Cisco is a perennial leader in delivering cutting-edge firewalls for the broadest possible range of environments. Cisco's Firepower Next Generation Firewalls provide a modern firewall solution that marshals sophisticated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to anticipate, discover, and mitigate threats without manual intervention. Progent's Cisco-certified CCIE-certified firewall consultants can assist your organization to design and execute an efficient migration to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and show you how to integrate Firepower firewalls with Cisco's cloud-based services to build and centrally manage network ecosystems that include branch offices, data centers, and cloud resources. Progent's firewall consultants can also assist you to manage and debug legacy Cisco firewalls. Progent's certified network security experts can assist you with policy creation and tuning driven by industry best practices so you can establish a consistent security profile that applies to all your networked endpoints anywhere.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a significant performance improvement compared to Cisco's previous-generation ASA 5500-X security appliances and offer unified management and automation of modern security features such as application visibility and control, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection (AMP), URL filtering, and multi-node sandboxing. For details about Cisco's Firepower family of Next Generation Firewalls, see Firepower firewalls integration experts.
Cisco's ASA 5500-X Series and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500, and PIX firewalls provide combined firewall, IPsec VPN, and intrusion prevention system (IPS) capabilities in single-box packages, delivering a wide range of features to meet the security and compliance requirements of companies from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X, ASA 5500, and PIX 500 firewall appliances enable network security teams to defend their network perimeter and provide safe remote access while utilizing advanced management mechanisms built on Cisco's world-class firewall products.
Ciscoís ASA 5500 Series and PIX 500 firewalls have arrived at end-of-life status but remain commonly used in small and mid-size organizations and in a few enterprise data centers. Ciscoís ASA 5500-X Series Next-Generation Firewalls deliver substantially more bang for the buck and have superseded the ASA 5500 and PIX 500 lines of firewalls for new installations. However, Cisco's older model firewall appliances, if carefully maintained, continue to deliver a high level of protection by supplying multiple security functions such as firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's acquisition of Sourcefire, the whole family of Cisco ASA 5500-X firewalls can be configured to enable Firepower Services, based on Sourcefire's Snort product, which is the world's most deployed network intrusion protection system (IPS). Firepower services provide powerful new capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco-certified network engineers can help you to maintain and troubleshoot legacy ASA 5500 Series and PIX 500 firewalls and can also help you to plan and implement an efficient migration to Ciscoís ASA 5500-X firewalls with Firepower. Progent can also assist you to design, deploy, tune, manage and debug new firewall solutions built on Cisco's latest ASA 5500-X firewalls with Firepower Services. Progent's firewall consultants can also assist your organization to migrate from your Cisco ASA 5500-X Series solution to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive line of ASA 5500-X firewalls includes an improved replacement for every rack-mountable unit in the older ASA 5500 generation of firewalls. Each ASA 5500-X firewall targets the same market as the corresponding earlier models, which offers small and midsize businesses ample room for picking a firewall that aligns with their security needs and IT budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and support Cisco's advanced security services. All devices in Cisco's ASA 5500-X product line provide consistent protection across any mix of physical, virtual, and cloud environments.
For more details about ASA 5500-X security appliances, Firepower services, and Progent's support for ASA security appliances, visit Cisco Firepower configuration and debugging expertise
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances accept either software or physical modules that support Cisco's Firepower Services, which provide layered protection against sophisticated threats. Cisco's Firepower Services are powered by technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA security appliances include:
- Layered defense against both familiar and new attacks
- Advanced Malware Protection that uses big data techniques to discover and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System that performs contextual analysis that looks at users, infrastructure, software applications, and content to detect attacks that incorporate simultaneous approaches
- High-resolution Application Visibility and Control that is aware of thousands of apps and can automatically activate both standard and custom IPS policies depending on the degree of threats
Firepower Services for Cisco ASA firewalls provide multi-layered protection
Simpler implementations of Cisco ASA firewalls can be effectively managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool provided with all ASA 5500-X models. ASDM provides a simple web console for configuring, administering, and debugging ASA 5500-X firewalls and service modules.
For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower Services can be administered using Cisco's Firepower Management Center, implemented as one or several physical units or virtual appliances. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Due to frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been delivered under various names including Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Firepower Management Center centralizes event and policy management for Firepower firewalls
Cisco's Firepower Management Center offers features beyond those available with Cisco's on-box ASDM utility. Additional features include greater context awareness, Cisco's Advanced Malware Protection with remediation for user devices, a console that offers dynamic infrastructure visualization, automated policy tuning driven by risk evaluation of attacks, advanced IPS, custom app discovery for Application Visibility and Control (AVC), customized health notifications, improved reporting options, and APIs for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be handled using the on-device ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances Firewalls build on technology developed for the PIX 500 Series Security Appliance, the IPS 4200 Series Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These technologies enable the Cisco ASA 5500 Series Firewall family to deliver a platform that defends against the broadest range of attacks. Cisco Adaptive Security Appliances Firewalls provide application protection, local containment and control, and safe Virtual Private Network connectivity throughout the entire product portfolio. This broad scope of protection allows defense of any network segment, including the most common threat conduits such as remote locations, locally-connected inside users, and remote access Virtual Private Networks.
