanted Cisco's ASA 5500 and PIX 500 families of firewalls for new deployments. However, Cisco's legacy firewall appliances, if carefully managed, continue to deliver a high level of protection by supplying multiple services including firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's purchase of Sourcefire, the entire line of Cisco ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort product, which is the world's most popular intrusion protection system. Firepower services bring enhanced capabilities including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco CCIE-certified infrastructure engineers can help you to maintain and troubleshoot older ASA 5500 Series and PIX firewall appliances and can also help you to plan and implement an efficient migration to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also help you to design, integrate, tune, manage and debug new firewall solutions built on Cisco's current ASA 5500-X models with Firepower. Progent's firewall consultants can also assist your organization to upgrade from your Cisco ASA 5500-X Series deployment to Cisco's Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive family of ASA 5500-X security appliances features an improved replacement for each rack-mountable model in the previous ASA 5500 line of devices. Each ASA 5500-X firewall targets the same environment as the associated previous models, which offers most plenty of room for picking a solution that aligns with their security needs and budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore processors and support Cisco's powerful security services. All devices in Cisco's ASA 5500-X product line deliver dependable security across any mix of physical, virtual, and cloud deployments.
For additional details about ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for Cisco ASA 5500-X firewalls, visit Cisco Firepower configuration and debugging expertise
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with software or physical modules that support Cisco's Firepower Services, which provide layered defense against multi-vector threats. Cisco's Firepower Services are based on innovative technology adopted by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA 5500-X security appliances include:
- Multi-layer defense against familiar and zero-day attacks
- Cisco's Advanced Malware Protection that uses big data to find and mitigate intrusions
- Cisco's Next-Generation Intrusion Prevention System that performs contextual analysis that covers users, infrastructure, apps, and content to discover threats that use multiple approaches
- Fine-grained Application Visibility and Control that is aware of thousands of apps and can automatically launch both standard and customized IPS policies based on the severity of threats
Firepower Services for Cisco ASA 5500-X firewalls provide multi-layered threat protection
Simpler implementations of ASA 5500-X firewalls can be efficiently managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool which is provided with all ASA 5500-X models. ASDM includes a convenient web dashboard for deploying, managing, and debugging ASA 5500-X firewalls and service modules.
For multi-device and multi-site environments, ASA 5500-X firewalls with Firepower can be administered with Cisco's Firepower Management Center, implemented as one or several physical or virtual appliances. Firepower Management Center offers unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection. Because of ongoing rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under various names including Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Cisco Firepower Management Center unifies event and policy management for Cisco Firepower firewalls
Firepower Management Center offers capabilities unavailable with Cisco's on-box ASDM tool. Extra features include greater context awareness, Advanced Malware Protection with mitigation for client devices, a console that offers real-time network visualization, automated policy tuning driven by risk evaluation of attacks, advanced IPS, custom app discovery for Application Visibility and Control, customized health alerts, improved reporting features, and APIs for host input and databases. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be handled via the on-device ASDM or the ASA CLI.
Cisco ASA 5500 Family of Adaptive Security Appliances
Cisco ASA Firewalls build on engineering behind the PIX 500 Series Security Appliance, the Cisco IPS 4200 family sensor, and the Cisco VPN 3000 Series concentrator. These technologies enable the Cisco Adaptive Security Appliances (ASA) Firewall product line to deliver a firewall that defends against the widest variety of threats. Cisco Adaptive Security Appliances Firewalls deliver program protection, network containment, and safe VPN functionality across the entire product portfolio. This breadth of protection enables defense of any network section, which includes the most common threat conduits such as remote locations, LAN-connected internal users, and remote connected Virtual Private Networks.
The expandable architecture of the Cisco ASA 5500 Series permits you to add features by installing security service modules (SSMs) and security service cards (SSCs). These user-installable options give you the option of adding IPS and content protection services like blocking virus, spyware, and phishing attacks and executing data and web screening. Beside allowing your IT staff to react quickly to new threat vectors, the expandable design of the ASA 5500 Series also leverages your hardware investment by prolonging the useful life of your security appliances. The ASA 5500 family also leverages your investment in administrative staff education by utilizing the rich library of PIX security management utilities and protocols such as the Cisco ASDM system, protected command-line interface (CLI) access, verbose syslog, and SNMP.
