Cisco is a long-time front-runner in developing cutting-edge firewall appliances for the widest possible variety of deployments. Cisco's Firepower Next Generation Firewalls (NGFWs) provide an advanced firewall solution that combines sophisticated hardware, cloud-based services, and machine learning to anticipate, discover, and mitigate cyber attacks automatically. Progent's Cisco-certified CCIE-certified firewall experts can help you to plan and execute an efficient upgrade to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and show you how to integrate Firepower appliances with Cisco's cloud-based services to build and centrally control network ecosystems that include local offices, data centers, and cloud resources. Progent's firewall consultants can also help you to maintain and debug legacy Cisco firewalls. Progent's certified network security consultants can assist you with policy creation based on leading best practices in order to establish a consistent cybersecurity posture that applies to all your endpoints anywhere.
Cisco's Firepower NGFW Firewalls
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a major performance improvement compared to Cisco's popular ASA 5500-X security appliances and offer centralized control of modern security capabilities like application visibility, next-generation intrusion protection with risk prioritization, advanced malware protection, URL filtering, and multi-node sandboxing. For more information about Cisco's Firepower family of NGFWs Firewalls, visit Firepower Series firewalls consulting experts.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500, and PIX firewall appliances provide combined firewall, IPsec VPN, and intrusion prevention system (IPS) services in compact single-box packages, delivering a wide range of features to match the security needs of organizations ranging from small and mid-size businesses to enterprises and ISPs. Ciscoís ASA 5500-X, ASA 5500, and PIX firewall appliances enable IT security teams to protect their network perimeter and offer secure offsite and mobile access while utilizing powerful management tools based on Cisco's world-class firewall technology.
Ciscoís ASA 5500 and PIX 500 firewall appliances have arrived at end-of-life (EOL) status but are still widely used in small and mid-size organizations as well as in a few larger data centers. The ASA 5500-X Series Next-Generation Firewalls represent significantly more value and have supplanted the ASA 5500 and PIX families of firewalls for new installations. Still, Cisco's legacy firewalls, if carefully maintained, continue to offer a high level of security by supplying multiple services such as stateful firewall, IPsec VPN, and IPS.
After Cisco's purchase of Sourcefire, the entire line of ASA 5500-X firewalls can be provisioned to support Firepower Services, built on Sourcefire's Snort product, which is the market's most deployed network intrusion protection system (IPS). Firepower services bring powerful new capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-certified network engineers can assist you to maintain and troubleshoot legacy ASA 5500 Series and PIX firewall appliances and can also assist you to design and implement a smooth upgrade to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to design, integrate, optimize, manage and troubleshoot new firewall solutions built on Cisco's current ASA 5500-X firewalls with Firepower Services. Progent can also assist your organization to migrate from your Cisco ASA 5500-X deployment to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X firewalls includes an enhanced substitute for every rack-mountable model in the previous ASA 5500 line of devices. Each ASA 5500-X firewall targets the identical environment as the corresponding earlier models, which offers most plenty of choice for selecting a firewall that meets their security requirements and budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and are capable of running Cisco's powerful security services. All devices in Cisco's ASA 5500-X family deliver dependable protection across any combination of physical, virtual, and cloud environments.
For additional information about ASA 5500-X firewalls, Cisco Firepower services, and Progent's support for ASA 5500-X security appliances, go to Firepower configuration and debugging consulting
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances accept software or physical modules that enable Firepower Services, which provide layered protection against advanced threats. Firepower Services are powered by technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X firewalls include:
- Multi-layer protection against both familiar and zero-day threats
- Cisco's Advanced Malware Protection (AMP) that utilizes big data techniques to discover and mitigate security breaches
- A Next-Generation Intrusion Prevention System that performs contextual analysis that covers clients, network infrastructure, software applications, and content to detect attacks that use simultaneous vectors
- High-resolution Application Visibility and Control (AVC that is aware of thousands of applications and can automatically activate standard and custom IPS policies depending on the degree of threats
Firepower Services for Cisco ASA firewalls offer multi-layered protection
Smaller deployments of Cisco ASA firewalls can be efficiently administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility provided with all ASA 5500-X versions. ASDM provides a convenient web dashboard for deploying, managing, and debugging ASA 5500-X appliances and modules.
For more complex deployments, ASA 5500-X appliances with Firepower Services can be administered using Firepower Management Center, available as one or more physical units or virtual devices. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under various names that include Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center unifies event and policy control for Firepower firewalls
Cisco's Firepower Management Center provides features beyond those available with Cisco's on-box Adaptive Security Device Manager utility. Extra features include expanded context awareness, Cisco's Advanced Malware Protection with remediation for user devices, a console that provides real-time network infrastructure visualization, automated policy optimization based on risk assessment of threats, advanced IPS, custom app detectors for Application Visibility and Control, customized health notifications, improved reporting options, and APIs for host input and databases. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be handled using either the on-device ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on technology developed for the PIX 500 Series Security Appliance, Cisco's IPS 4200 sensor, and the Cisco VPN 3000 Series concentrator. These technologies converge on the Cisco Adaptive Security Appliances Firewall product line to offer a platform that defends against the broadest range of threats. Cisco ASA Firewalls provide program security, network containment, and safe Virtual Private Network functionality across the entire product line. This breadth of security enables the guarding of any network area, which includes the most common threat vectors such as remote sites, LAN-connected internal users, and remote access Virtual Private Networks.