The scalable architecture of the ASA 5500 Series permits you to add more security services by installing security service modules and security service cards. These easy-to-install enhancements give you the ability to add Intrusion Protection and content protection services like filtering virus, worms, and phishing assaults and executing data and URL filtering. In addition to allowing you to react rapidly to new threat environments, the expandable architecture of the Cisco ASA 5500 family also leverages your hardware investment by increasing the life of your security appliances. The ASA 5500 Series also protects your investment in IT team training by supporting the rich set of PIX 500 management utilities and protocols such as the Cisco ASDM platform, secure command-line interface (CLI) access, verbose syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver a high-level of application security via smart, application-aware inspection processes that analyze network flows at Layers 4-7. This produces a better protected network covering Web, voice, and 3G-mobile wireless services. To protect networks against application-layer attacks and to offer better policing of the programs and protocols utilized in their networks, these inspection engines incorporate extensive application and protocol knowledgebases and employ security enforcement solutions such as protocol anomaly sensing and state monitoring. Also incorporated are attack sensing and remediation technology including application and protocol command filters and content verification. Cisco Adaptive Security Appliances firewall inspection engines also deliver control over IM and peer-to-peer file sharing, allowing organizations to enforce usage policies and recover bandwidth for vital business processes.
For additional details about Progent's consulting services for ASA 5500 firewalls, visit Cisco ASA 5500 series firewalls integration and troubleshooting support.
Cisco PIX Firewall Appliances
Built around a hardened, purpose-built OS that delivers rich protection features, PIX security appliances offer a high level of protection and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security qualification. PIX security appliances provide protection for a broad range of Voice over IP and additional multimedia conventions including H.323 v. 4, SIP, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and MGCP, enabling businesses to protect installations of a wide array of current and upcoming Voice over IP and video applications.
PIX security appliances offer a wealth of setup, tracking, and troubleshooting options, giving IT managers the flexibility to utilize the techniques that best meet their requirements. Administrative options include common, policy-based administration utilities, integrated web-accessible management, and compatibility with remote-tracking protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a world-class Web-based management platform that significantly streamlines the deployment, in-place configuration, and tracking of a single Cisco PIX security appliance without requiring any additional utility beyond a standard browser and Java plug-in to be running on an administrator's PC.
IT managers can also remotely set up, track, and troubleshoot PIX security appliances via a command-line interface (CLI). Safe command-line interface communication is available using several techniques including Secure Shell (SSHv2) Protocol, Telnet over IPsec, and out-of-band through a console port. PIX security appliances also have dependable automatic-update features, a set of advanced secure remote-management options that ensure security configurations and software images are always current.
For more information about Progent's consulting services for PIX security appliances, visit Cisco PIX firewalls configuration and troubleshooting consulting.
Progent's Migration Support Services for Cisco Firewalls
Because Cisco has discontinued offering the PIX 500 and ASA 5500 product lines, many businesses are uncomfortable with relying on a key infrastructure mechanism that might no longer be supported. Cisco ASA 5500-X and Firepower Series firewalls offer the benefit of being current products and also bring several technical and financial benefits in comparison to PIX firewalls. These advantages include substantially better performance, optional SSL tunneling support, and an expandable design that protects your investment by enabling you to add more security features whenever you need them. Progent's Cisco network engineers can help your company to determine the strategic value of for moving from PIX 500 or Cisco ASA 5500 firewalls, design a migration plan that permits a fast and seamless upgrade, help you to install new ASA 5500-x or Firepower Series firewalls, and offer remote training, consulting, and technical support services.
Additional Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco's Firepower Series, ASA 5500 Series, and PIX family firewalls provide an array of configuration, monitoring, and analysis features that offer you the ability to deploy these firewalls to align optimally with your business requirements. Progent's CCIE authorized network consultants can show you how to configure and support an efficient network infrastructure that incorporates Cisco firewalls and that offers advanced security, fault tolerance, performance, and recoverability. Progent's CISA and CISM-premier IS security consultants can help your business to create a security policy appropriate for your environment and can configure your PIX or ASA firewall to enforce your security policies. Progent's risk assessment experts can evaluate the effectiveness of your current firewall deployment and validate the overall security of your whole information system network. Progentís Technical Response Center can provide urgent online troubleshooting for Cisco technology and offer quick access to a Cisco network engineer.
For additional details concerning Progent's consulting help for Cisco products, select a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To contact Progent about technical expertise for Cisco networking, call 1-800-993-9400 or visit Contact Progent.