Cisco is a perennial leader in delivering cutting-edge firewalls for the broadest possible variety of deployments. Cisco's Firepower Next Generation Firewalls provide a modern cybersecurity solution that marshals dedicated hardware, cloud services, and machine learning to anticipate, discover, and mitigate threats without manual intervention. Progent's Cisco-certified CCIE firewall experts can assist you to plan and carry out a smooth migration to Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and show you how to enhance Firepower firewalls with Cisco's security services to create and centrally manage IT ecosystems that include branch offices, data centers, and cloud resources. Progent's firewall consultants can also assist you to manage and troubleshoot older-generation Cisco firewalls. Progent's certified network security experts can help you with policy creation and tuning based on industry best practices in order to build a consistent cybersecurity posture across all your endpoints at any location.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower NGFWs Firewalls deliver a major performance boost compared to Cisco's popular ASA 5500-X firewalls and include unified management and automation of advanced cybersecurity features like application visibility and control (AVC), next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection, URL filtering, and multi-node sandboxing. For more information about Cisco's Firepower portfolio of Next Generation Firewalls (NGFWs), see Cisco Firepower firewalls consulting experts.
Cisco's ASA 5500-X Series and Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances offer combined firewall, VPN, and intrusion prevention system services in single-box devices, delivering a broad range of features to meet the security needs of companies from small and mid-size businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X, ASA 5500, and PIX 500 firewalls enable IT security teams to defend their network perimeter and provide secure remote access while using powerful management tools based on Cisco's world-class firewall products.
Ciscoís ASA 5500 and PIX firewalls have arrived at end-of-life (EOL) but are still commonly used in smaller organizations as well as in a few larger data centers. Ciscoís ASA 5500-X Next-Generation Firewalls deliver substantially more value and have supplanted Cisco's ASA 5500 and PIX 500 lines of firewalls for new installations. Still, Cisco's legacy firewalls, if properly maintained, continue to offer a high level of protection by supplying multiple services including stateful firewall, VPN tunneling, and IPS.
After Cisco's acquisition of Sourcefire, the whole line of ASA 5500-X devices can be configured to support Firepower Services, based on Sourcefire's Snort technology, which is the world's most popular intrusion protection system (IPS). Firepower services bring enhanced capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco-certified infrastructure consultants can assist your organization to maintain and debug legacy ASA 5500 Series and PIX firewalls and can also help you to plan and carry out a smooth upgrade to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also help you to design, integrate, tune, administer and debug new firewall solutions based on Cisco's latest ASA 5500-X models with Firepower Services. Progent's firewall consultants can also help your organization to upgrade from your Cisco ASA 5500-X solution to Cisco's Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive line of ASA 5500-X firewalls includes an enhanced substitute for each rack-mountable unit in the older ASA 5500 series of devices. Each ASA 5500-X firewall targets the same market as the associated earlier models, which offers small and midsize businesses ample room for selecting a solution that meets their security requirements and budgets. All ASA 5500-X firewalls are based on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and support Cisco's advanced security services. All devices in Cisco's ASA 5500-X product line deliver consistent security across any combination of physical, virtual, and cloud environments.
For more details about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's support for ASA firewalls, see Cisco Firepower integration and debugging consulting
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with either software or hardware modules that enable Firepower Services, which offer layered defense against advanced threats. Cisco's Firepower Services are based on technology adopted by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X firewalls include:
- Multi-layer defense against familiar and zero-day attacks
- Cisco's Advanced Malware Protection that uses big data techniques to find and remediate security breaches
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at clients, infrastructure, apps, and content to detect attacks that incorporate simultaneous vectors
- High-resolution Application Visibility and Control that is aware of thousands of applications and can automatically launch both standard and customized IPS policies based on the degree of risk
Firepower Services for ASA 5500-X firewalls provide advanced multi-layered protection
Smaller deployments of ASA 5500-X firewalls can be efficiently managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility included with all ASA 5500-X models. ASDM provides an easy-to-use web dashboard for configuring, managing, and debugging ASA 5500-X firewalls and modules.
For multi-device and multi-site environments, ASA 5500-X appliances with Firepower Services can be administered with Cisco's Firepower Management Center, implemented as one or more physical units or virtual appliances. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to ongoing rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under several names including Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Firepower Management Center centralizes event and policy control for Cisco Firepower firewalls
Firepower Management Center provides features beyond those available with Cisco's on-box Adaptive Security Device Manager tool. Extra capabilities include expanded context awareness, Cisco's Advanced Malware Protection with remediation for user devices, a console that offers dynamic infrastructure visualization, automated policy tuning based on impact evaluation of attacks, comprehensive IPS, custom application detectors for Application Visibility and Control (AVC), customized health alerts, enhanced reporting features, and APIs for host input and databases. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed using either the on-box ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on engineering behind the Cisco PIX 500 firewall, the Cisco IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These technologies enable the Cisco Adaptive Security Appliances Firewall family to offer a platform that defends against the widest range of attacks. Cisco ASA Firewalls deliver program security, local containment, and safe Virtual Private Network functionality across Cisco's product portfolio. This breadth of protection allows defense of any network section, which includes the most typical threat vectors like remote locations, locally-connected internal users, and remote access Virtual Private Networks.
