Cisco is a long-time leader in developing cutting-edge firewalls for the broadest possible variety of environments. Cisco's Firepower Next Generation Firewalls provide an advanced firewall platform that combines dedicated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to block, identify, and mitigate cyber attacks automatically. Progent's Cisco-certified CCIE-certified firewall experts can help your organization to design and execute a smooth migration to Cisco Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and help you enhance Firepower appliances with Cisco's subscription-based security services to create and centrally control network environments that span local offices, data centers, private clouds and public clouds. Progent's firewall consultants can also help you to maintain and debug legacy Cisco firewalls. Progent's certified cybersecurity consultants can assist you with policy creation based on leading best practices so you can establish a consistent and effective cybersecurity profile that applies to all your networked endpoints anywhere.

Cisco's Firepower NGFW Firewalls
Cisco's Firepower NGFWs Firewalls provide a significant performance improvement over Cisco's previous-generation ASA 5500-X security appliances and include unified control of modern cybersecurity features such as application visibility and control (AVC), next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection (AMP), distributed denial of service (DDoS) mitigation, and sandboxing. For details about Cisco's Firepower portfolio of NGFWs Firewalls, see Firepower firewalls consulting services.

Cisco Firepower 4100 Series Firewalls Consulting

Cisco's ASA 5500-X Series and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls provide integrated firewall, IPsec VPN, and intrusion prevention system (IPS) services in compact single-box packages, delivering a broad array of features to meet the security needs of companies from small businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls enable network security staffs to defend their network edge and provide secure offsite and mobile access while using advanced administration mechanisms based on Cisco's world-class firewall technology.

Ciscoís ASA 5500 and PIX firewall appliances have reached end-of-life but are still commonly used in small and mid-size businesses as well as in a few enterprise networks. The ASA 5500-X Next-Generation Firewalls represent significantly more bang for the buck and have superseded the ASA 5500 and PIX lines of firewalls for new deployments. However, Cisco's older model firewall appliances, if carefully maintained, can offer a high degree of protection by supplying a variety of features including stateful firewall, Virtual Private Network (VPN) connections, and IPS.

Following Cisco's acquisition of Sourcefire, the entire family of Cisco ASA 5500-X firewalls can be provisioned to support Firepower Services, built on Sourcefire's Snort product, which is the market's most popular network intrusion protection system (IPS). Firepower services provide powerful new features including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.

Progent's Cisco-premier infrastructure engineers can assist your organization to maintain and troubleshoot older ASA 5500 and PIX 500 firewalls and can also assist you to plan and carry out an efficient upgrade to Ciscoís ASA 5500-X Series firewalls with Firepower. Progent can also assist you to design, configure, optimize, administer and troubleshoot new firewall ecosystems built on Cisco's current ASA 5500-X firewalls with Firepower Services. Progent can also help you to migrate from your Cisco ASA 5500-X deployment to Cisco's latest Firepower NGFWs Firewalls.

Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive line of ASA 5500-X firewalls includes an improved substitute for each rack-mountable model in the older ASA 5500 series of firewalls. Each ASA 5500-X model is suited for the identical market as the associated earlier models, which offers most ample room for selecting a solution that meets their security requirements and budgets. All ASA 5500-X products are based on Cisco's proven stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful security services. All devices in Cisco's ASA 5500-X product line provide consistent security across any combination of physical, virtual, and cloud deployments.

Cisco ASA 5500-X Firepower Consultants

For more details about ASA 5500-X firewalls, Firepower services, and Progent's consulting for Cisco ASA firewalls, go to Firepower configuration and troubleshooting consulting

Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with software or physical modules that enable Cisco's Firepower Services, which offer layered protection against advanced threats. Cisco's Firepower Services are powered by technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA security appliances include:

  • Multi-layer protection against both familiar and zero-day threats
  • Advanced Malware Protection (AMP) that utilizes big data to discover and remediate intrusions
  • A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that covers clients, infrastructure, software applications, and content to discover threats that use simultaneous vectors
  • High-resolution Application Visibility and Control that is aware of thousands of apps and can automatically launch standard and customized IPS policies depending on the severity of threats
Cisco Firepower Integration Expertise

Firepower Services for ASA 5500-X firewalls offer advanced multi-layered protection

Simpler implementations of ASA 5500-X firewalls can be effectively managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool included with all ASA 5500-X models. ASDM includes a simple web console for deploying, administering, and troubleshooting ASA 5500-X appliances and service modules.

For multi-device and multi-site deployments, ASA 5500-X appliances with Firepower can be managed using Firepower Management Center, available as one or several physical units or virtual appliances. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names including Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.

Cisco Firepower Management Center Consulting

Cisco Firepower Management Center unifies event and policy management for Cisco Firepower firewalls

Firepower Management Center offers features beyond those available with Cisco's on-device ASDM tool. Additional features include greater context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for client devices, a dashboard that offers real-time network infrastructure visualization, automated policy optimization based on impact evaluation of attacks, comprehensive IPS, custom app discovery for Application Visibility and Control (AVC), customized health notifications, enhanced reporting options, and APIs for host input and database access. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be managed using Cisco's ASA 5500-X on-box ASDM or the ASA CLI.

Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage technology behind Cisco's PIX 500 Series firewall, Cisco's IPS 4200 sensor, and the Cisco VPN 3000 family concentrator. These solutions converge on the Cisco Adaptive Security Appliances Firewall family to offer a firewall that defends against the broadest range of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls deliver application protection, network containment and control, and clean VPN connectivity throughout Cisco's product line. This broad scope of security allows the guarding of any network area, which includes the most common attack vectors such as remote locations, LAN-attached internal users, and off-site connected VPNs.

ASA 5500 Series Consulting and Technical Support
The scalable design of the ASA 5500 family enables you to add services by installing security service modules and cards. These user-installable enhancements give you the option of adding Intrusion Protection and content protection services like filtering virus, spyware, and phishing attacks and performing data and web filtering. Beside enabling your IT staff to respond quickly to new risk environments, the extensible design of the ASA 5500 Series also leverages your hardware investment by increasing the useful life of your security appliances. The Cisco ASA 5500 Series also leverages your investment in IT staff education by supporting the familiar library of PIX security management tools and protocols including the Cisco Adaptive Security Device Manager (ASDM) platform, protected command-line interface (CLI) availability, syslog, and Simple Network Management Protocol.

Cisco ASA 5500 Series firewalls provide robust application protection through intelligent, application-aware inspection processes that analyze network flows at Layers 4-7. The result is a better protected network covering Web, voice, and mobile wireless services. To defend networks against application-layer attacks and to provide stronger control over the programs and protocols utilized in their environments, these inspection engines integrate extensive application and protocol knowledge and employ security enforcement solutions such as protocol anomaly detection and application and protocol state monitoring. Also incorporated are assault sensing and remediation techniques such as application and protocol command filters and content verification. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide management of instant messaging and peer-to-peer file sharing, enabling businesses to enforce usage policies and free up network bandwidth for vital business applications.

For more information about Progent's consulting services for Cisco's ASA 5500 security appliances, visit ASA 5500 series firewalls integration and debugging support.

PIX Security Appliance Series
Based upon a hardened, purpose-built operating system that delivers rich security services, Cisco PIX security appliances offer excellent protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security (IPsec) certification. Cisco PIX firewalls offer security for a broad array of VoIP and additional multimedia conventions including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and MGCP, helping organizations to safeguard installations of a broad array of current and upcoming Voice over IP and video applications.

PIX Security Help
PIX firewall appliances feature a variety of setup, monitoring, and troubleshooting features, providing IT managers the flexibility to utilize the methods that most closely match their requirements. Administrative solutions include common, policy-based management utilities, integrated web-based management, and compatibility with remote-monitoring standards like Simple Network Management Protocol and syslog. The integrated ASDM system offers a world-class Web-based control platform that greatly streamlines the deployment, ongoing modification, and tracking of a single PIX firewall appliance without the need of any additional utility beyond an ordinary browser and Java plug-in to be running on a manager's computer.

Administrators can also remotely set up, track, and troubleshoot Cisco PIX firewall appliances using a command-line interface (CLI). Secure CLI interface communication is available using a number of techniques including Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band through a console port. Cisco PIX firewall appliances also include robust automatic-update features, a set of revolutionary secure remote-administration options that ensure firewall settings and software images are kept up to date.

For additional details about Progent's consulting services for PIX 500 firewalls, go to PIX firewalls integration and debugging support.

Progent's Migration Consulting for Cisco Firewalls
Since Cisco has stopped offering the PIX and ASA 5500 product lines, many businesses are uncomfortable with depending on a key infrastructure component that might stop being supported by Cisco. Cisco ASA 5500-X and Firepower NGFW Series security appliances offer the benefit of being new products and also offer a number of technical and economic benefits in comparison to PIX 500 devices. These benefits include substantially better throughput, optional Secure Sockets Layer VPN support, and an expandable architecture that protects your investment by enabling you to self-install new security services when and if you need them. Progent's CCIE-certified experts can help you to determine the business case for moving from PIX 500 or Cisco ASA 5500 firewalls, design a migration process that allows for a fast and seamless upgrade, assist you to deploy new ASA 5500-x Series or Firepower NGFW Series firewalls, and provide remote training, consulting, and troubleshooting services.

Other Ways Progent Can Assist Your Business with Cisco ASA and PIX Firewalls
Cisco's Firepower Series, ASA 5500 Series, and PIX family security appliances provide a wealth of setup, monitoring, and troubleshooting options that give you the ability to deploy these firewalls to match your company's requirements. Progent's CCIE certified network consultants can show you how to design an efficient network infrastructure that incorporates Cisco security appliances and that provides world-class protection, resilience, throughput, and recoverability. Progent's GISA and CISM-certified information security consultants can assist you to create a security strategy appropriate for your situation and can configure your firewall to support your security policies. Progent's risk assessment engineers can assess the strength of your current firewall deployment and help determine the security of your whole IT environment. Progentís Technical Response Center (TRC) can deliver emergency remote technical support for Cisco technology and offer quick access to a Cisco CCIE expert.

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic: To learn additional information concerning Progent's engineering expertise for Cisco solutions, select a subject:

For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.

More topics of interest: