Cisco is a long-time leader in developing state-of-the-art firewalls for the broadest possible range of environments. Cisco's Firepower Next Generation Firewalls represent an advanced cybersecurity platform that combines sophisticated hardware, cloud-based services, and machine learning to anticipate, discover, and mitigate cyber attacks automatically. Progent's Cisco-certified CCIE-certified firewall consultants can assist you to plan and carry out an efficient upgrade to Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and help you integrate Firepower firewalls with Cisco's subscription-based security services to build and centrally control IT environments that include branch offices, data centers, and cloud resources. Progent can also assist you to manage and debug legacy Cisco firewalls. Progent's certified cybersecurity experts can assist you with policy creation driven by industry best practices in order to build a consistent cybersecurity profile that applies to all your networked devices at any location.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a major performance boost over Cisco's popular ASA 5500-X firewalls and include centralized control of advanced security capabilities like application visibility, next-generation intrusion protection with risk prioritization, advanced malware protection, DDoS mitigation, and multi-node sandboxing. For details about Cisco's Firepower family of Next Generation Firewalls (NGFWs), visit Firepower Series firewalls integration expertise.
Cisco's ASA 5500-X Series and Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances provide integrated firewall, VPN, and intrusion prevention system (IPS) capabilities in compact single-box packages, delivering a wide array of features to match the security needs of organizations from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X Series, ASA 5500, and PIX firewalls enable network security staffs to defend their network perimeter and provide secure offsite and mobile connectivity while utilizing powerful administration tools based on Cisco's world-class firewall technology.
Ciscoís ASA 5500 and PIX firewalls have arrived at end-of-life status but are still commonly deployed in smaller organizations and in some enterprise data centers. Ciscoís ASA 5500-X Next-Generation Firewalls deliver significantly more bang for the buck and have superseded the ASA 5500 and PIX lines of firewalls for new deployments. However, Cisco's older model firewall appliances, if carefully managed, can deliver a high level of protection by providing a variety of features such as firewall, IPsec VPN, and IPS.
After Cisco's purchase of Sourcefire, the whole line of Cisco ASA 5500-X firewalls can be provisioned to support Firepower Services, built on Sourcefire's Snort product, which is the world's most popular network intrusion protection system (IPS). Firepower services provide powerful new capabilities such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco-premier infrastructure engineers can help your organization to support and debug legacy ASA 5500 and PIX 500 firewalls and can also assist you to design and carry out an efficient upgrade to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to plan, integrate, optimize, administer and debug new firewall ecosystems based on Cisco's current ASA 5500-X models with Firepower Services. Progent's firewall consultants can also assist your organization to migrate from your Cisco ASA 5500-X Series deployment to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive line of ASA 5500-X firewalls includes an improved replacement for every rack-mountable unit in the older ASA 5500 generation of devices. Each ASA 5500-X firewall targets the same environment as the corresponding previous models, which offers small and midsize businesses ample choice for selecting a firewall that aligns with their security requirements and IT budgets. All ASA 5500-X products build on Cisco's tested stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and support Cisco's advanced protection services. All devices in Cisco's ASA 5500-X product line deliver consistent security across any combination of physical, virtual, and cloud environments.
For additional details about ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for Cisco ASA 5500-X firewalls, visit Firepower configuration and debugging consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls accept either software or hardware modules that support Firepower Services, which offer layered protection against sophisticated attacks. Firepower Services are powered by technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA firewalls include:
- Layered defense against both familiar and new threats
- Cisco's Advanced Malware Protection that utilizes big data techniques to discover and mitigate security breaches
- A Next-Generation Intrusion Prevention System that provides contextual analysis that looks at users, network infrastructure, software applications, and content to detect attacks that incorporate simultaneous vectors
- High-resolution Application Visibility and Control (AVC that is familiar with thousands of apps and can automatically activate both standard and custom IPS policies based on the severity of risk
Firepower Services for Cisco ASA 5500-X firewalls provide multi-layered threat protection
Simpler deployments of ASA firewalls can be effectively administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility provided with all ASA 5500-X models. ASDM provides a simple web dashboard for deploying, managing, and troubleshooting ASA 5500-X devices and modules.
For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower Services can be administered using Firepower Management Center, implemented as one or more physical or virtual appliances. Firepower Management Center offers centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names that include Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center centralizes event and policy management for Cisco Firepower firewall appliances
Cisco's Firepower Management Center offers features beyond those available with Cisco's on-box Adaptive Security Device Manager utility. Extra capabilities include greater context awareness, Cisco's Advanced Malware Protection with remediation for client devices, a console that provides dynamic network infrastructure visualization, automated policy optimization based on risk evaluation of attacks, comprehensive IPS, custom app detectors for Application Visibility and Control, customized health alerts, enhanced reporting features, and APIs for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be handled using the on-device ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Adaptive Security Appliances
Cisco Adaptive Security Appliances Firewalls build on engineering behind the PIX 500 Series Security Appliance, Cisco's IPS 4200 Series sensor, and the Cisco VPN 3000 model concentrator. These technologies enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to offer a firewall that stops the widest variety of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls provide application protection, network containment and control, and clean VPN connectivity throughout Cisco's product line. This breadth of protection allows the guarding of any network area, which includes the most typical attack conduits like remote sites, locally-connected inside users, and off-site connected VPNs.