Cisco ASA 5500 Series firewalls provide a high-level of application protection via smart, application-aware inspection engines that analyze traffic at Layers 4-7. The result is a more secure environment covering Web, voice, and 3G-mobile wireless services. To defend against application-layer assaults and to offer stronger control over the programs and protocols used in their environments, Cisco's inspection engines integrate extensive application and protocol knowledgebases and rely on security enforcement solutions such as protocol anomaly detection and application and protocol state monitoring. Also included are assault detection and mitigation technology including application/protocol command filtering and content verification. Cisco Adaptive Security Appliances firewall inspection engines also deliver control over IM and peer-to-peer file sharing, enabling organizations to police usage policies and recover bandwidth for important business applications.
For more details about Progent's support services for Cisco's ASA 5500 security appliances, see ASA 5500 series firewalls integration and debugging services.
Cisco PIX Firewall Appliances
Based around a hardened, specialized software platform that delivers rich protection features, PIX firewall appliances offer a high level of protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security certification. PIX security appliances provide security for a wide range of VoIP and additional multimedia conventions including H.323 v. 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, helping businesses to protect installations of a broad array of current and next-generation VoIP and multimedia applications.
PIX security appliances feature a variety of setup, tracking, and analysis options, giving businesses the versatility to utilize the techniques that best match their needs. Administrative solutions include common, policy-based administration utilities, integrated web-accessible management, and support for remote-tracking standards such as SNMP and syslog. The integrated Adaptive Security Device Manager system provides a powerful Web-accessible control platform that greatly simplifies the deployment, in-place configuration, and monitoring of a specific PIX firewall appliance without requiring any extra utility beyond an ordinary Web browser and Java plug-in to be running on a manager's PC.
Administrators can furthermore remotely set up, monitor, and analyze PIX security appliances using a command-line interface. Safe command-line interface communication is possible through a number of techniques such as Secure Shell Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. Cisco PIX firewalls also include dependable automatic-update features, a set of advanced secure remote-management options that make sure that security settings and software images are kept current.
For additional information about Progent's consulting services for Cisco PIX 500 firewalls, visit PIX firewalls integration and troubleshooting support.
Progent's Migration Support Services for Cisco Firewalls
Since Cisco has discontinued selling the PIX 500 and ASA 5500 product lines, many businesses are concerned about depending on a key infrastructure mechanism that may stop being supported. ASA 5500-X and Firepower NGFW Series firewalls have the benefit of being current products and also bring a number of functions and economic benefits in comparison to PIX 500 firewalls. These benefits include substantially better performance, optional SSL VPN capability, and an expandable design that protects your investment by enabling you to add new security features whenever you require them. Progent's Cisco certified network engineers can assist you to determine the strategic value of for migrating from PIX 500 or Cisco ASA 5500 firewalls, design a migration process that permits a quick and non-disruptive upgrade, help your IT staff to configure new ASA 5500-x or Firepower Series appliances, and offer remote training, consulting, and technical support services.
Other Ways Progent Can Help You with Cisco ASA and PIX Firewalls
Cisco's Firepower Series, ASA 5500 Series, and PIX firewalls incorporate a wealth of configuration, monitoring, and analysis options which give you the flexibility to deploy these firewalls to match your company's requirements. Progent's CCIE authorized network experts can assist you to design an efficient network infrastructure that includes Cisco security appliances and that offers world-class security, fault tolerance, throughput, and manageability. Progent's GISA and CISSP-ISSP-premier information security consultants can assist you to develop a security policy appropriate for your situation and can set up your PIX or ASA firewall to support your security policies. Progent's risk assessment experts can assess the effectiveness of your current firewall solution and audit the overall security of your whole information system environment. Progent’s Technical Response Center (TRC) can provide urgent remote troubleshooting for Cisco products and offer quick access to a Cisco expert.
To see more details about Progent's consulting assistance for Cisco networking products, choose a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to get in touch with Progent about professional help for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.