Cisco is a long-time front-runner in delivering state-of-the-art firewalls for the broadest possible range of deployments. Cisco's Firepower Next Generation Firewalls represent a modern firewall solution that marshals dedicated hardware, cloud-based services, and machine learning to anticipate, identify, and mitigate threats without manual intervention. Progent's Cisco-certified CCIE-certified firewall consultants can help you to design and carry out a smooth migration to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and help you enhance Firepower firewalls with Cisco's cloud-based services to build and centrally control network ecosystems that span branch offices, data centers, and cloud resources. Progent's firewall consultants can also assist you to manage and troubleshoot older-generation Cisco firewalls. Progent's certified network security experts can assist you with policy creation and tuning driven by leading best practices in order to build a consistent and effective cybersecurity profile across all your devices anywhere.
Cisco's Firepower NGFW Firewalls
Cisco's Firepower Next Generation Firewalls deliver a major performance boost over Cisco's previous-generation ASA 5500-X firewalls and offer unified control of modern security capabilities such as application visibility and control (AVC), next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection (AMP), URL filtering, and sandboxing. For more information about Cisco's Firepower family of NGFWs Firewalls, see Cisco Firepower Series firewalls integration experts.
Cisco's ASA 5500-X Series and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances provide combined firewall, IPsec VPN, and intrusion prevention system services in single-box devices, delivering a wide array of features to match the security requirements of companies ranging from small and mid-size businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X, ASA 5500, and PIX firewalls enable IT security teams to defend their network edge and provide secure offsite and mobile connectivity while using advanced administration mechanisms based on Cisco's world-class firewall technology.
Ciscoís ASA 5500 and PIX firewalls have reached end-of-life (EOL) but remain commonly deployed in smaller businesses and in some larger networks. The ASA 5500-X Next-Generation Firewalls represent substantially more bang for the buck and have supplanted the ASA 5500 and PIX lines of firewalls for new installations. However, Cisco's older model firewall appliances, if properly managed, continue to offer a high degree of protection by providing multiple security functions including stateful firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's purchase of Sourcefire, the entire line of ASA 5500-X devices can be provisioned to support Firepower Services, based on Sourcefire's Snort technology, which is the world's most popular network intrusion protection system (IPS). Firepower services provide enhanced features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco CCIE-certified infrastructure engineers can assist your organization to support and debug older ASA 5500 and PIX firewalls and can also assist you to design and carry out an efficient migration to Ciscoís ASA 5500-X firewalls with Firepower Services. Progent can also assist you to plan, deploy, optimize, administer and troubleshoot new firewall solutions based on Cisco's current ASA 5500-X firewalls with Firepower Services. Progent can also assist you to upgrade from your Cisco ASA 5500-X deployment to Cisco's Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X security appliances includes an enhanced replacement for each rack-mountable model in the older ASA 5500 line of devices. Each ASA 5500-X model is suited for the identical market as the associated earlier models, which offers most plenty of room for selecting a firewall that aligns with their security needs and budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and support Cisco's powerful security services. All devices in Cisco's ASA 5500-X product line deliver consistent protection across any mix of physical, virtual, and cloud environments.
For additional information about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's consulting for Cisco ASA 5500-X security appliances, see Firepower integration and debugging consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances accept software or hardware modules that support Firepower Services, which offer layered defense against advanced threats. Cisco's Firepower Services are powered by technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA security appliances include:
- Multi-layer protection against familiar and new threats
- Cisco's Advanced Malware Protection that uses big data techniques to discover and mitigate security breaches
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at users, network infrastructure, apps, and content to detect threats that use multiple approaches
- Fine-grained Application Visibility and Control (AVC that is aware of thousands of apps and can automatically activate both standard and custom IPS policies based on the severity of risk
Firepower Services for Cisco ASA firewalls offer advanced multi-layered protection
Simpler deployments of ASA 5500-X firewalls can be effectively managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility provided with all ASA 5500-X versions. ASDM includes a simple web dashboard for configuring, administering, and troubleshooting ASA 5500-X firewalls and modules.
For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower can be managed using Firepower Management Center, available as one or more physical units or virtual appliances. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center centralizes event and policy control for Firepower firewalls
Firepower Management Center offers capabilities beyond those available with Cisco's on-device ASDM utility. Additional capabilities include expanded context awareness, Cisco's Advanced Malware Protection with remediation for client devices, a dashboard that provides real-time infrastructure visualization, automated policy tuning based on impact evaluation of attacks, advanced IPS, custom app discovery for Application Visibility and Control, customized health alerts, enhanced reporting options, and application interfaces for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be handled via the on-device ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls build on technology behind the PIX 500 family Security Appliance, the Cisco IPS 4200 Series Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These technologies enable the Cisco Adaptive Security Appliances 5500 Series Firewall product line to offer a firewall that stops the widest variety of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver application protection, local containment and control, and safe VPN connectivity throughout Cisco's product line. This broad scope of protection allows the guarding of any network segment, including the most typical threat conduits such as remote sites, LAN-attached internal users, and off-site access Virtual Private Networks.
