Cisco is a perennial front-runner in developing state-of-the-art firewalls for the widest possible variety of deployments. Cisco's Firepower Next Generation Firewalls (NGFWs) provide a modern firewall platform that combines dedicated hardware, cloud-based services, and machine learning to anticipate, identify, and respond to threats automatically. Progent's Cisco-certified CCIE firewall experts can help you to plan and execute a smooth upgrade to Cisco Firepower firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you enhance Firepower appliances with Cisco's cloud-based services to build and centrally manage network ecosystems that include local offices, data centers, and cloud resources. Progent's firewall consultants can also help you to manage and troubleshoot legacy Cisco firewalls. Progent's certified cybersecurity consultants can assist you with policy creation based on industry best practices in order to establish a consistent cybersecurity posture across all your endpoints anywhere.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a major performance boost over Cisco's popular ASA 5500-X security appliances and include centralized control of advanced cybersecurity features like application visibility and control (AVC), next-generation intrusion protection with risk prioritization, advanced malware protection, DDoS mitigation, and sandboxing. For details about Cisco's Firepower family of Next Generation Firewalls, see Firepower firewalls consulting experts.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500 Series, and PIX firewall appliances offer combined firewall, IPsec VPN, and intrusion prevention system (IPS) services in single-box packages, delivering a broad range of features to match the security and compliance needs of companies from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances allow network security staffs to protect their network perimeter and offer safe remote access while utilizing advanced management mechanisms built on Cisco's industry-leading firewall technology.
Cisco’s ASA 5500 and PIX 500 firewalls have reached end-of-life (EOL) but remain commonly deployed in smaller organizations and in some larger networks. The ASA 5500-X Series Next-Generation Firewalls represent substantially more bang for the buck and have superseded the ASA 5500 and PIX lines of firewalls for new deployments. Still, Cisco's legacy firewalls, if properly managed, continue to deliver a high level of protection by supplying multiple services such as stateful firewall, VPN, and IPS.
Since Cisco's acquisition of Sourcefire, the entire family of Cisco ASA 5500-X firewalls can be provisioned to enable Firepower Services, based on Sourcefire's Snort product, which is the world's most deployed intrusion protection system (IPS). Firepower services bring powerful new capabilities including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco-premier infrastructure engineers can assist your organization to maintain and debug legacy ASA 5500 Series and PIX 500 firewall appliances and can also help you to design and carry out a smooth migration to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also help you to design, deploy, tune, administer and debug new firewall solutions based on Cisco's current ASA 5500-X firewalls with Firepower. Progent can also help your organization to upgrade from your Cisco ASA 5500-X solution to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive line of ASA 5500-X firewalls includes an enhanced substitute for each rack-mountable model in the older ASA 5500 generation of devices. Each ASA 5500-X model targets the identical environment as the corresponding previous models, which gives most ample room for picking a solution that meets their security requirements and budgets. All ASA 5500-X products are based on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and support Cisco's advanced protection services. All models in Cisco's ASA 5500-X product line provide consistent protection across any combination of physical, virtual, and cloud environments.
For additional details about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's support for Cisco ASA 5500-X security appliances, visit Cisco Firepower configuration and troubleshooting consulting
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with either software or physical modules that enable Cisco's Firepower Services, which offer layered protection against multi-vector threats. Firepower Services are powered by technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA firewalls include:
- Layered defense against both familiar and zero-day attacks
- Advanced Malware Protection that uses big data techniques to discover and mitigate security breaches
- A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at clients, infrastructure, apps, and content to detect threats that use multiple vectors
- Fine-grained Application Visibility and Control that is aware of thousands of apps and can automatically activate standard and customized IPS policies based on the degree of risk
Firepower Services for ASA firewalls offer multi-layered threat protection
Smaller deployments of Cisco ASA firewalls can be efficiently managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility provided with all ASA 5500-X versions. ASDM provides a simple web dashboard for configuring, managing, and debugging ASA 5500-X devices and service modules.
For more complex deployments, ASA 5500-X firewalls with Firepower Services can be administered using Firepower Management Center, available as one or more physical or virtual devices. Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of ongoing rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names that include Cisco Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center centralizes event and policy management for Cisco Firepower firewall appliances
Firepower Management Center provides capabilities unavailable with Cisco's on-device Adaptive Security Device Manager tool. Extra features include greater context awareness, Advanced Malware Protection (AMP) with mitigation for client devices, a dashboard that provides real-time network infrastructure visualization, automated policy optimization based on risk assessment of threats, comprehensive IPS, custom app detectors for Application Visibility and Control, customized health notifications, enhanced reporting options, and APIs for host input and database access. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be handled using the on-box ASDM or the ASA CLI.
Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on technology behind Cisco's PIX 500 Series firewall, Cisco's IPS 4200 sensor, and Cisco's VPN 3000 model concentrator. These technologies enable the Cisco ASA 5500 Series Firewall family to offer a firewall that stops the broadest range of threats. Cisco ASA Firewalls deliver program protection, local containment, and clean VPN connectivity across the entire product portfolio. This broad scope of security enables the guarding of any network section, including the most typical threat vectors such as remote sites, LAN-attached internal users, and remote access Virtual Private Networks.
The scalable design of the ASA 5500 Series allows you to add services via service modules and security service cards (SSCs). These user-installable enhancements give you the ability to add Intrusion Protection and content protection functions like filtering virus, spyware, and phishing assaults and executing file and URL screening. In addition to allowing your IT staff to respond quickly to the latest threat environments, the expandable design of the ASA 5500 family also leverages your capital investment by prolonging the life of your firewalls. The Cisco ASA 5500 family also protects your investment in administrative staff training by supporting the familiar set of PIX security management utilities and protocols such as the Cisco ASDM system, secure command-line interface availability, syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver robust application security through smart, application-sensitive inspection processes that analyze network flows at Layers 4-7. The result is a more secure environment covering Web, voice, and mobile wireless access. To defend against application-layer assaults and to offer stronger control over the programs and protocols utilized in their environments, Cisco's inspection engines integrate broad application and protocol knowledge and rely on security enforcement solutions that include protocol anomaly sensing and application and protocol state tracking. Also included are attack detection and remediation technology including application/protocol command filters and content verification. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, enabling businesses to police usage policies and free up bandwidth for important business processes.
For additional details about Progent's consulting services for Cisco's ASA 5500 firewalls, see ASA 5500 firewalls integration and troubleshooting support.
Cisco PIX Security Appliance Series
Based upon a tested, specialized OS that offers rich protection services, Cisco PIX firewall appliances offer excellent security and have earned EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. PIX security appliances offer protection for a broad array of Voice over IP and other mixed-media standards including H.323 Version 4, SIP, SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping organizations to safeguard deployments of a broad range of current and upcoming Voice over IP and video applications.
Cisco PIX firewalls feature a variety of configuration, tracking, and analysis features, providing businesses the versatility to use the methods that most closely match their requirements. Management options include common, policy-based administration tools, integrated web-based management, and support for remote-monitoring protocols like Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager interface provides a powerful Web-based control platform that significantly simplifies the installation, ongoing modification, and tracking of a single PIX security appliance without the need of any additional software other than a standard browser and Java applet to be installed on a manager's computer.
Administrators can also remotely set up, monitor, and analyze Cisco PIX security appliances using a CLI interface. Safe command-line interface (CLI) communication is available through several techniques including Secure Shell Protocol, Telnet through IPsec, and out-of-band through a console port. Cisco PIX security appliances also include dependable auto-update capabilities, a collection of revolutionary secure remote-management services that make sure that firewall configurations and software images are always up to date.
For more details about Progent's consulting services for Cisco PIX 500 security appliances, visit Cisco PIX 500 firewalls integration and debugging services.
Progent's Migration Consulting Support for Cisco Firewalls
Since Cisco has discontinued offering the PIX and ASA 5500 families of firewalls, many companies are uncomfortable with relying on a key security mechanism that may stop being supported by Cisco. ASA 5500-X and Firepower NGFW Series firewalls offer the benefit of being current products and also offer a number of functions and financial benefits in comparison to PIX devices. These benefits include substantially higher throughput, optional SSL tunneling capability, and an expandable design that guards your investment by enabling you to add new security services when and if you need them. Progent's Cisco certified network engineers can assist you to determine the business case for upgrading from PIX 500 or Cisco ASA 5500 firewalls, create a migration plan that permits a fast and seamless changeover, help your IT staff to set up new ASA 5500-x Series or Firepower NGFW Series appliances, and offer online, consulting, and troubleshooting services.
Other Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco Firepower Series, ASA 5500 Series, and PIX family security appliances incorporate a wealth of setup, tracking, and analysis features that give you the ability to configure these firewalls to align optimally with your company's needs. Progent's CCIE certified network experts can show you how to configure and support an efficient network infrastructure that incorporates Cisco firewalls and that offers advanced security, resilience, throughput, and manageability. Progent's GISA and CISM-premier information security experts can help you to develop a security policy that makes sense for your situation and can set up your security appliance to enforce your security policies. Progent's risk evaluation experts can evaluate the effectiveness of your current firewall solution and validate the overall security of your whole information system network. Progent’s Technical Response Center (TRC) can deliver emergency online technical support for Cisco technology and can give you fast access to a Cisco CCIE expert.
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
To see more details concerning Progent's professional expertise for Cisco solutions, choose a topic:
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.