Cisco is a perennial leader in developing cutting-edge firewall appliances for the widest possible range of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) represent a modern firewall solution that combines sophisticated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to anticipate, identify, and mitigate threats automatically. Progent's Cisco-certified CCIE-certified firewall consultants can assist you to design and carry out a smooth migration to Firepower firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you integrate Firepower firewalls with Cisco's subscription-based security services to build and centrally manage network ecosystems that include local offices, data centers, private clouds and public clouds. Progent's firewall consultants can also assist you to manage and troubleshoot legacy Cisco security appliances. Progent's certified network security consultants can assist you with policy creation driven by industry best practices in order to establish a consistent and effective security profile that applies to all your devices at any location.
Cisco's Firepower NGFW Firewalls
Cisco's Firepower NGFWs Firewalls provide a significant performance improvement over Cisco's previous-generation ASA 5500-X security appliances and include centralized control of modern cybersecurity capabilities such as application visibility and control, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection (AMP), DDoS mitigation, and sandboxing. For details about Cisco's Firepower family of Next Generation Firewalls, see Cisco Firepower Series firewalls integration experts.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco's ASA 5500-X Series, ASA 5500 Series, and PIX firewalls provide combined firewall, IPsec VPN, and intrusion prevention system capabilities in compact single-box packages, delivering a broad range of features to match the security requirements of companies from small and mid-size businesses to enterprises and Internet service providers. Cisco's ASA 5500-X Series, ASA 5500, and PIX 500 firewall appliances allow IT security staffs to defend their network edge and offer secure remote connectivity while utilizing advanced administration mechanisms built on Cisco's industry-leading firewall technology.
Cisco's ASA 5500 Series and PIX 500 firewall appliances have reached end-of-life but are still widely used in small and mid-size businesses as well as in a few enterprise networks. The ASA 5500-X Next-Generation Firewalls deliver significantly more bang for the buck and have supplanted the ASA 5500 and PIX 500 families of firewalls for new deployments. Still, Cisco's older model firewalls, if carefully maintained, can deliver a high level of security by supplying a variety of security functions including stateful firewall, VPN, and IPS.
Following Cisco's acquisition of Sourcefire, the whole family of ASA 5500-X devices can be provisioned to support Firepower Services, built on Sourcefire's Snort product, which is the market's most popular intrusion protection system. Firepower services provide enhanced capabilities including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco-certified network consultants can assist you to maintain and debug legacy ASA 5500 and PIX 500 firewalls and can also help you to plan and implement an efficient upgrade to Cisco's ASA 5500-X Series firewalls with Firepower. Progent can also help you to design, configure, optimize, administer and debug new firewall ecosystems built on Cisco's latest ASA 5500-X firewalls with Firepower Services. Progent's firewall consultants can also assist your organization to migrate from your Cisco ASA 5500-X Series solution to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive line of ASA 5500-X security appliances features an improved substitute for every rack-mountable unit in the older ASA 5500 generation of devices. Each ASA 5500-X model targets the same environment as the corresponding previous models, which offers most ample choice for selecting a solution that meets their security requirements and IT budgets. All ASA 5500-X products build on Cisco's tested stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful protection services. All models in Cisco's ASA 5500-X family provide consistent security across any combination of physical, virtual, and cloud deployments.
For more information about ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for ASA 5500-X firewalls, visit Cisco Firepower configuration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls accept either software or hardware modules that enable Firepower Services, which offer layered defense against multi-vector attacks. Cisco's Firepower Services are based on technology adopted by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA firewalls include:
- Layered protection against familiar and zero-day attacks
- Cisco's Advanced Malware Protection that uses big data to find and remediate intrusions
- A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at clients, infrastructure, software applications, and content to detect attacks that use simultaneous approaches
- High-resolution Application Visibility and Control (AVC that is familiar with thousands of apps and can automatically launch both standard and customized IPS policies depending on the severity of threats
Firepower Services for Cisco ASA 5500-X firewalls offer multi-layered protection
Simpler deployments of Cisco ASA firewalls can be efficiently managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility included with all ASA 5500-X versions. ASDM includes an easy-to-use web dashboard for deploying, administering, and troubleshooting ASA 5500-X devices and service modules.
For multi-device and multi-site deployments, ASA 5500-X appliances with Firepower Services can be administered using Firepower Management Center, implemented as one or several physical units or virtual appliances. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Firepower Management Center centralizes event and policy control for Firepower firewalls
Cisco's Firepower Management Center offers features beyond those available with Cisco's on-device Adaptive Security Device Manager utility. Additional capabilities include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for client devices, a dashboard that provides dynamic network infrastructure visualization, automated policy tuning based on impact assessment of threats, advanced IPS, custom application detectors for Application Visibility and Control, customized health alerts, enhanced reporting features, and APIs for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be handled using Cisco's ASA 5500-X on-device ASDM or the ASA command line interface.
