Cisco is a long-time leader in developing state-of-the-art firewall appliances for the widest possible variety of deployments. Cisco's Firepower Next Generation Firewalls (NGFWs) represent a modern firewall solution that combines sophisticated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to anticipate, identify, and respond to threats automatically. Progent's Cisco-certified CCIE firewall consultants can assist your organization to plan and execute an efficient migration to Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and show you how to integrate Firepower firewalls with Cisco's security services to build and centrally control network environments that include branch offices, data centers, private clouds and public clouds. Progent can also help you to manage and troubleshoot legacy Cisco security appliances. Progent's certified cybersecurity consultants can help you with policy creation and tuning based on leading best practices in order to build a consistent and effective cybersecurity profile that applies to all your networked endpoints anywhere.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a major performance boost compared to Cisco's popular ASA 5500-X firewalls and include unified management and automation of advanced cybersecurity capabilities such as application visibility and control (AVC), next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection, URL filtering, and multi-node sandboxing. For more information about Cisco's Firepower family of NGFWs Firewalls, refer to Firepower Series firewalls consulting expertise.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500, and PIX firewalls provide combined firewall, VPN, and intrusion prevention system services in single-box devices, delivering a broad range of features to match the security requirements of organizations ranging from small and mid-size businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX firewalls enable network security teams to defend their network edge and provide safe remote access while utilizing powerful management mechanisms built on Cisco's industry-leading firewall products.
Ciscoís ASA 5500 and PIX firewalls have arrived at end-of-life (EOL) but are still commonly used in smaller organizations as well as in a few larger data centers. Ciscoís ASA 5500-X Next-Generation Firewalls represent significantly more value and have superseded Cisco's ASA 5500 and PIX 500 lines of firewalls for new installations. Still, Cisco's older model firewall appliances, if properly maintained, can deliver a high degree of security by providing multiple features including firewall, Virtual Private Network (VPN) connections, and IPS.
Since Cisco's acquisition of Sourcefire, the whole line of Cisco ASA 5500-X devices can be provisioned to support Firepower Services, built on Sourcefire's Snort product, which is the market's most popular network intrusion protection system (IPS). Firepower services bring powerful new capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco CCIE-certified infrastructure engineers can help you to maintain and debug legacy ASA 5500 and PIX firewall appliances and can also help you to design and implement an efficient migration to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to design, deploy, tune, administer and debug new firewall ecosystems built on Cisco's latest ASA 5500-X models with Firepower. Progent's firewall consultants can also assist you to upgrade from your Cisco ASA 5500-X Series solution to Cisco's latest Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X firewalls includes an enhanced substitute for each rack-mountable unit in the older ASA 5500 series of devices. Each ASA 5500-X firewall targets the identical environment as the corresponding previous models, which gives small and midsize businesses plenty of choice for picking a solution that meets their security needs and budgets. All ASA 5500-X products build on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and are capable of running Cisco's advanced security services. All devices in Cisco's ASA 5500-X family provide consistent protection across any combination of physical, virtual, and cloud environments.
For additional information about ASA 5500-X firewalls, Firepower services, and Progent's support for Cisco ASA 5500-X firewalls, see Firepower integration and debugging consulting
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances accept either software or hardware modules that support Firepower Services, which provide layered defense against advanced threats. Firepower Services are powered by innovative technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X security appliances include:
- Layered protection against familiar and new threats
- Advanced Malware Protection (AMP) that utilizes big data to find and remediate intrusions
- A Next-Generation Intrusion Prevention System that provides contextual analysis that looks at clients, network infrastructure, software applications, and content to discover threats that use multiple vectors
- High-resolution Application Visibility and Control that is aware of thousands of applications and can automatically launch standard and custom IPS policies based on the severity of threats
Firepower Services for ASA firewalls offer multi-layered security
Smaller deployments of Cisco ASA 5500-X firewalls can be efficiently administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool included with all ASA 5500-X versions. ASDM provides a convenient web console for deploying, managing, and troubleshooting ASA 5500-X appliances and modules.
For more complex deployments, ASA 5500-X appliances with Firepower Services can be managed with Firepower Management Center, implemented as one or more physical units or virtual devices. Firepower Management Center provides centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Due to ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center unifies event and policy control for Firepower firewalls
Cisco's Firepower Management Center offers capabilities unavailable with Cisco's on-device ASDM tool. Additional features include greater context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for client devices, a dashboard that offers dynamic infrastructure visualization, automated policy optimization based on risk assessment of attacks, advanced IPS, custom app discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting options, and APIs for host input and databases. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be managed via the on-box ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances Firewalls build on technology behind Cisco's PIX 500 family firewall, the IPS 4200 Intrusion Prevention System, and the VPN 3000 Series concentrator. These solutions enable the Cisco Adaptive Security Appliances (ASA) Firewall family to offer a platform that defends against the broadest variety of threats. Cisco Adaptive Security Appliances Firewalls provide application security, network containment and control, and safe Virtual Private Network functionality across the entire product line. This broad scope of security enables defense of any network area, which includes the most typical threat vectors like remote locations, LAN-attached internal users, and remote connected Virtual Private Networks.
