Cisco is a long-time front-runner in developing state-of-the-art firewall appliances for the broadest possible variety of environments. Cisco's Firepower NGFWs Firewalls provide an advanced firewall solution that combines sophisticated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to block, discover, and respond to threats automatically. Progent's Cisco-certified CCIE-certified firewall consultants can help your organization to design and execute an efficient upgrade to Cisco Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and show you how to integrate Firepower firewalls with Cisco's security services to create and centrally manage network ecosystems that include local offices, data centers, and cloud resources. Progent can also help you to manage and debug legacy Cisco security appliances. Progent's certified cybersecurity experts can help you with policy creation based on industry best practices in order to establish a consistent and effective cybersecurity posture that applies to all your endpoints at any location.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a significant performance boost over Cisco's popular ASA 5500-X security appliances and include unified management and automation of modern security capabilities such as application visibility and control, next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection (AMP), URL filtering, and multi-node sandboxing. For more information about Cisco's Firepower family of Next Generation Firewalls, refer to Firepower Series firewalls consulting experts.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco's ASA 5500-X Series, ASA 5500, and PIX firewalls offer combined firewall, IPsec VPN, and intrusion prevention system capabilities in single-box packages, delivering a broad range of features to meet the security and compliance requirements of organizations from small businesses to enterprises and Internet service providers. Cisco's ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances allow IT security teams to defend their network perimeter and offer safe offsite and mobile access while using powerful administration tools based on Cisco's industry-leading firewall technology.
Cisco's ASA 5500 Series and PIX 500 firewalls have reached end-of-life but are still widely deployed in small and mid-size organizations as well as in a few enterprise networks. Cisco's ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have superseded Cisco's ASA 5500 and PIX lines of firewalls for new deployments. Still, Cisco's older model firewall appliances, if carefully maintained, continue to deliver a high degree of protection by supplying a variety of features including stateful firewall, VPN tunneling, and IPS.
After Cisco's acquisition of Sourcefire, the entire line of ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort product, which is the market's most deployed intrusion protection system (IPS). Firepower services bring enhanced features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco CCIE-premier infrastructure consultants can assist your organization to support and debug legacy ASA 5500 and PIX 500 firewalls and can also help you to plan and implement an efficient upgrade to Cisco's ASA 5500-X Series firewalls with Firepower Services. Progent can also help you to design, configure, optimize, administer and debug new firewall solutions based on Cisco's current ASA 5500-X firewalls with Firepower Services. Progent can also assist your organization to migrate from your Cisco ASA 5500-X deployment to Cisco's latest Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X security appliances features an improved replacement for each rack-mountable unit in the previous ASA 5500 series of devices. Each ASA 5500-X model targets the same market as the corresponding previous models, which gives small and midsize businesses plenty of choice for picking a solution that meets their security needs and budgets. All ASA 5500-X firewalls are based on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and are capable of running Cisco's advanced protection services. All models in Cisco's ASA 5500-X family provide dependable security across any combination of physical, virtual, and cloud environments.
For more information about ASA 5500-X security appliances, Firepower services, and Progent's support for Cisco ASA 5500-X firewalls, see Firepower integration and debugging expertise
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances accept software or physical modules that support Cisco's Firepower Services, which offer layered protection against multi-vector threats. Firepower Services are based on technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA 5500-X security appliances include:
- Layered protection against both familiar and new threats
- Advanced Malware Protection (AMP) that utilizes big data to discover and mitigate intrusions
- A Next-Generation Intrusion Prevention System that provides contextual analysis that covers clients, infrastructure, software applications, and content to detect attacks that incorporate simultaneous approaches
- High-resolution Application Visibility and Control (AVC that is familiar with thousands of apps and can automatically launch standard and custom IPS policies depending on the severity of risk
Firepower Services for ASA 5500-X firewalls provide advanced multi-layered threat protection
Smaller deployments of Cisco ASA firewalls can be efficiently administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility provided with all ASA 5500-X models. ASDM provides a simple web dashboard for deploying, administering, and debugging ASA 5500-X devices and service modules.
For more complex deployments, ASA 5500-X appliances with Firepower Services can be administered with Firepower Management Center, implemented as one or more physical or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Advanced Malware Protection (AMP). Due to ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center unifies event and policy management for Firepower firewall appliances
Cisco's Firepower Management Center provides features beyond those available with Cisco's on-device Adaptive Security Device Manager tool. Additional features include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for client devices, a console that provides real-time network visualization, automated policy optimization driven by impact assessment of threats, advanced IPS, custom application detectors for Application Visibility and Control (AVC), customized health alerts, enhanced reporting options, and application interfaces for host input and database access. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed using the on-device ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on engineering behind Cisco's PIX 500 Series firewall, the IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 Series concentrator. These solutions converge on the Cisco ASA 5500 Series Firewall product line to deliver a firewall that stops the broadest range of threats. Cisco Adaptive Security Appliances Firewalls provide program protection, network containment and control, and safe VPN connectivity across the entire product line. This broad scope of protection enables the guarding of any network segment, including the most common attack conduits such as remote locations, LAN-connected internal users, and remote connected Virtual Private Networks.