The expandable architecture of the ASA 5500 family enables you to add security services by installing security service modules and security service cards. These easy-to-install enhancements provide the option of adding IPS and content protection functions such as filtering virus, worms, and phishing assaults and executing data and URL filtering. Beside enabling your IT staff to respond quickly to the latest threat environments, the extensible design of the Cisco ASA 5500 Series also leverages your hardware investment by increasing the useful life of your security appliances. The Cisco ASA 5500 family also leverages your investment in IT team training by utilizing the familiar set of PIX management tools and protocols including the Cisco Adaptive Security Device Manager (ASDM) system, secure command-line interface (CLI) access, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco ASA firewalls provide a high-level of application protection through smart, application-aware inspection processes that analyze traffic at Layers 4-7. The result is a safer network covering Web, voice, and 3G-mobile wireless services. To defend against application-layer assaults and to provide better policing of the programs and protocols utilized in their environments, Cisco's inspection engines integrate extensive application and protocol knowledge and rely on security enforcement solutions that include protocol anomaly sensing and application and protocol state monitoring. Also incorporated are attack detection and mitigation technology such as application/protocol command filters and content verification. Cisco ASA 5500 Series firewall inspection engines also provide control over IM and tunneling applications, allowing organizations to enforce usage policies and conserve bandwidth for important business applications.
For additional information about Progent's support services for ASA 5500 security appliances, see ASA 5500 firewalls configuration and debugging support.
Built upon a hardened, purpose-built software platform that delivers a wealth of protection services, Cisco PIX security appliances provide excellent protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. PIX firewalls provide protection for a broad array of VoIP and other multimedia standards including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol, helping organizations to safeguard installations of a wide range of current and upcoming VoIP and video applications.
PIX firewalls offer a wealth of configuration, monitoring, and analysis options, providing IT managers the versatility to use the techniques that best match their needs. Administrative options include common, policy-based management tools, integrated web-based management, and compatibility with remote-monitoring standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM system provides a world-class Web-based control solution that greatly simplifies the deployment, ongoing configuration, and monitoring of a specific Cisco PIX firewall appliance without the need of any additional utility beyond a standard browser and Java applet to be installed on an administrator's PC.
Administrators can furthermore remotely set up, track, and troubleshoot Cisco PIX firewall appliances using a command-line interface (CLI). Safe CLI interface access is available through a number of methods such as SSHv2 Protocol, Telnet over IP Security, and out-of-band via a console port. PIX firewall appliances also have dependable auto-update capabilities, a collection of revolutionary protected remote-management services that ensure security settings and software images are always up to date.
For more information about Progent's consulting services for Cisco PIX security appliances, visit Cisco PIX firewalls integration and debugging services.
Progent's Migration Support Services for Cisco Firewalls
Because Cisco has stopped offering the PIX and ASA 5500 families of firewalls, many businesses are uncomfortable with relying on a key security mechanism that might stop being supported. ASA 5500-X and Firepower NGFW Series firewalls have the advantage of being new devices and also bring a number of functions and financial benefits in comparison to PIX devices. These advantages include substantially higher throughput, optional SSL tunneling capability, and a modular architecture that protects your investment by allowing you to add new security features whenever you need them. Progent's Cisco certified network engineers can assist your company to determine the strategic case for moving from PIX 500 or Cisco ASA 5500 security appliances, design a migration plan that allows for a quick and seamless upgrade, help your IT staff to deploy new ASA 5500-x or Firepower Series firewalls, and provide online, consulting, and troubleshooting services.
Additional Ways Progent Can Help Your Business with Cisco ASA and PIX Security Appliances
Cisco's Firepower Series, ASA 5500 Series, and PIX security appliances provide a wealth of setup, monitoring, and analysis features that offer you the ability to deploy these security appliances to align optimally with your business requirements. Progent's CCIE authorized network experts can show you how to build an efficient infrastructure that incorporates Cisco security appliances and that provides world-class protection, resilience, performance, and recoverability. Progent's GISA and CISM-certified information security engineers can assist your business to develop a security strategy appropriate for your environment and can set up your PIX or ASA firewall to support your security strategy. Progent's risk evaluation professionals can evaluate the effectiveness of your current firewall deployment and audit the security of your entire IT environment. Progentís Technical Response Center can provide urgent online troubleshooting for Cisco technology and can give you fast access to a Cisco CCIE network engineer.
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
To see additional information concerning Progent's consulting assistance for Cisco networking products, choose a topic:
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.