The expandable design of the Cisco ASA 5500 family allows you to add more features via security service modules and security service cards. These user-installable options give you the ability to add Intrusion Protection and content protection functions such as filtering virus, spyware, and phishing assaults and performing data and web filtering. Beside enabling you to react quickly to the latest risk environments, the expandable architecture of the ASA 5500 family also leverages your capital investment by prolonging the useful life of your security appliances. The ASA 5500 Series also protects your investment in IT staff training by utilizing the rich set of PIX security management utilities and protocols including the Cisco ASDM platform, protected command-line interface access, syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances firewalls provide robust application security via smart, application-aware inspection engines that examine network flows at Layers 4-7. This produces a better protected environment including Web, voice, and mobile wireless connectivity. To protect against application-layer assaults and to provide better policing of the programs and protocols utilized in their networks, Cisco's inspection engines integrate extensive application and protocol knowledge and rely on security enforcement technologies such as anomaly detection and state monitoring. Also included are assault detection and mitigation techniques such as application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide management of IM and peer-to-peer file sharing, allowing organizations to enforce usage policies and conserve network bandwidth for crucial business applications.
For more details about Progent's consulting services for Cisco's ASA 5500 security appliances, see ASA 5500 series firewalls configuration and debugging consulting.
Cisco PIX Security Appliance Series
Built upon a hardened, specialized OS that offers a wealth of security features, Cisco PIX firewalls provide excellent security and have been awarded EAL 4 status and ICSA Firewall and IPsec certification. Cisco PIX firewall appliances provide security for a broad array of VoIP and additional multimedia conventions including H.323 v. 4, SIP, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and MGCP, helping organizations to protect deployments of a wide range of current and upcoming IP voice and video applications.
Cisco PIX firewalls feature a wealth of setup, monitoring, and troubleshooting options, providing IT managers the versatility to use the techniques that best meet their requirements. Administrative solutions include centralized, policy-based management utilities, integrated web-based administration, and compatibility with remote-monitoring standards like SNMP and syslog. The integrated Adaptive Security Device Manager system provides a world-class Web-accessible control solution that greatly simplifies the installation, ongoing modification, and tracking of a specific PIX security appliance without the need of any extra utility beyond an ordinary Web browser and Java plug-in to be installed on an administrator's computer.
IT managers can also remotely configure, monitor, and analyze Cisco PIX security appliances via a CLI interface. Safe command-line interface (CLI) communication is available using several methods including Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. PIX security appliances also include dependable automatic-update features, a set of advanced secure remote-management options that make sure that firewall configurations and software images are kept up to date.
For additional information about Progent's support services for Cisco PIX 500 firewalls, see PIX firewalls configuration and debugging services.
Progent's Migration Support Services for Cisco Firewalls
Because Cisco has discontinued selling the PIX 500 and ASA 5500 families of firewalls, many businesses are uncomfortable with depending on a key security component that might stop being supported by Cisco. Cisco ASA 5500-X and Firepower NGFW Series security appliances have the benefit of being current products and also offer several technical and financial benefits in comparison to PIX firewalls. These benefits include significantly better performance, optional SSL tunneling support, and a modular design that protects your investment by allowing you to add more security features whenever you require them. Progent's CCIE-certified experts can help your company to assess the strategic value of for upgrading from PIX or Cisco ASA 5500 firewalls, design a migration process that allows for a fast and non-disruptive upgrade, assist you to deploy new ASA 5500-x or Firepower Series firewalls, and offer online, consulting, and troubleshooting services.
Other Ways Progent Can Assist You with Cisco ASA and PIX Firewalls
Cisco Firepower Series, ASA 5500 Series, and PIX family firewalls provide a wealth of setup, monitoring, and troubleshooting features which offer you the flexibility to set up these firewalls to align optimally with your company's needs. Progent's CCIE authorized network experts can show you how to build a cost-effective network infrastructure that includes Cisco firewalls and that offers advanced security, fault tolerance, throughput, and recoverability. Progent's CISA and CISSP-ISSP-certified information security consultants can help you to develop a security strategy that makes sense for your situation and can set up your security appliance to enforce your security policies. Progent's risk assessment experts can assess the strength of your existing firewall deployment and validate the overall security of your whole information system environment. Progentís Help Desk support team can deliver emergency online technical support for Cisco products and can give you fast access to a Cisco expert.
To learn additional information about Progent's consulting expertise for Cisco solutions, choose a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to contact Progent about technical help for Cisco products, call 1-800-993-9400 or refer to Contact Progent.