Cisco is a perennial front-runner in delivering state-of-the-art firewall appliances for the widest possible range of deployments. Cisco's Firepower Next Generation Firewalls represent an advanced cybersecurity solution that combines sophisticated hardware, cloud services, and machine learning to block, discover, and mitigate threats without manual intervention. Progent's Cisco-certified CCIE firewall consultants can help you to design and carry out an efficient upgrade to Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you enhance Firepower appliances with Cisco's security services to create and centrally control network ecosystems that span branch offices, data centers, private clouds and public clouds. Progent can also help you to maintain and troubleshoot older-generation Cisco firewalls. Progent's certified cybersecurity consultants can help you with policy creation and tuning based on industry best practices in order to establish a consistent and effective cybersecurity posture across all your endpoints anywhere.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls deliver a significant performance improvement over Cisco's popular ASA 5500-X security appliances and include centralized management of advanced security features like application visibility and control, next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection (AMP), URL filtering, and sandboxing. For more information about Cisco's Firepower line of Next Generation Firewalls (NGFWs), refer to Firepower Series firewalls integration expertise.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X Series, ASA 5500, and PIX firewall appliances provide combined firewall, VPN, and intrusion prevention system services in single-box packages, delivering a broad array of features to match the security requirements of companies ranging from small businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewalls allow IT security staffs to protect their network edge and provide secure remote access while utilizing powerful management tools based on Cisco's world-class firewall products.
Cisco’s ASA 5500 Series and PIX 500 firewall appliances have reached end-of-life status but are still commonly used in small and mid-size organizations as well as in a few enterprise networks. The ASA 5500-X Next-Generation Firewalls deliver significantly more bang for the buck and have superseded Cisco's ASA 5500 and PIX families of firewalls for new deployments. However, Cisco's older model firewalls, if properly maintained, continue to offer a high level of protection by providing a variety of security functions including stateful firewall, Virtual Private Network (VPN) connections, and IPS.
After Cisco's purchase of Sourcefire, the entire line of Cisco ASA 5500-X firewalls can be provisioned to enable Firepower Services, based on Sourcefire's Snort product, which is the market's most deployed network intrusion protection system. Firepower services provide enhanced features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco CCIE-certified infrastructure consultants can assist your organization to maintain and troubleshoot older ASA 5500 Series and PIX firewalls and can also assist you to plan and implement a smooth migration to Cisco’s ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to plan, configure, tune, manage and troubleshoot new firewall ecosystems built on Cisco's latest ASA 5500-X firewalls with Firepower Services. Progent's firewall consultants can also help your organization to migrate from your Cisco ASA 5500-X Series deployment to Cisco's latest Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X security appliances features an improved replacement for every rack-mountable unit in the previous ASA 5500 line of firewalls. Each ASA 5500-X firewall targets the same environment as the corresponding previous models, which offers most plenty of room for selecting a solution that aligns with their security requirements and budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and are capable of running Cisco's advanced security services. All devices in Cisco's ASA 5500-X family provide consistent protection across any mix of physical, virtual, and cloud deployments.
For additional details about ASA 5500-X security appliances, Cisco Firepower services, and Progent's support for Cisco ASA firewalls, visit Cisco Firepower integration and debugging expertise
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls work with either software or physical modules that enable Cisco's Firepower Services, which offer layered defense against sophisticated threats. Cisco's Firepower Services are based on innovative technology adopted by Cisco from Sourcefire. Major features of Firepower Services for ASA security appliances include:
- Layered protection against familiar and new threats
- Cisco's Advanced Malware Protection (AMP) that utilizes big data techniques to find and remediate security breaches
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at clients, network infrastructure, software applications, and content to detect threats that incorporate simultaneous approaches
- Fine-grained Application Visibility and Control (AVC that is aware of thousands of applications and can automatically launch both standard and customized IPS policies depending on the severity of threats
Firepower Services for ASA 5500-X firewalls offer advanced multi-layered protection
Smaller deployments of ASA firewalls can be efficiently administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all ASA 5500-X versions. ASDM includes an easy-to-use web console for configuring, administering, and troubleshooting ASA 5500-X appliances and service modules.
For multi-device and multi-site environments, ASA 5500-X appliances with Firepower Services can be managed with Firepower Management Center, available as one or several physical or virtual appliances. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection. Because of ongoing rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under several names that include Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center unifies event and policy management for Cisco Firepower firewall appliances
Cisco's Firepower Management Center provides capabilities unavailable with Cisco's on-device ASDM tool. Extra features include expanded context awareness, Advanced Malware Protection (AMP) with remediation for client devices, a dashboard that offers real-time infrastructure visualization, automated policy tuning based on impact assessment of attacks, advanced IPS, custom app discovery for Application Visibility and Control, customized health alerts, improved reporting options, and application interfaces for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be managed using Cisco's ASA 5500-X on-device ASDM or the ASA CLI.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco ASA Firewalls leverage technology behind Cisco's PIX 500 firewall, Cisco's IPS 4200 Series sensor, and Cisco's VPN 3000 Series concentrator. These technologies enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to offer a platform that stops the widest variety of attacks. Cisco ASA Firewalls deliver application protection, network containment, and clean VPN functionality throughout Cisco's product portfolio. This broad scope of protection allows the guarding of any network segment, including the most typical threat conduits like remote locations, LAN-attached inside users, and off-site connected VPNs.