The scalable design of the Cisco ASA 5500 family allows you to add services by installing security service modules (SSMs) and security service cards. These user-installable enhancements give you the option of adding Intrusion Protection and content protection functions like filtering virus, spyware, and phishing attacks and performing file and web filtering. In addition to enabling your IT staff to respond quickly to the latest threat vectors, the extensible architecture of the ASA 5500 family also protects your capital investment by increasing the useful life of your firewalls. The Cisco ASA 5500 Series also leverages your investment in IT team education by supporting the rich set of PIX security management utilities and protocols such as the Cisco Adaptive Security Device Manager (ASDM) system, protected command-line interface (CLI) access, syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver a high-level of application security via intelligent, application-sensitive inspection processes that examine network flows at Layers 4-7. This produces a safer network including Web, voice, and 3G-mobile wireless services. To protect networks against application-layer attacks and to provide better control over the applications and protocols utilized in their environments, Cisco's inspection engines incorporate broad application and protocol knowledgebases and employ security enforcement solutions that include anomaly sensing and state monitoring. Also incorporated are assault sensing and remediation technology including application/protocol command filters and URL deobfuscation. Cisco ASA firewall inspection engines also deliver management of instant messaging and peer-to-peer file sharing, enabling organizations to police usage policies and recover network bandwidth for crucial business processes.
For more information about Progent's consulting services for Cisco's ASA 5500 firewalls, see Cisco ASA 5500 series firewalls configuration and troubleshooting support.
Cisco PIX Firewalls
Based around a hardened, purpose-built software platform that delivers rich security features, Cisco PIX firewall appliances offer a high level of security and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec qualification. PIX security appliances provide protection for a wide array of VoIP and additional multimedia standards such as H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and MGCP, enabling businesses to protect deployments of a broad range of current and upcoming Voice over IP and multimedia applications.
Cisco PIX firewalls offer a wealth of configuration, monitoring, and troubleshooting options, providing businesses the versatility to use the techniques that best match their needs. Administrative options include centralized, policy-based administration utilities, integrated web-based administration, and compatibility with remote-tracking standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface provides a powerful Web-based control solution that significantly streamlines the installation, in-place modification, and tracking of a specific PIX security appliance without requiring any additional software beyond an ordinary Web browser and Java applet to be installed on a manager's computer.
IT managers can furthermore remotely set up, track, and troubleshoot PIX firewalls via a CLI interface. Secure command-line interface communication is available using several methods such as SSHv2 Protocol, Telnet over IP Security, and out-of-band via a console port. PIX firewalls also have dependable auto-update capabilities, a collection of advanced protected remote-administration options that ensure security configurations and software images are kept up to date.
For additional details about Progent's consulting services for PIX firewalls, go to Cisco PIX firewalls configuration and troubleshooting consulting.
Progent's Migration Support Services for Cisco Firewalls
Since Cisco has discontinued offering the PIX and ASA 5500 families of firewalls, many businesses are uncomfortable with depending on a critical security mechanism that may no longer be supported. ASA 5500-X and Firepower Series firewalls offer the advantage of being new products and also bring several functions and financial benefits in comparison to PIX devices. These benefits include substantially higher performance, optional SSL VPN support, and an expandable architecture that protects your investment by allowing you to add new security features when and if you require them. Progent's Cisco certified network engineers can assist you to assess the strategic value of for upgrading from PIX or Cisco ASA 5500 firewalls, design a migration process that permits a fast and non-disruptive upgrade, help your IT staff to configure new ASA 5500-x Series or Firepower Series firewalls, and provide online, consulting, and technical support services.
Additional Ways Progent Can Assist Your Business with Cisco ASA and PIX Security Appliances
Cisco's Firepower Series, ASA Series, and PIX family security appliances incorporate a wealth of configuration, tracking, and analysis features that give you the flexibility to deploy these security appliances to align optimally with your company's needs. Progent's CCIE certified network experts can show you how to configure and support an efficient network infrastructure that incorporates Cisco security appliances and that provides world-class security, fault tolerance, throughput, and recoverability. Progent's GISA and CISM-premier IS security professionals can assist your business to develop a security policy that makes sense for your environment and can configure your security appliance to support your security policies. Progent's risk evaluation consultants can assess the effectiveness of your current firewall deployment and audit the security of your entire IS environment. Progent's Help Desk support team can deliver emergency online troubleshooting for Cisco technology and offer fast access to a Cisco expert.
To learn more details about Progent's professional help for Cisco solutions, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to ask Progent about engineering assistance for Cisco products, call 1-800-993-9400 or refer to Contact Progent.