The expandable architecture of the Cisco ASA 5500 family permits you to add security services via service modules and cards. These easy-to-install options provide the option of adding Intrusion Protection and content protection services such as filtering virus, worms, and phishing attacks and performing data and web filtering. Beside allowing you to react quickly to new threat vectors, the extensible design of the ASA 5500 Series also protects your capital investment by prolonging the useful life of your security appliances. The Cisco ASA 5500 Series also leverages your investment in IT staff training by supporting the familiar set of PIX 500 security management tools and protocols such as the Cisco Adaptive Security Device Manager (ASDM) system, protected command-line interface (CLI) access, verbose syslog, and SNMP.
Cisco ASA 5500 Series firewalls provide a high-level of application protection via intelligent, application-aware inspection engines that analyze traffic at Layers 4-7. This produces a more secure network covering Web, voice, and mobile wireless services. To protect networks against application-layer attacks and to offer stronger policing of the applications and protocols utilized in their networks, Cisco's inspection engines integrate broad application and protocol knowledge and rely on protection enforcement technologies such as protocol anomaly sensing and application and protocol state tracking. Also included are attack sensing and remediation techniques including application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide management of instant messaging and tunneling applications, allowing businesses to police usage policies and free up bandwidth for vital business applications.
For more information about Progent's support services for Cisco's ASA 5500 firewalls, see Cisco ASA 5500 series firewalls configuration and debugging services.
Cisco PIX Security Appliance Series
Based upon a hardened, purpose-built operating system that offers rich security services, Cisco PIX firewall appliances provide a high level of protection and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IPsec qualification. Cisco PIX firewall appliances provide protection for a wide array of VoIP and additional multimedia conventions including H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and MGCP, enabling businesses to protect installations of a broad range of current and upcoming Voice over IP and mixed-media applications.
PIX firewalls offer a wealth of setup, tracking, and analysis options, providing IT managers the versatility to utilize the methods that best meet their requirements. Management solutions include common, policy-based management tools, integrated web-accessible management, and support for remote-tracking protocols like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a world-class Web-based control platform that significantly simplifies the installation, in-place configuration, and monitoring of a single Cisco PIX firewall appliance without requiring any extra software beyond an ordinary browser and Java plug-in to be installed on a manager's computer.
Administrators can furthermore remotely set up, monitor, and analyze Cisco PIX firewall appliances via a CLI interface. Safe command-line interface communication is possible using several techniques including Secure Shell Protocol, Telnet over IPsec, and out-of-band via a console port. Cisco PIX firewalls also have dependable auto-update features, a collection of advanced secure remote-administration options that ensure security configurations and software images are always up to date.
For more information about Progent's support services for PIX security appliances, visit PIX 500 firewalls integration and debugging support.
Progent's Migration Support for Cisco Firewalls
Since Cisco has ceased offering the PIX and ASA 5500 product lines, many businesses are uncomfortable with relying on a critical security mechanism that may no longer be supported by Cisco. Cisco ASA 5500-X and Firepower NGFW Series firewalls offer the benefit of being current devices and also offer a number of functions and financial benefits in comparison to PIX 500 firewalls. These advantages include substantially better throughput, optional Secure Sockets Layer tunneling support, and a modular design that protects your investment by allowing you to self-install more security features when and if you require them. Progent's Cisco network engineers can help you to determine the strategic case for migrating from PIX or Cisco ASA 5500 firewalls, design a migration plan that allows for a fast and seamless changeover, help your IT staff to set up new ASA 5500-x or Firepower NGFW Series appliances, and provide remote training, consulting, and technical support services.
Additional Ways Progent Can Help You with Cisco ASA and PIX Security Appliances
Cisco Firepower NGFW Series, ASA 5500 Series, and PIX firewalls provide an array of setup, monitoring, and analysis options that give you the ability to deploy these firewalls to align optimally with your business needs. Progent's CCIE certified network experts can help you to design an efficient infrastructure that includes Cisco firewalls and that offers world-class protection, resilience, throughput, and manageability. Progent's GISA and CISSP-ISSP-premier information security experts can assist you to create a security policy that makes sense for your business and can configure your PIX or ASA firewall to enforce your security policies. Progent's security assessment consultants can assess the strength of your current firewall solution and audit the overall security of your whole IT environment. Progentís Help Desk Call Center can provide urgent remote troubleshooting for Cisco products and can give you fast access to a Cisco expert.
To see additional details concerning Progent's engineering help for Cisco solutions, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to get in touch with Progent about consulting help for Cisco technology, call 1-800-993-9400 or visit Contact Progent.