The scalable architecture of the ASA 5500 family allows you to add more features via service modules and cards. These easy-to-install enhancements give you the ability to add IPS and content protection functions such as filtering virus, worms, and phishing attacks and performing file and web screening. Beside allowing you to react quickly to the latest threat environments, the expandable architecture of the Cisco ASA 5500 Series also protects your capital investment by increasing the life of your security appliances. The ASA 5500 family also leverages your investment in IT team training by supporting the rich library of PIX 500 management utilities and protocols such as the Cisco Adaptive Security Device Manager platform, protected command-line interface (CLI) access, syslog, and SNMP.
Cisco Adaptive Security Appliances 5500 Series firewalls deliver a high-level of application protection via intelligent, application-aware inspection processes that analyze network flows at Layers 4-7. This results in a more secure environment covering Web, voice, and mobile wireless access. To protect networks against application-layer attacks and to provide stronger control over the applications and protocols utilized in their environments, Cisco's inspection engines incorporate extensive application and protocol knowledgebases and rely on protection enforcement solutions such as protocol anomaly detection and state tracking. Also incorporated are assault detection and remediation techniques including application/protocol command filtering and URL deobfuscation. Cisco ASA firewall inspection engines also deliver management of instant messaging and tunneling applications, allowing businesses to enforce usage policies and recover bandwidth for important business processes.
For more information about Progent's consulting services for Cisco's ASA 5500 firewalls, see ASA 5500 firewalls configuration and troubleshooting support.
PIX Security Appliance Series
Built upon a hardened, specialized software platform that offers rich protection features, PIX firewalls offer a high level of security and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IPsec qualification. Cisco PIX security appliances provide protection for a broad range of VoIP and additional mixed-media conventions including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and MGCP, enabling organizations to protect installations of a broad range of contemporary and upcoming IP voice and mixed-media applications.
Cisco PIX security appliances offer a variety of setup, monitoring, and troubleshooting features, providing businesses the flexibility to use the techniques that best meet their needs. Management options include common, policy-based management tools, integrated web-accessible administration, and support for remote-tracking protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM interface provides a world-class Web-based control platform that greatly simplifies the installation, ongoing modification, and tracking of a single Cisco PIX security appliance without the need of any additional software beyond an ordinary Web browser and Java applet to be running on a manager's PC.
IT managers can furthermore remotely configure, track, and analyze Cisco PIX security appliances via a command-line interface (CLI). Secure CLI interface communication is possible using several methods including SSHv2 Protocol, Telnet through IP Security, and out-of-band through a console port. PIX firewalls also have robust auto-update features, a set of advanced protected remote-management services that ensure firewall settings and software images are kept current.
For more details about Progent's consulting services for Cisco PIX firewalls, go to Cisco PIX firewalls integration and troubleshooting consulting.
Progent's Migration Consulting Support for Cisco Firewalls
Because Cisco has discontinued selling the PIX 500 and ASA 5500 product lines, many businesses are uncomfortable with depending on a key security mechanism that may no longer be supported. Cisco ASA 5500-X and Firepower Series security appliances offer the advantage of being new devices and also offer several functions and budgetary benefits in comparison to PIX firewalls. These benefits include significantly better performance, optional Secure Sockets Layer VPN capability, and a modular architecture that protects your investment by allowing you to add more security services whenever you need them. Progent's CCIE-certified experts can help you to assess the strategic value of for moving from PIX 500 or Cisco ASA 5500 firewalls, create a migration plan that allows for a quick and seamless upgrade, assist you to deploy new ASA 5500-x Series or Firepower NGFW Series appliances, and provide remote training, consulting, and troubleshooting services.
Other Ways Progent Can Help You with Cisco Firewalls
Cisco's Firepower NGFW Series, ASA Series, and PIX security appliances incorporate a wealth of setup, tracking, and troubleshooting features which offer you the flexibility to configure these firewalls to align optimally with your business needs. Progent's CCIE authorized network consultants can assist you to build a cost-effective network infrastructure that incorporates Cisco security appliances and that provides advanced protection, resilience, throughput, and recoverability. Progent's CISA and CISSP-ISSP-premier IS security engineers can assist your business to create a security policy that makes sense for your business and can set up your security appliance to support your security policies. Progent's risk evaluation professionals can evaluate the strength of your current firewall solution and audit the overall security of your whole information system environment. Progent’s Technical Response Center can provide emergency online technical support for Cisco technology and can give you fast access to a Cisco CCIE expert.
To learn more details concerning Progent's engineering expertise for Cisco solutions, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to get in touch with Progent about engineering expertise for Cisco networking, call 1-800-993-9400 or visit Contact Progent.