Cisco is a perennial front-runner in delivering cutting-edge firewall appliances for the widest possible range of deployments. Cisco's Firepower Next Generation Firewalls (NGFWs) provide a modern cybersecurity platform that marshals sophisticated hardware, cloud-based services, and machine learning to anticipate, identify, and mitigate cyber attacks automatically. Progent's Cisco-certified CCIE-certified firewall consultants can assist your organization to plan and carry out a smooth migration to Cisco Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and help you enhance Firepower firewalls with Cisco's cloud-based services to build and centrally control network ecosystems that span branch offices, data centers, private clouds and public clouds. Progent can also assist you to manage and troubleshoot older-generation Cisco firewalls. Progent's certified network security experts can help you with policy creation based on industry best practices so you can build a consistent security profile that applies to all your networked endpoints at any location.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower NGFWs Firewalls deliver a major performance improvement over Cisco's previous-generation ASA 5500-X firewalls and include centralized management and automation of advanced security features like application visibility and control, next-generation intrusion protection with risk prioritization, advanced malware protection (AMP), distributed denial of service (DDoS) mitigation, and sandboxing. For details about Cisco's Firepower family of NGFWs Firewalls, visit Cisco Firepower Series firewalls integration expertise.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500, and PIX firewall appliances offer integrated firewall, VPN, and intrusion prevention system (IPS) capabilities in compact single-box packages, delivering a broad array of features to match the security and compliance needs of organizations ranging from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500, and PIX firewall appliances allow IT security staffs to protect their network edge and offer safe offsite and mobile access while utilizing powerful administration tools based on Cisco's industry-leading firewall products.
Cisco’s ASA 5500 Series and PIX firewalls have arrived at end-of-life status but are still widely deployed in small and mid-size businesses as well as in some larger networks. Cisco’s ASA 5500-X Series Next-Generation Firewalls deliver significantly more value and have supplanted Cisco's ASA 5500 and PIX 500 families of firewalls for new installations. Still, Cisco's legacy firewalls, if carefully managed, can offer a high level of protection by providing a variety of features such as firewall, VPN, and IPS.
Following Cisco's acquisition of Sourcefire, the entire line of ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort product, which is the world's most deployed network intrusion protection system. Firepower services provide powerful new capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco-certified network engineers can help your organization to support and debug older ASA 5500 and PIX 500 firewall appliances and can also help you to plan and implement a smooth migration to Cisco’s ASA 5500-X firewalls with Firepower. Progent can also assist you to design, integrate, optimize, administer and troubleshoot new firewall ecosystems based on Cisco's latest ASA 5500-X models with Firepower. Progent can also assist you to upgrade from your Cisco ASA 5500-X solution to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive line of ASA 5500-X security appliances features an enhanced substitute for every rack-mountable model in the older ASA 5500 line of devices. Each ASA 5500-X firewall targets the identical environment as the corresponding earlier models, which gives small and midsize businesses plenty of choice for selecting a solution that aligns with their security needs and budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and are capable of running Cisco's advanced protection services. All models in Cisco's ASA 5500-X family provide consistent protection across any combination of physical, virtual, and cloud environments.
For more information about ASA 5500-X firewalls, Cisco Firepower services, and Progent's support for Cisco ASA 5500-X security appliances, see Firepower configuration and troubleshooting expertise
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances accept software or physical modules that enable Firepower Services, which provide layered protection against multi-vector attacks. Firepower Services are based on innovative technology adopted by Cisco from Sourcefire. Major features of Firepower Services for ASA firewalls include:
- Multi-layer defense against familiar and zero-day threats
- Advanced Malware Protection that uses big data techniques to discover and remediate security breaches
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that covers users, infrastructure, apps, and content to discover attacks that incorporate multiple approaches
- Fine-grained Application Visibility and Control that is familiar with thousands of applications and can automatically activate both standard and custom IPS policies depending on the severity of risk
Firepower Services for Cisco ASA 5500-X firewalls offer multi-layered security
Simpler deployments of Cisco ASA 5500-X firewalls can be effectively administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility included with all ASA 5500-X versions. ASDM includes an easy-to-use web console for deploying, administering, and debugging ASA 5500-X appliances and service modules.
For multi-device and multi-site environments, ASA 5500-X appliances with Firepower Services can be managed using Cisco's Firepower Management Center, implemented as one or several physical units or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection. Due to frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under several names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center centralizes event and policy control for Firepower firewall appliances
Cisco's Firepower Management Center provides features beyond those available with Cisco's on-box Adaptive Security Device Manager tool. Extra capabilities include greater context awareness, Advanced Malware Protection with remediation for client devices, a dashboard that provides dynamic network visualization, automated policy tuning driven by impact evaluation of threats, comprehensive IPS, custom application discovery for Application Visibility and Control (AVC), customized health notifications, improved reporting features, and APIs for host input and database access. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be managed via Cisco's ASA 5500-X on-device ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Family of Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls leverage engineering behind Cisco's PIX 500 Series Security Appliance, the IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These technologies converge on the Cisco ASA 5500 Series Firewall family to offer a platform that defends against the broadest range of threats. Cisco Adaptive Security Appliances Firewalls deliver application security, local containment, and safe Virtual Private Network functionality across Cisco's product line. This broad scope of protection allows the guarding of any network section, which includes the most common threat vectors such as remote locations, LAN-connected internal users, and off-site access VPNs.