The scalable design of the Cisco ASA 5500 Series permits you to add more features via security service modules (SSMs) and security service cards (SSCs). These user-installable options provide the option of adding IPS and content protection functions such as blocking virus, spyware, and phishing attacks and executing file and URL filtering. In addition to enabling you to respond rapidly to new threat environments, the extensible architecture of the Cisco ASA 5500 Series also leverages your capital investment by prolonging the life of your security appliances. The ASA 5500 family also protects your investment in administrative team training by supporting the familiar library of PIX management utilities and protocols such as the Cisco Adaptive Security Device Manager system, protected command-line interface (CLI) availability, syslog, and SNMP.
Cisco ASA firewalls provide robust application security via intelligent, application-sensitive inspection engines that examine network flows at Layers 4-7. This results in a safer environment including Web, voice, and 3G-mobile wireless connectivity. To defend against application-layer attacks and to offer better policing of the programs and protocols used in their environments, these inspection engines integrate extensive application and protocol knowledgebases and employ security enforcement technologies such as anomaly sensing and application and protocol state monitoring. Also incorporated are assault detection and remediation techniques such as application and protocol command filtering and URL deobfuscation. Cisco ASA firewall inspection engines also deliver management of IM and tunneling applications, allowing organizations to police usage policies and recover bandwidth for critical business applications.
For additional details about Progent's consulting services for ASA 5500 firewalls, see Cisco ASA 5500 firewalls configuration and troubleshooting consulting.
Cisco PIX Security Appliance Series
Built around a tested, specialized OS that delivers a wealth of security features, PIX firewall appliances provide excellent security and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IPsec certification. PIX security appliances offer protection for a wide range of Voice over IP and additional multimedia conventions such as H.323 Version 4, SIP, SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol, enabling organizations to safeguard deployments of a wide range of current and upcoming VoIP and mixed-media applications.
Cisco PIX security appliances feature a wealth of configuration, monitoring, and troubleshooting features, giving IT managers the versatility to utilize the methods that best match their needs. Administrative solutions include common, policy-based management tools, integrated web-accessible management, and support for remote-tracking standards such as SNMP and syslog. The integrated ASDM interface offers a powerful Web-based management solution that significantly simplifies the installation, ongoing modification, and monitoring of a single Cisco PIX firewall appliance without requiring any extra utility other than an ordinary browser and Java plug-in to be running on a manager's computer.
IT managers can furthermore remotely configure, track, and analyze PIX firewalls via a command-line interface. Secure command-line interface access is available through several methods such as SSHv2 Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. Cisco PIX security appliances also have dependable auto-update features, a collection of revolutionary secure remote-administration options that make sure that firewall configurations and software images are kept up to date.
For additional details about Progent's support services for PIX 500 security appliances, visit Cisco PIX 500 firewalls integration and troubleshooting consulting.
Progent's Migration Support Services for Cisco Firewalls
Since Cisco has discontinued selling the PIX 500 and ASA 5500 families of firewalls, many companies are concerned about relying on a key infrastructure component that may no longer be supported. Cisco ASA 5500-X and Firepower Series firewalls have the advantage of being new products and also bring a number of functions and financial benefits in comparison to PIX devices. These benefits include substantially higher throughput, optional SSL tunneling support, and a modular architecture that protects your investment by allowing you to add new security services when and if you require them. Progent's Cisco experts can help you to determine the business case for upgrading from PIX or Cisco ASA 5500 security appliances, design a migration process that allows for a fast and non-disruptive upgrade, help you to install new ASA 5500-x Series or Firepower Series firewalls, and provide remote training, consulting, and technical support services.
Other Ways Progent Can Help You with Cisco ASA and PIX Security Appliances
Cisco Firepower NGFW Series, ASA Series, and PIX firewalls incorporate an array of configuration, monitoring, and troubleshooting features which give you the flexibility to deploy these security appliances to match your company's requirements. Progent's CCIE certified network experts can assist you to build a cost-effective infrastructure that includes Cisco firewall technology and that offers advanced security, resilience, throughput, and manageability. Progent's CISA and CISSP-ISSP-certified IS security professionals can help you to develop a security policy appropriate for your business and can configure your firewall to support your security strategy. Progent's security evaluation experts can assess the effectiveness of your existing firewall solution and audit the security of your entire IT environment. Progentís Help Desk Call Center can deliver urgent online technical support for Cisco products and offer quick access to a Cisco CCIE network engineer.
To find out additional details about Progent's engineering help for Cisco solutions, select a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to get in touch with Progent about technical support for Cisco technology, phone 1-800-993-9400 or go to Contact Progent.