Cisco is a perennial front-runner in developing cutting-edge firewalls for the broadest possible variety of environments. Cisco's Firepower Next Generation Firewalls provide an advanced firewall solution that marshals sophisticated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to block, discover, and mitigate cyber attacks automatically. Progent's Cisco-certified CCIE-certified firewall consultants can assist you to design and carry out a smooth upgrade to Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and help you integrate Firepower firewalls with Cisco's cloud-based services to create and centrally manage network environments that include branch offices, data centers, private clouds and public clouds. Progent's firewall consultants can also help you to maintain and debug legacy Cisco security appliances. Progent's certified cybersecurity experts can assist you with policy creation based on industry best practices so you can build a consistent and effective security posture that applies to all your networked devices anywhere.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a major performance boost compared to Cisco's popular ASA 5500-X firewalls and include unified control of modern cybersecurity capabilities like application visibility and control, next-generation intrusion protection with risk prioritization, advanced malware protection (AMP), DDoS mitigation, and sandboxing. For details about Cisco's Firepower line of NGFWs Firewalls, see Cisco Firepower firewalls consulting experts.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco's ASA 5500-X, ASA 5500, and PIX 500 firewall appliances offer integrated firewall, IPsec VPN, and IPS services in compact single-box packages, delivering a broad array of features to meet the security needs of organizations from small and mid-size businesses to enterprises and ISPs. Cisco's ASA 5500-X Series, ASA 5500, and PIX firewall appliances allow IT security staffs to protect their network perimeter and offer secure remote access while utilizing advanced management mechanisms based on Cisco's industry-leading firewall technology.
Cisco's ASA 5500 Series and PIX 500 firewalls have reached end-of-life but remain widely deployed in small and mid-size organizations as well as in some enterprise networks. Cisco's ASA 5500-X Series Next-Generation Firewalls deliver significantly more value and have superseded the ASA 5500 and PIX 500 lines of firewalls for new installations. However, Cisco's legacy firewall appliances, if carefully maintained, continue to deliver a high level of security by providing multiple features including firewall, IPsec VPN, and IPS.
Since Cisco's purchase of Sourcefire, the entire line of Cisco ASA 5500-X devices can be provisioned to support Firepower Services, built on Sourcefire's Snort product, which is the market's most popular intrusion protection system (IPS). Firepower services bring powerful new features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-premier infrastructure consultants can help you to support and debug legacy ASA 5500 Series and PIX 500 firewalls and can also help you to design and implement a smooth upgrade to Cisco's ASA 5500-X Series firewalls with Firepower. Progent can also help you to plan, configure, optimize, manage and troubleshoot new firewall ecosystems built on Cisco's current ASA 5500-X models with Firepower. Progent can also help you to migrate from your Cisco ASA 5500-X solution to Cisco's latest Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X firewalls includes an improved replacement for each rack-mountable unit in the older ASA 5500 line of firewalls. Each ASA 5500-X firewall targets the identical market as the corresponding earlier models, which offers small and midsize businesses plenty of room for selecting a firewall that aligns with their security requirements and IT budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and are capable of running Cisco's advanced protection services. All devices in Cisco's ASA 5500-X family provide dependable protection across any combination of physical, virtual, and cloud deployments.
For more details about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA firewalls, go to Cisco Firepower integration and debugging expertise
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with either software or physical modules that enable Firepower Services, which provide layered defense against sophisticated threats. Cisco's Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA firewalls include:
- Multi-layer defense against both familiar and new attacks
- Cisco's Advanced Malware Protection (AMP) that uses big data to discover and mitigate security breaches
- Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that looks at clients, infrastructure, software applications, and content to discover threats that use multiple approaches
- High-resolution Application Visibility and Control that is aware of thousands of applications and can automatically activate standard and customized IPS policies depending on the degree of risk
Firepower Services for Cisco ASA firewalls provide advanced multi-layered protection
Simpler deployments of ASA firewalls can be effectively administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all ASA 5500-X versions. ASDM includes a simple web dashboard for deploying, managing, and debugging ASA 5500-X appliances and service modules.
For more complex deployments, ASA 5500-X appliances with Firepower Services can be managed using Cisco's Firepower Management Center, available as one or more physical or virtual devices. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection. Because of ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names that include Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Firepower Management Center centralizes event and policy management for Cisco Firepower firewall appliances
Firepower Management Center offers capabilities beyond those available with Cisco's on-device ASDM utility. Additional features include greater context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for client devices, a dashboard that offers real-time infrastructure visualization, automated policy tuning based on risk evaluation of attacks, advanced IPS, custom application discovery for Application Visibility and Control, customized health notifications, improved reporting options, and APIs for host input and database access. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be managed via Cisco's ASA 5500-X on-box ASDM or the ASA CLI.
