Cisco is a long-time front-runner in delivering cutting-edge firewall appliances for the broadest possible variety of environments. Cisco's Firepower Next Generation Firewalls represent an advanced firewall solution that marshals sophisticated hardware, cloud services, and machine learning to anticipate, discover, and mitigate threats without manual intervention. Progent's Cisco-certified CCIE-certified firewall consultants can assist your organization to plan and execute a smooth upgrade to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and help you integrate Firepower firewalls with Cisco's cloud-based services to build and centrally control network environments that span local offices, data centers, and cloud resources. Progent can also help you to manage and debug legacy Cisco firewalls. Progent's certified cybersecurity experts can assist you with policy creation and tuning based on leading best practices in order to build a consistent and effective cybersecurity profile across all your endpoints anywhere.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower NGFWs Firewalls deliver a significant performance boost over Cisco's previous-generation ASA 5500-X security appliances and include unified control of modern cybersecurity features such as application visibility and control, next-generation intrusion protection with risk prioritization, advanced malware protection, DDoS mitigation, and sandboxing. For more information about Cisco's Firepower portfolio of Next Generation Firewalls, visit Firepower firewalls integration expertise.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances provide integrated firewall, IPsec VPN, and IPS services in compact single-box devices, delivering a wide range of features to match the security and compliance needs of organizations from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewalls allow IT security staffs to protect their network edge and provide safe remote connectivity while using powerful management mechanisms based on Cisco's industry-leading firewall products.
Cisco’s ASA 5500 Series and PIX 500 firewalls have arrived at end-of-life status but remain widely used in small and mid-size businesses as well as in a few enterprise networks. Cisco’s ASA 5500-X Next-Generation Firewalls deliver significantly more value and have superseded the ASA 5500 and PIX 500 families of firewalls for new installations. However, Cisco's legacy firewall appliances, if carefully maintained, continue to deliver a high degree of protection by supplying multiple services such as firewall, IPsec VPN, and IPS.
Following Cisco's purchase of Sourcefire, the entire family of ASA 5500-X devices can be provisioned to support Firepower Services, built on Sourcefire's Snort product, which is the world's most popular network intrusion protection system (IPS). Firepower services bring powerful new capabilities including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco CCIE-certified infrastructure engineers can help you to maintain and debug older ASA 5500 Series and PIX firewall appliances and can also assist you to plan and carry out an efficient upgrade to Cisco’s ASA 5500-X firewalls with Firepower Services. Progent can also assist you to plan, deploy, tune, administer and troubleshoot new firewall ecosystems built on Cisco's current ASA 5500-X models with Firepower. Progent's firewall consultants can also assist your organization to migrate from your Cisco ASA 5500-X deployment to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X firewalls features an improved substitute for every rack-mountable unit in the older ASA 5500 line of firewalls. Each ASA 5500-X firewall targets the identical market as the associated earlier models, which offers most ample choice for selecting a solution that aligns with their security requirements and IT budgets. All ASA 5500-X products build on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and support Cisco's powerful protection services. All devices in Cisco's ASA 5500-X family deliver dependable security across any combination of physical, virtual, and cloud environments.
For more information about Cisco's ASA 5500-X firewalls, Cisco Firepower services, and Progent's consulting for ASA security appliances, visit Cisco Firepower configuration and debugging consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with software or hardware modules that enable Firepower Services, which offer layered defense against multi-vector threats. Cisco's Firepower Services are powered by technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X security appliances include:
- Multi-layer protection against familiar and new threats
- Cisco's Advanced Malware Protection that utilizes big data to discover and remediate security breaches
- A Next-Generation Intrusion Prevention System that performs contextual analysis that covers users, network infrastructure, apps, and content to discover threats that use simultaneous vectors
- High-resolution Application Visibility and Control that is aware of thousands of applications and can automatically activate both standard and customized IPS policies depending on the degree of risk
Firepower Services for ASA 5500-X firewalls provide advanced multi-layered threat protection
Simpler implementations of Cisco ASA firewalls can be effectively managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all ASA 5500-X versions. ASDM includes a simple web console for configuring, managing, and debugging ASA 5500-X appliances and service modules.
For more complex deployments, ASA 5500-X firewalls with Firepower Services can be managed with Firepower Management Center, available as one or several physical or virtual appliances. Cisco's Firepower Management Center offers unified firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection. Due to ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names that include Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center centralizes event and policy management for Firepower firewalls
Firepower Management Center provides features unavailable with Cisco's on-box Adaptive Security Device Manager tool. Additional capabilities include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for user devices, a dashboard that offers dynamic network visualization, automated policy tuning driven by risk assessment of threats, comprehensive IPS, custom app detectors for Application Visibility and Control (AVC), customized health notifications, enhanced reporting features, and APIs for host input and databases. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be managed via the on-device ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Adaptive Security Appliances
Cisco ASA 5500 Series Firewalls leverage technology developed for Cisco's PIX 500 family firewall, Cisco's IPS 4200 Series sensor, and the VPN 3000 Series concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to deliver a firewall that stops the widest variety of attacks. Cisco ASA 5500 Series Firewalls provide program protection, network containment, and clean VPN functionality throughout Cisco's product portfolio. This breadth of protection allows the guarding of any network segment, which includes the most typical threat vectors like remote sites, LAN-connected inside users, and off-site connected VPNs.
