Cisco is a perennial front-runner in developing state-of-the-art firewall appliances for the widest possible range of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) provide a modern firewall platform that combines sophisticated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to block, identify, and respond to cyber attacks automatically. Progent's Cisco-certified CCIE firewall experts can help you to design and carry out an efficient migration to Cisco Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and help you enhance Firepower appliances with Cisco's security services to build and centrally control network environments that include local offices, data centers, and cloud resources. Progent's firewall consultants can also help you to maintain and troubleshoot older-generation Cisco firewalls. Progent's certified cybersecurity experts can assist you with policy creation and tuning driven by industry best practices in order to establish a consistent cybersecurity posture across all your networked devices at any location.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower NGFWs Firewalls deliver a significant performance improvement compared to Cisco's previous-generation ASA 5500-X firewalls and offer centralized management and automation of advanced cybersecurity capabilities like application visibility and control (AVC), next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection, DDoS mitigation, and sandboxing. For more information about Cisco's Firepower family of Next Generation Firewalls (NGFWs), see Firepower firewalls consulting expertise.
Cisco's ASA 5500-X Series and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500, and PIX firewalls offer integrated firewall, VPN, and IPS services in compact single-box devices, delivering a wide range of features to match the security and compliance needs of companies from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X, ASA 5500 Series, and PIX firewall appliances allow network security teams to defend their network perimeter and provide safe remote access while utilizing powerful administration mechanisms based on Cisco's industry-leading firewall products.
Ciscoís ASA 5500 and PIX firewalls have reached end-of-life status but are still commonly deployed in small and mid-size organizations as well as in a few enterprise data centers. Ciscoís ASA 5500-X Series Next-Generation Firewalls deliver significantly more value and have supplanted Cisco's ASA 5500 and PIX 500 families of firewalls for new installations. However, Cisco's older model firewall appliances, if properly maintained, can offer a high level of security by providing a variety of security functions such as firewall, VPN tunneling, and IPS.
After Cisco's purchase of Sourcefire, the entire line of ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort product, which is the market's most popular network intrusion protection system (IPS). Firepower services bring powerful new features including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco-premier infrastructure engineers can help you to maintain and debug legacy ASA 5500 and PIX firewall appliances and can also assist you to plan and implement an efficient migration to Ciscoís ASA 5500-X firewalls with Firepower Services. Progent can also help you to plan, deploy, tune, administer and debug new firewall solutions based on Cisco's latest ASA 5500-X firewalls with Firepower. Progent can also help your organization to upgrade from your Cisco ASA 5500-X deployment to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X security appliances includes an enhanced replacement for each rack-mountable unit in the older ASA 5500 generation of firewalls. Each ASA 5500-X model targets the same environment as the corresponding earlier models, which gives most plenty of room for picking a solution that aligns with their security requirements and IT budgets. All ASA 5500-X firewalls are based on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and are capable of running Cisco's powerful protection services. All models in Cisco's ASA 5500-X family provide dependable protection across any mix of physical, virtual, and cloud deployments.
For more information about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's support for Cisco ASA 5500-X security appliances, visit Firepower configuration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls work with either software or physical modules that support Firepower Services, which offer layered defense against advanced threats. Firepower Services are based on technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA security appliances include:
- Layered defense against familiar and new attacks
- Cisco's Advanced Malware Protection (AMP) that uses big data techniques to discover and mitigate intrusions
- A Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at clients, infrastructure, software applications, and content to discover attacks that use multiple vectors
- Fine-grained Application Visibility and Control that is familiar with thousands of applications and can automatically launch standard and customized IPS policies depending on the degree of risk
Firepower Services for ASA 5500-X firewalls provide advanced multi-layered security
Smaller deployments of Cisco ASA 5500-X firewalls can be effectively administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool provided with all ASA 5500-X versions. ASDM provides a convenient web console for configuring, administering, and debugging ASA 5500-X devices and service modules.
For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower can be managed using Cisco's Firepower Management Center, available as one or more physical or virtual devices. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center centralizes event and policy control for Cisco Firepower firewall appliances
Cisco's Firepower Management Center offers features unavailable with Cisco's on-device ASDM tool. Additional features include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for user devices, a dashboard that offers dynamic infrastructure visualization, automated policy optimization based on impact assessment of attacks, advanced IPS, custom application detectors for Application Visibility and Control, customized health notifications, enhanced reporting features, and APIs for host input and databases. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be managed via the on-device ASDM or the ASA command line interface.
Cisco ASA 5500 Adaptive Security Appliances
Cisco ASA 5500 Series Firewalls build on technology developed for Cisco's PIX 500 family Security Appliance, the IPS 4200 Intrusion Prevention System, and Cisco's VPN 3000 family concentrator. These technologies enable the Cisco ASA Firewall family to offer a firewall that defends against the broadest variety of attacks. Cisco ASA 5500 Series Firewalls deliver application protection, network containment and control, and clean Virtual Private Network functionality across the entire product line. This breadth of security allows the guarding of any network section, which includes the most common attack vectors like remote locations, LAN-connected internal users, and off-site connected VPNs.
The scalable architecture of the Cisco ASA 5500 family enables you to add features via service modules and security service cards. These user-installable options give you the option of adding IPS and content protection services like blocking virus, spyware, and phishing attacks and executing data and URL filtering. Beside enabling your IT staff to respond quickly to the latest threat vectors, the extensible design of the Cisco ASA 5500 Series also protects your capital investment by prolonging the life of your security appliances. The ASA 5500 family also protects your investment in IT staff education by utilizing the familiar library of PIX management utilities and protocols such as the Cisco Adaptive Security Device Manager (ASDM) platform, secure command-line interface availability, syslog, and SNMP.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide a high-level of application protection through intelligent, application-aware inspection processes that analyze network flows at Layers 4-7. The result is a better protected network including Web, voice, and mobile wireless access. To protect against application-layer attacks and to provide stronger policing of the applications and protocols utilized in their environments, these inspection engines integrate broad application and protocol knowledgebases and rely on security enforcement solutions such as anomaly sensing and state monitoring. Also incorporated are assault detection and remediation techniques such as application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver control over instant messaging and tunneling applications, allowing organizations to enforce usage policies and free up bandwidth for critical business processes.
For additional details about Progent's support services for ASA 5500 firewalls, see Cisco ASA 5500 series firewalls integration and troubleshooting support.
Based upon a hardened, purpose-built OS that offers rich security services, Cisco PIX firewall appliances provide a high level of security and have earned EAL 4 status and ICSA Firewall and IPsec qualification. PIX firewalls offer security for a wide range of VoIP and other multimedia conventions such as H.323 v. 4, SIP, Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol, enabling organizations to safeguard installations of a broad array of current and next-generation IP voice and mixed-media applications.
PIX firewalls feature a wealth of setup, tracking, and troubleshooting options, giving businesses the flexibility to use the methods that most closely meet their requirements. Management options include centralized, policy-based management tools, integrated web-based administration, and compatibility with remote-tracking protocols like Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a world-class Web-based management solution that significantly streamlines the installation, in-place modification, and tracking of a specific Cisco PIX security appliance without the need of any extra utility other than a standard browser and Java applet to be installed on an administrator's PC.
IT managers can furthermore remotely configure, monitor, and troubleshoot Cisco PIX firewall appliances using a command-line interface (CLI). Secure command-line interface communication is possible using several techniques such as Secure Shell (SSHv2) Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. Cisco PIX security appliances also have robust automatic-update features, a set of revolutionary secure remote-management services that ensure firewall configurations and software images are kept current.
For additional details about Progent's consulting services for PIX 500 security appliances, visit PIX firewalls configuration and troubleshooting services.
Progent's Migration Consulting Services for Cisco Firewalls
Since Cisco has discontinued selling the PIX 500 and ASA 5500 product lines, many businesses are concerned about depending on a critical infrastructure mechanism that might stop being supported by Cisco. ASA 5500-X and Firepower Series firewalls offer the benefit of being current devices and also bring a number of functions and financial benefits in comparison to PIX firewalls. These benefits include substantially higher performance, optional Secure Sockets Layer VPN support, and an expandable design that protects your investment by allowing you to add new security services when and if you need them. Progent's Cisco certified experts can help your company to determine the strategic case for moving from PIX or Cisco ASA 5500 firewalls, create a migration plan that permits a fast and seamless changeover, assist you to set up new ASA 5500-x or Firepower Series firewalls, and offer online, consulting, and troubleshooting services.
Other Ways Progent Can Help You with Cisco Firewalls
Cisco's Firepower Series, ASA Series, and PIX security appliances incorporate a wealth of setup, monitoring, and troubleshooting features that offer you the flexibility to set up these firewalls to match your company's requirements. Progent's CCIE certified network consultants can help you to build an efficient infrastructure that incorporates Cisco firewall technology and that offers advanced protection, fault tolerance, performance, and manageability. Progent's GISA and CISM-certified IS security experts can help your business to develop a security strategy that makes sense for your environment and can configure your firewall to support your security policies. Progent's risk assessment professionals can assess the effectiveness of your existing firewall deployment and help determine the security of your whole IT network. Progentís Help Desk support team can provide urgent online troubleshooting for Cisco technology and can give you fast access to a Cisco network engineer.
To see additional information about Progent's professional expertise for Cisco products, choose a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to get in touch with Progent about engineering assistance for Cisco technology, phone 1-800-993-9400 or see Contact Progent.