Cisco ASA 5500 Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on technology developed for Cisco's PIX 500 firewall, the IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 family concentrator. These technologies enable the Cisco Adaptive Security Appliances Firewall product line to deliver a firewall that stops the widest range of threats. Cisco ASA 5500 Series Firewalls provide program security, network containment and control, and clean VPN functionality across the entire product line. This breadth of protection enables defense of any network area, including the most typical attack vectors like remote sites, LAN-connected inside users, and off-site connected VPNs.
The expandable architecture of the Cisco ASA 5500 Series allows you to add features by installing security service modules (SSMs) and cards. These easy-to-install options provide the option of adding Intrusion Protection and content protection functions such as filtering virus, spyware, and phishing assaults and executing file and URL filtering. Beside allowing you to react rapidly to the latest threat vectors, the expandable design of the Cisco ASA 5500 family also leverages your hardware investment by increasing the life of your firewalls. The Cisco ASA 5500 Series also protects your investment in IT staff training by supporting the rich library of PIX management tools and protocols including the Cisco ASDM platform, secure command-line interface (CLI) availability, verbose syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide a high-level of application security through smart, application-aware inspection processes that examine traffic at Layers 4-7. The result is a better protected environment including Web, voice, and 3G-mobile wireless access. To defend against application-layer attacks and to offer better control over the programs and protocols used in their environments, these inspection engines integrate extensive application and protocol knowledgebases and rely on protection enforcement technologies such as anomaly sensing and application and protocol state monitoring. Also included are assault detection and mitigation techniques including application/protocol command filtering and content verification. Cisco ASA 5500 Series firewall inspection engines also provide control over instant messaging and tunneling applications, enabling organizations to police usage policies and conserve bandwidth for vital business processes.
For additional details about Progent's support services for Cisco's ASA 5500 security appliances, visit ASA 5500 series firewalls integration and troubleshooting support.
Cisco PIX Security Appliance Series
Based upon a hardened, specialized OS that offers a wealth of security features, PIX security appliances offer excellent security and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IPsec qualification. Cisco PIX security appliances provide security for a wide array of Voice over IP and additional multimedia conventions including H.323 Version 4, SIP, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping organizations to safeguard deployments of a broad array of contemporary and next-generation VoIP and multimedia applications.
PIX firewall appliances offer a variety of configuration, monitoring, and analysis options, giving businesses the versatility to use the methods that most closely meet their needs. Management solutions include centralized, policy-based management tools, integrated web-based management, and compatibility with remote-tracking standards like SNMP and syslog. The integrated ASDM system provides a powerful Web-based management solution that significantly simplifies the deployment, in-place configuration, and tracking of a specific Cisco PIX firewall appliance without the need of any extra utility beyond an ordinary browser and Java plug-in to be running on a manager's PC.
IT managers can also remotely set up, track, and analyze Cisco PIX firewalls via a CLI interface. Secure command-line interface (CLI) access is possible through a number of techniques such as SSHv2 Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. PIX firewall appliances also have robust automatic-update features, a set of advanced protected remote-administration services that make sure that security settings and software images are kept up to date.
For more details about Progent's support services for PIX 500 firewalls, visit PIX 500 firewalls integration and debugging services.
Progent's Migration Consulting for Cisco Firewalls
Because Cisco has discontinued offering the PIX 500 and ASA 5500 product lines, many companies are uncomfortable with relying on a critical infrastructure component that might stop being supported. ASA 5500-X and Firepower NGFW Series firewalls have the advantage of being current devices and also offer a number of functions and economic benefits in comparison to PIX 500 devices. These advantages include substantially higher throughput, optional Secure Sockets Layer VPN support, and an expandable architecture that protects your investment by allowing you to self-install more security features whenever you require them. Progent's Cisco network engineers can assist you to determine the strategic case for upgrading from PIX 500 or ASA 5500 firewalls, create a migration process that allows for a quick and seamless changeover, assist your IT staff to configure new ASA 5500-x Series or Firepower Series firewalls, and offer online, consulting, and troubleshooting services.
Additional Ways Progent Can Help Your Business with Cisco ASA and PIX Security Appliances
Cisco's Firepower NGFW Series, ASA 5500 Series, and PIX family security appliances provide a wealth of setup, tracking, and analysis features which offer you the ability to configure these security appliances to align optimally with your company's needs. Progent's CCIE certified network consultants can show you how to configure and support a cost-effective network infrastructure that includes Cisco firewalls and that provides advanced security, fault tolerance, performance, and manageability. Progent's CISA and CISSP-ISSP-premier information security consultants can help you to create a security strategy that makes sense for your business and can configure your PIX or ASA firewall to support your security strategy. Progent's security evaluation professionals can evaluate the strength of your existing firewall deployment and validate the security of your whole IT environment. Progent's Help Desk support team can deliver emergency remote technical support for Cisco technology and offer quick access to a Cisco CCIE expert.
To find out more details concerning Progent's professional assistance for Cisco solutions, choose a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to contact Progent about professional assistance for Cisco networking, call 1-800-993-9400 or go to Contact Progent.