Cisco is a long-time front-runner in developing state-of-the-art firewall appliances for the broadest possible variety of deployments. Cisco's Firepower NGFWs Firewalls provide an advanced cybersecurity solution that combines dedicated hardware, cloud services, and machine learning to block, identify, and respond to threats without manual intervention. Progent's Cisco-certified CCIE firewall consultants can help you to design and carry out an efficient migration to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and help you integrate Firepower firewalls with Cisco's subscription-based security services to build and centrally control IT environments that include local offices, data centers, and cloud resources. Progent can also assist you to manage and debug older-generation Cisco security appliances. Progent's certified cybersecurity experts can assist you with policy creation and tuning based on leading best practices in order to establish a consistent and effective cybersecurity profile that applies to all your networked devices at any location.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a major performance boost over Cisco's popular ASA 5500-X firewalls and offer centralized control of modern security features like application visibility, next-generation intrusion protection with risk prioritization, advanced malware protection, DDoS mitigation, and sandboxing. For more information about Cisco's Firepower line of Next Generation Firewalls (NGFWs), refer to Firepower Series firewalls integration experts.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500, and PIX firewalls offer combined firewall, IPsec VPN, and intrusion prevention system capabilities in single-box devices, delivering a wide range of features to meet the security needs of companies ranging from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500, and PIX firewalls allow network security teams to defend their network perimeter and offer secure offsite and mobile connectivity while using advanced management mechanisms built on Cisco's world-class firewall technology.
Cisco’s ASA 5500 and PIX 500 firewall appliances have reached end-of-life but are still widely deployed in small and mid-size businesses as well as in some larger data centers. The ASA 5500-X Next-Generation Firewalls represent substantially more value and have superseded Cisco's ASA 5500 and PIX 500 lines of firewalls for new installations. Still, Cisco's legacy firewalls, if carefully managed, continue to deliver a high degree of protection by providing a variety of services including firewall, VPN, and IPS.
Since Cisco's acquisition of Sourcefire, the entire family of ASA 5500-X firewalls can be provisioned to enable Firepower Services, based on Sourcefire's Snort product, which is the world's most deployed intrusion protection system (IPS). Firepower services bring enhanced capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-certified network engineers can assist you to support and debug legacy ASA 5500 Series and PIX firewall appliances and can also help you to design and implement an efficient upgrade to Cisco’s ASA 5500-X firewalls with Firepower. Progent can also assist you to design, integrate, optimize, manage and debug new firewall ecosystems built on Cisco's latest ASA 5500-X firewalls with Firepower. Progent's firewall consultants can also help your organization to migrate from your Cisco ASA 5500-X Series deployment to Cisco's Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive family of ASA 5500-X firewalls includes an improved substitute for each rack-mountable unit in the older ASA 5500 series of devices. Each ASA 5500-X model is suited for the identical market as the corresponding previous models, which offers most ample choice for selecting a firewall that aligns with their security needs and budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful security services. All devices in Cisco's ASA 5500-X product line deliver consistent protection across any mix of physical, virtual, and cloud environments.
For additional information about ASA 5500-X security appliances, Cisco Firepower services, and Progent's support for Cisco ASA security appliances, see Firepower integration and debugging consulting
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with software or hardware modules that enable Firepower Services, which offer layered protection against advanced threats. Firepower Services are powered by technology adopted by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA security appliances include:
- Layered defense against both familiar and zero-day attacks
- Advanced Malware Protection (AMP) that uses big data to find and remediate security breaches
- A Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at clients, infrastructure, software applications, and content to detect threats that use multiple approaches
- High-resolution Application Visibility and Control (AVC that is aware of thousands of apps and can automatically activate standard and customized IPS policies based on the degree of risk
Firepower Services for ASA 5500-X firewalls provide advanced multi-layered threat protection
Simpler deployments of ASA firewalls can be effectively managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all ASA 5500-X versions. ASDM provides a convenient web console for deploying, administering, and debugging ASA 5500-X devices and service modules.
For multi-device and multi-site environments, ASA 5500-X appliances with Firepower Services can be managed using Cisco's Firepower Management Center, available as one or more physical units or virtual devices. Firepower Management Center offers unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under various names including Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Firepower Management Center unifies event and policy management for Firepower firewall appliances
Cisco's Firepower Management Center provides features beyond those available with Cisco's on-device Adaptive Security Device Manager utility. Additional features include greater context awareness, Advanced Malware Protection with mitigation for user devices, a dashboard that provides real-time network visualization, automated policy tuning based on impact evaluation of attacks, comprehensive IPS, custom app detectors for Application Visibility and Control, customized health notifications, improved reporting features, and APIs for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be handled using either the on-device ASDM or the ASA CLI.
Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on engineering behind Cisco's PIX 500 Series Security Appliance, the IPS 4200 sensor, and the VPN 3000 family concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) Firewall product line to deliver a platform that defends against the broadest range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide program protection, network containment and control, and clean VPN functionality throughout the entire product portfolio. This broad scope of security allows defense of any network section, including the most typical threat conduits like remote locations, locally-connected inside users, and off-site access Virtual Private Networks.
The expandable design of the ASA 5500 family enables you to add more security services via security service modules (SSMs) and cards. These user-installable enhancements provide the option of adding Intrusion Protection and content protection functions such as filtering virus, worms, and phishing attacks and performing data and URL filtering. In addition to allowing your IT staff to respond rapidly to the latest risk vectors, the extensible architecture of the ASA 5500 Series also protects your hardware investment by prolonging the life of your security appliances. The Cisco ASA 5500 family also leverages your investment in administrative team training by utilizing the rich library of PIX 500 security management utilities and protocols such as the Cisco Adaptive Security Device Manager platform, protected command-line interface (CLI) availability, syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances firewalls provide robust application protection through intelligent, application-aware inspection engines that analyze traffic at Layers 4-7. The result is a more secure environment covering Web, voice, and 3G-mobile wireless access. To defend against application-layer assaults and to offer stronger policing of the applications and protocols used in their environments, these inspection engines incorporate extensive application and protocol knowledgebases and rely on security enforcement technologies that include protocol anomaly sensing and application and protocol state monitoring. Also included are assault sensing and remediation technology such as application and protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, allowing businesses to police usage policies and recover bandwidth for important business processes.
For additional details about Progent's support services for ASA 5500 firewalls, go to ASA 5500 firewalls integration and troubleshooting support.
Cisco PIX Firewalls
Built upon a tested, purpose-built software platform that offers a wealth of security services, PIX firewall appliances provide a high level of security and have been awarded EAL 4 status and ICSA Firewall and IP Security certification. PIX firewall appliances offer protection for a wide range of Voice over IP and additional mixed-media conventions such as H.323 Version 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, enabling organizations to safeguard installations of a broad range of current and upcoming VoIP and multimedia applications.
PIX security appliances feature a variety of setup, monitoring, and analysis options, giving IT managers the flexibility to utilize the methods that most closely match their needs. Management options include centralized, policy-based administration utilities, integrated web-accessible administration, and compatibility with remote-monitoring protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM system provides a world-class Web-accessible control solution that greatly simplifies the deployment, ongoing modification, and monitoring of a specific Cisco PIX security appliance without the need of any extra software other than a standard Web browser and Java plug-in to be running on a manager's PC.
IT managers can also remotely configure, monitor, and analyze Cisco PIX firewalls via a command-line interface (CLI). Safe command-line interface (CLI) access is possible through a number of methods such as Secure Shell (SSHv2) Protocol, Telnet over IP Security, and out-of-band via a console port. Cisco PIX firewalls also include robust automatic-update capabilities, a set of advanced protected remote-administration services that make sure that firewall configurations and software images are kept current.
For more details about Progent's consulting services for PIX firewalls, visit Cisco PIX 500 firewalls configuration and troubleshooting support.
Progent's Migration Consulting Support for Cisco Firewalls
Since Cisco has ceased offering the PIX and ASA 5500 families of firewalls, many businesses are concerned about relying on a key security component that might stop being supported. ASA 5500-X and Firepower NGFW Series firewalls offer the advantage of being new devices and also bring a number of functions and financial advantages in comparison to PIX 500 firewalls. These benefits include significantly higher throughput, optional Secure Sockets Layer VPN support, and an expandable architecture that protects your investment by enabling you to self-install more security services when and if you need them. Progent's CCIE-certified experts can help you to assess the strategic value of for moving from PIX or ASA 5500 firewalls, create a migration plan that allows for a fast and seamless upgrade, assist you to configure new ASA 5500-x Series or Firepower NGFW Series appliances, and offer online, consulting, and technical support services.
Additional Ways Progent Can Help You with Cisco ASA and PIX Firewalls
Cisco's Firepower NGFW Series, ASA 5500 Series, and PIX firewalls incorporate an array of configuration, tracking, and analysis features which give you the flexibility to deploy these firewalls to match your company's needs. Progent's CCIE certified network professionals can show you how to configure and support an efficient infrastructure that includes Cisco firewall technology and that offers advanced protection, resilience, performance, and recoverability. Progent's GISA and CISSP-ISSP-premier IS security engineers can assist your business to create a security strategy that makes sense for your situation and can configure your firewall to support your security policies. Progent's risk evaluation experts can evaluate the effectiveness of your current firewall solution and help determine the overall security of your whole IT environment. Progent’s Technical Response Center (TRC) can provide emergency online troubleshooting for Cisco technology and offer fast access to a Cisco expert.
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
To learn additional information about Progent's professional support for Cisco technology, select a topic:
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.