Cisco ASA 5500 Family of Adaptive Security Appliances
Cisco Adaptive Security Appliances Firewalls leverage technology developed for Cisco's PIX 500 firewall, Cisco's IPS 4200 Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These solutions enable the Cisco ASA 5500 Series Firewall family to deliver a firewall that stops the broadest variety of threats. Cisco Adaptive Security Appliances (ASA) Firewalls provide application protection, network containment, and safe Virtual Private Network functionality throughout the entire product portfolio. This broad scope of security enables the guarding of any network section, including the most common threat vectors like remote sites, locally-connected internal users, and remote access Virtual Private Networks.
The expandable architecture of the ASA 5500 Series allows you to add features via security service modules (SSMs) and security service cards (SSCs). These easy-to-install enhancements provide the ability to add IPS and content protection services such as blocking virus, worms, and phishing attacks and performing file and web screening. In addition to allowing your IT staff to react quickly to the latest threat environments, the extensible architecture of the Cisco ASA 5500 Series also leverages your hardware investment by prolonging the life of your security appliances. The ASA 5500 family also leverages your investment in administrative team education by utilizing the rich library of PIX 500 management utilities and protocols such as the Cisco Adaptive Security Device Manager system, protected command-line interface (CLI) access, syslog, and SNMP.
Cisco Adaptive Security Appliances 5500 Series firewalls provide a high-level of application security via intelligent, application-aware inspection processes that examine traffic at Layers 4-7. This results in a more secure environment covering Web, voice, and 3G-mobile wireless connectivity. To protect against application-layer assaults and to offer better policing of the applications and protocols utilized in their networks, Cisco's inspection engines incorporate extensive application and protocol knowledgebases and employ protection enforcement technologies such as protocol anomaly detection and state monitoring. Also included are assault sensing and remediation techniques including application/protocol command filtering and content verification. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide control over instant messaging and tunneling applications, enabling organizations to police usage policies and conserve bandwidth for crucial business applications.
For additional details about Progent's support services for ASA 5500 firewalls, visit ASA 5500 firewalls integration and troubleshooting services.
Cisco PIX Firewalls
Based around a hardened, specialized OS that delivers a wealth of protection features, Cisco PIX firewalls provide excellent protection and have received EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. PIX firewall appliances provide protection for a broad range of VoIP and additional mixed-media standards including H.323 Version 4, SIP, Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol, enabling organizations to safeguard deployments of a wide range of current and upcoming IP voice and video applications.
PIX firewalls feature a variety of setup, tracking, and analysis options, providing IT managers the versatility to utilize the techniques that best match their requirements. Management solutions include centralized, policy-based management utilities, integrated web-accessible administration, and compatibility with remote-monitoring protocols such as Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager interface provides a powerful Web-based control solution that greatly streamlines the installation, ongoing modification, and monitoring of a specific PIX firewall without the need of any extra software other than a standard Web browser and Java plug-in to be installed on a manager's PC.
IT managers can also remotely set up, monitor, and analyze Cisco PIX security appliances via a CLI interface. Secure CLI interface communication is available through several methods such as Secure Shell Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewall appliances also have dependable auto-update features, a set of revolutionary protected remote-administration services that make sure that firewall configurations and software images are kept current.
For additional details about Progent's consulting services for Cisco PIX firewalls, visit Cisco PIX 500 firewalls configuration and debugging consulting.
Progent's Migration Consulting for Cisco Firewalls
Since Cisco has stopped selling the PIX and ASA 5500 product lines, many businesses are uncomfortable with relying on a key security component that may no longer be supported by Cisco. ASA 5500-X and Firepower Series firewalls have the advantage of being current products and also bring a number of functions and budgetary advantages in comparison to PIX 500 firewalls. These benefits include substantially higher throughput, optional SSL VPN capability, and an expandable architecture that guards your investment by enabling you to add more security services when and if you require them. Progent's CCIE-certified network engineers can assist your company to assess the strategic case for moving from PIX or Cisco ASA 5500 security appliances, design a migration process that allows for a fast and non-disruptive upgrade, assist you to configure new ASA 5500-x Series or Firepower Series appliances, and offer remote training, consulting, and technical support services.
Other Ways Progent Can Assist You with Cisco ASA and PIX Security Appliances
Cisco Firepower NGFW Series, ASA 5500 Series, and PIX family firewalls incorporate a wealth of setup, monitoring, and troubleshooting options that give you the ability to configure these security appliances to match your company's requirements. Progent's CCIE certified network professionals can show you how to configure and support a cost-effective network infrastructure that incorporates Cisco security appliances and that provides world-class protection, fault tolerance, performance, and manageability. Progent's GISA and CISM-certified IS security engineers can help you to create a security policy that makes sense for your environment and can configure your firewall to enforce your security policies. Progent's security assessment engineers can assess the effectiveness of your current firewall deployment and validate the overall security of your whole information system network. Progent's Technical Response Center can provide emergency remote technical support for Cisco products and offer quick access to a Cisco expert.
To find out more details about Progent's consulting support for Cisco technology, choose a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to get in touch with Progent about consulting expertise for Cisco technology, phone 1-800-993-9400 or go to Contact Progent.