The scalable design of the Cisco ASA 5500 family allows you to add security services via security service modules (SSMs) and cards. These user-installable options provide the ability to add IPS and content protection services such as blocking virus, worms, and phishing assaults and executing file and web screening. Beside allowing your IT staff to react rapidly to new threat vectors, the expandable architecture of the ASA 5500 family also leverages your capital investment by increasing the life of your firewalls. The ASA 5500 Series also protects your investment in IT team training by utilizing the familiar library of PIX management tools and protocols including the Cisco ASDM platform, protected command-line interface (CLI) access, verbose syslog, and SNMP.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver a high-level of application protection via intelligent, application-sensitive inspection engines that examine traffic at Layers 4-7. This results in a more secure environment including Web, voice, and 3G-mobile wireless access. To defend networks against application-layer assaults and to provide better policing of the programs and protocols utilized in their environments, Cisco's inspection engines incorporate extensive application and protocol knowledgebases and rely on protection enforcement solutions that include anomaly detection and application and protocol state monitoring. Also incorporated are assault detection and remediation technology such as application/protocol command filtering and content verification. Cisco ASA firewall inspection engines also deliver management of instant messaging and tunneling applications, allowing businesses to enforce usage policies and conserve bandwidth for vital business applications.
For more information about Progent's consulting services for ASA 5500 security appliances, go to Cisco ASA 5500 series firewalls configuration and troubleshooting services.
Cisco PIX Firewalls
Based upon a hardened, purpose-built OS that offers a wealth of protection features, PIX firewalls provide excellent protection and have been awarded EAL 4 status and ICSA Firewall and IPsec certification. PIX firewall appliances provide protection for a broad array of VoIP and other mixed-media conventions including H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, RTSP, and MGCP, enabling organizations to safeguard installations of a broad range of contemporary and upcoming VoIP and mixed-media applications.
Cisco PIX firewalls feature a variety of configuration, tracking, and troubleshooting features, giving businesses the flexibility to utilize the techniques that best meet their needs. Administrative solutions include centralized, policy-based management tools, integrated web-accessible management, and support for remote-tracking protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system offers a world-class Web-accessible management solution that greatly streamlines the installation, ongoing configuration, and tracking of a specific Cisco PIX firewall appliance without requiring any extra software other than a standard Web browser and Java applet to be installed on an administrator's PC.
Administrators can also remotely set up, monitor, and analyze Cisco PIX security appliances via a command-line interface (CLI). Safe CLI interface communication is possible through a number of methods such as Secure Shell (SSHv2) Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. Cisco PIX firewalls also include robust auto-update features, a set of advanced secure remote-management options that ensure security settings and software images are always current.
For additional information about Progent's support services for PIX 500 security appliances, see PIX 500 firewalls integration and debugging consulting.
Progent's Migration Support for Cisco Firewalls
Because Cisco has ceased selling the PIX and ASA 5500 product lines, many businesses are uncomfortable with relying on a critical infrastructure component that may stop being supported by Cisco. ASA 5500-X and Firepower Series security appliances have the benefit of being new devices and also offer several technical and economic advantages in comparison to PIX devices. These advantages include substantially higher throughput, optional Secure Sockets Layer tunneling capability, and a modular design that protects your investment by allowing you to self-install new security features when and if you require them. Progent's Cisco certified experts can help you to assess the business case for upgrading from PIX 500 or ASA 5500 security appliances, create a migration process that permits a fast and seamless changeover, help you to install new ASA 5500-x or Firepower Series appliances, and offer online, consulting, and technical support services.
Additional Ways Progent Can Help You with Cisco ASA and PIX Firewalls
Cisco Firepower Series, ASA 5500 Series, and PIX security appliances provide a wealth of setup, tracking, and analysis options that give you the ability to deploy these security appliances to align optimally with your business requirements. Progent's CCIE authorized network consultants can assist you to build a cost-effective network infrastructure that incorporates Cisco firewall technology and that provides world-class protection, resilience, throughput, and recoverability. Progent's GISA and CISM-premier information security professionals can help your business to create a security policy appropriate for your business and can configure your PIX or ASA firewall to enforce your security policies. Progent's security evaluation professionals can evaluate the effectiveness of your existing firewall deployment and help determine the security of your entire IS environment. Progent’s Help Desk support team can provide urgent online troubleshooting for Cisco technology and offer fast access to a Cisco CCIE network engineer.
For additional information concerning Progent's professional help for Cisco products, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to ask Progent about engineering help for Cisco products, call 1-800-993-9400 or visit Contact Progent.