The expandable design of the ASA 5500 Series enables you to add security services via security service modules and security service cards (SSCs). These easy-to-install options give you the option of adding Intrusion Protection and content protection services like blocking virus, worms, and phishing assaults and executing file and URL filtering. Beside allowing you to react quickly to new risk environments, the extensible architecture of the Cisco ASA 5500 Series also leverages your hardware investment by increasing the life of your security appliances. The ASA 5500 Series also leverages your investment in IT staff education by supporting the rich library of PIX security management tools and protocols including the Cisco ASDM platform, protected command-line interface (CLI) availability, verbose syslog, and SNMP.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver a high-level of application security through smart, application-sensitive inspection processes that analyze network flows at Layers 4-7. The result is a more secure environment including Web, voice, and 3G-mobile wireless services. To protect against application-layer assaults and to offer stronger control over the programs and protocols utilized in their networks, these inspection engines integrate broad application and protocol knowledgebases and rely on protection enforcement technologies that include anomaly detection and state tracking. Also incorporated are attack sensing and remediation techniques including application/protocol command filters and URL deobfuscation. Cisco ASA firewall inspection engines also deliver control over instant messaging and peer-to-peer file sharing, enabling organizations to enforce usage policies and recover bandwidth for vital business processes.
For more information about Progent's consulting services for Cisco's ASA 5500 firewalls, go to Cisco ASA 5500 firewalls integration and troubleshooting consulting.
Cisco PIX Firewalls
Built around a hardened, specialized operating system that delivers rich security services, Cisco PIX security appliances offer a high level of protection and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security qualification. PIX firewall appliances provide security for a broad range of VoIP and other mixed-media standards including H.323 Version 4, SIP, SCCP, RTSP, and Media Gateway Control Protocol (MGCP), enabling organizations to safeguard deployments of a broad array of current and upcoming Voice over IP and multimedia applications.
PIX firewall appliances feature a wealth of configuration, tracking, and troubleshooting options, giving IT managers the flexibility to utilize the methods that most closely meet their needs. Administrative options include centralized, policy-based management utilities, integrated web-accessible administration, and support for remote-tracking protocols such as SNMP and syslog. The integrated Adaptive Security Device Manager interface offers a world-class Web-based management platform that significantly streamlines the installation, in-place configuration, and monitoring of a single PIX security appliance without the need of any additional utility other than an ordinary browser and Java plug-in to be running on an administrator's computer.
IT managers can also remotely configure, monitor, and analyze Cisco PIX firewall appliances using a command-line interface (CLI). Safe CLI interface communication is available through several techniques such as Secure Shell Protocol, Telnet through IPsec, and out-of-band through a console port. Cisco PIX firewalls also have robust automatic-update capabilities, a collection of revolutionary protected remote-management services that make sure that security settings and software images are always up to date.
For additional details about Progent's support services for PIX security appliances, go to Cisco PIX firewalls integration and troubleshooting services.
Progent's Migration Consulting for Cisco Firewalls
Because Cisco has stopped selling the PIX 500 and ASA 5500 product lines, many companies are concerned about relying on a critical security component that may no longer be supported by Cisco. Cisco ASA 5500-X and Firepower Series security appliances offer the benefit of being new devices and also offer a number of functions and budgetary benefits in comparison to PIX devices. These benefits include significantly higher throughput, optional Secure Sockets Layer VPN support, and a modular architecture that protects your investment by allowing you to add more security features whenever you need them. Progent's CCIE-certified experts can help your company to assess the business case for migrating from PIX 500 or Cisco ASA 5500 firewalls, design a migration process that allows for a fast and non-disruptive upgrade, help your IT staff to deploy new ASA 5500-x or Firepower NGFW Series appliances, and offer remote training, consulting, and technical support services.
Other Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco's Firepower NGFW Series, ASA 5500 Series, and PIX security appliances incorporate an array of setup, monitoring, and analysis options that give you the flexibility to set up these firewalls to match your company's requirements. Progent's CCIE authorized network professionals can help you to design an efficient network infrastructure that incorporates Cisco firewall technology and that provides advanced security, fault tolerance, performance, and recoverability. Progent's CISA and CISSP-ISSP-premier information security experts can assist you to develop a security strategy appropriate for your business and can configure your PIX or ASA firewall to support your security policies. Progent's security assessment engineers can evaluate the effectiveness of your existing firewall solution and help determine the overall security of your whole information system environment. Progentís Technical Response Center can deliver emergency online technical support for Cisco technology and can give you quick access to a Cisco network engineer.
To learn more details about Progent's engineering assistance for Cisco solutions, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to ask Progent about professional help for Cisco products, phone 1-800-993-9400 or go to Contact Progent.