The expandable design of the Cisco ASA 5500 family permits you to add features via security service modules (SSMs) and security service cards (SSCs). These user-installable enhancements give you the ability to add Intrusion Protection and content protection functions like blocking virus, worms, and phishing assaults and executing file and URL filtering. Beside allowing your IT staff to react quickly to new risk vectors, the expandable architecture of the Cisco ASA 5500 Series also protects your hardware investment by increasing the useful life of your security appliances. The Cisco ASA 5500 Series also leverages your investment in administrative staff education by supporting the rich set of PIX 500 security management utilities and protocols including the Cisco Adaptive Security Device Manager platform, protected command-line interface access, syslog, and Simple Network Management Protocol.
Cisco ASA 5500 Series firewalls deliver robust application security through intelligent, application-aware inspection processes that analyze traffic at Layers 4-7. This produces a better protected environment covering Web, voice, and 3G-mobile wireless services. To defend networks against application-layer assaults and to provide stronger policing of the applications and protocols used in their networks, these inspection engines integrate broad application and protocol knowledgebases and rely on protection enforcement solutions that include protocol anomaly detection and application and protocol state tracking. Also incorporated are attack sensing and remediation technology including application and protocol command filters and URL deobfuscation. Cisco ASA 5500 Series firewall inspection engines also provide control over instant messaging and tunneling applications, allowing businesses to police usage policies and free up bandwidth for critical business applications.
For more details about Progent's support services for ASA 5500 firewalls, go to ASA 5500 firewalls configuration and debugging consulting.
Based upon a tested, purpose-built operating system that offers a wealth of protection services, PIX firewall appliances offer excellent protection and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security qualification. Cisco PIX firewall appliances provide security for a broad range of VoIP and other multimedia conventions including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, helping organizations to safeguard installations of a wide array of contemporary and next-generation IP voice and video applications.
Cisco PIX security appliances offer a wealth of setup, tracking, and analysis features, providing IT managers the flexibility to use the techniques that most closely meet their needs. Management options include common, policy-based administration tools, integrated web-accessible administration, and support for remote-monitoring protocols like Simple Network Management Protocol and syslog. The integrated ASDM system provides a world-class Web-based management platform that greatly simplifies the deployment, ongoing configuration, and monitoring of a specific PIX security appliance without requiring any extra software other than an ordinary Web browser and Java plug-in to be running on an administrator's computer.
Administrators can furthermore remotely configure, track, and analyze Cisco PIX security appliances using a command-line interface. Safe command-line interface (CLI) access is possible using several techniques including SSHv2 Protocol, Telnet over IP Security, and out-of-band through a console port. PIX security appliances also have robust auto-update capabilities, a set of revolutionary secure remote-management services that ensure firewall configurations and software images are always up to date.
For additional information about Progent's support services for PIX 500 security appliances, see PIX firewalls integration and debugging consulting.
Progent's Migration Support Services for Cisco Firewalls
Since Cisco has stopped selling the PIX 500 and ASA 5500 families of firewalls, many businesses are concerned about depending on a critical infrastructure mechanism that might stop being supported. Cisco ASA 5500-X and Firepower Series security appliances offer the benefit of being current devices and also offer a number of technical and economic benefits in comparison to PIX 500 firewalls. These benefits include significantly better performance, optional Secure Sockets Layer VPN capability, and a modular design that guards your investment by allowing you to add more security services when and if you require them. Progent's Cisco network engineers can assist you to determine the business case for moving from PIX 500 or Cisco ASA 5500 security appliances, create a migration plan that allows for a fast and non-disruptive upgrade, assist your IT staff to configure new ASA 5500-x or Firepower NGFW Series appliances, and provide online, consulting, and troubleshooting services.
Other Ways Progent Can Help You with Cisco ASA and PIX Security Appliances
Cisco Firepower NGFW Series, ASA 5500 Series, and PIX firewalls incorporate an array of setup, monitoring, and analysis features which give you the ability to deploy these security appliances to match your company's requirements. Progent's CCIE certified network professionals can help you to configure and support a cost-effective infrastructure that incorporates Cisco firewalls and that offers advanced protection, resilience, performance, and recoverability. Progent's CISA and CISSP-ISSP-certified IS security consultants can assist you to create a security strategy appropriate for your business and can set up your security appliance to support your security strategy. Progent's risk evaluation professionals can assess the effectiveness of your current firewall solution and help determine the overall security of your entire information system environment. Progent’s Help Desk support team can provide emergency remote troubleshooting for Cisco technology and can give you fast access to a Cisco CCIE expert.
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
To learn more information about Progent's engineering help for Cisco solutions, pick a subject:
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.