Cisco is a long-time front-runner in developing state-of-the-art firewall appliances for the widest possible range of environments. Cisco's Firepower NGFWs Firewalls represent an advanced firewall platform that combines sophisticated hardware, cloud-based services, and machine learning to anticipate, identify, and respond to threats automatically. Progent's Cisco-certified CCIE-certified firewall consultants can help your organization to plan and execute a smooth upgrade to Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and help you integrate Firepower appliances with Cisco's cloud-based services to build and centrally control network ecosystems that span local offices, data centers, private clouds and public clouds. Progent can also help you to manage and troubleshoot legacy Cisco firewalls. Progent's certified cybersecurity consultants can help you with policy creation and tuning based on industry best practices so you can establish a consistent security posture across all your devices anywhere.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a major performance boost compared to Cisco's previous-generation ASA 5500-X security appliances and offer unified management and automation of modern security capabilities like application visibility and control, next-generation intrusion protection with risk prioritization, advanced malware protection (AMP), URL filtering, and multi-node sandboxing. For details about Cisco's Firepower portfolio of Next Generation Firewalls (NGFWs), see Cisco Firepower firewalls integration expertise.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances offer combined firewall, VPN, and IPS services in single-box packages, delivering a broad array of features to meet the security requirements of organizations from small and mid-size businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewalls enable network security teams to defend their network perimeter and offer safe remote access while utilizing advanced management tools based on Cisco's world-class firewall products.
Cisco’s ASA 5500 Series and PIX firewalls have arrived at end-of-life (EOL) but remain widely deployed in smaller organizations and in a few enterprise data centers. Cisco’s ASA 5500-X Series Next-Generation Firewalls deliver significantly more value and have supplanted the ASA 5500 and PIX 500 families of firewalls for new installations. Still, Cisco's older model firewalls, if properly maintained, can offer a high degree of security by supplying a variety of services including stateful firewall, VPN tunneling, and IPS.
Following Cisco's acquisition of Sourcefire, the entire line of ASA 5500-X firewalls can be provisioned to enable Firepower Services, based on Sourcefire's Snort technology, which is the world's most deployed network intrusion protection system. Firepower services bring enhanced features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco CCIE-premier network engineers can help you to support and debug legacy ASA 5500 Series and PIX 500 firewalls and can also help you to design and carry out a smooth upgrade to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also help you to plan, configure, tune, manage and debug new firewall solutions based on Cisco's current ASA 5500-X models with Firepower Services. Progent can also assist your organization to migrate from your Cisco ASA 5500-X deployment to Cisco's latest Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X firewalls features an improved replacement for each rack-mountable model in the older ASA 5500 line of devices. Each ASA 5500-X firewall is suited for the identical market as the corresponding earlier models, which gives small and midsize businesses ample room for picking a solution that meets their security needs and IT budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and are capable of running Cisco's advanced protection services. All models in Cisco's ASA 5500-X family provide dependable security across any mix of physical, virtual, and cloud environments.
For additional information about ASA 5500-X security appliances, Firepower services, and Progent's consulting for ASA firewalls, visit Cisco Firepower integration and debugging expertise
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls work with either software or physical modules that support Firepower Services, which provide layered protection against sophisticated threats. Cisco's Firepower Services are based on technology adopted by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X firewalls include:
- Layered defense against familiar and new attacks
- Advanced Malware Protection (AMP) that uses big data techniques to find and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that covers clients, network infrastructure, apps, and content to detect attacks that incorporate simultaneous vectors
- Fine-grained Application Visibility and Control (AVC that is aware of thousands of applications and can automatically activate both standard and customized IPS policies depending on the severity of risk
Firepower Services for ASA 5500-X firewalls offer multi-layered threat protection
Smaller deployments of Cisco ASA 5500-X firewalls can be efficiently administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool provided with all ASA 5500-X versions. ASDM includes a simple web console for deploying, administering, and debugging ASA 5500-X firewalls and modules.
For more complex environments, ASA 5500-X appliances with Firepower Services can be managed with Firepower Management Center, available as one or several physical or virtual appliances. Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Advanced Malware Protection. Because of frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names that include Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center unifies event and policy control for Firepower firewalls
Firepower Management Center provides capabilities beyond those available with Cisco's on-device Adaptive Security Device Manager utility. Additional features include greater context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for user devices, a console that offers real-time network infrastructure visualization, automated policy optimization based on risk assessment of attacks, comprehensive IPS, custom application discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting options, and application interfaces for host input and databases. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed via Cisco's ASA 5500-X on-device ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Adaptive Security Appliances
Cisco ASA Firewalls build on engineering behind the Cisco PIX 500 Series firewall, the IPS 4200 family sensor, and Cisco's VPN 3000 Series concentrator. These solutions enable the Cisco Adaptive Security Appliances 5500 Series Firewall product line to offer a platform that defends against the broadest range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver program protection, local containment, and safe Virtual Private Network functionality throughout the entire product line. This breadth of protection enables defense of any network section, which includes the most typical threat conduits such as remote locations, LAN-connected internal users, and off-site connected VPNs.
The scalable design of the Cisco ASA 5500 Series allows you to add security services by installing security service modules and cards. These easy-to-install enhancements provide the ability to add Intrusion Protection and content protection functions like filtering virus, spyware, and phishing attacks and executing file and URL filtering. Beside allowing your IT staff to react rapidly to the latest threat environments, the extensible design of the ASA 5500 Series also leverages your hardware investment by prolonging the useful life of your security appliances. The ASA 5500 family also protects your investment in IT team education by supporting the rich set of PIX 500 management tools and protocols such as the Cisco ASDM platform, protected command-line interface (CLI) access, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances 5500 Series firewalls provide a high-level of application security through smart, application-sensitive inspection engines that examine traffic at Layers 4-7. This produces a safer environment including Web, voice, and mobile wireless access. To protect against application-layer assaults and to offer better control over the applications and protocols used in their networks, Cisco's inspection engines integrate extensive application and protocol knowledge and employ protection enforcement solutions that include anomaly detection and application and protocol state tracking. Also included are assault sensing and mitigation techniques including application/protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide management of instant messaging and tunneling applications, enabling businesses to police usage policies and conserve bandwidth for important business applications.
For additional information about Progent's consulting services for Cisco's ASA 5500 firewalls, see ASA 5500 series firewalls configuration and debugging support.
Cisco PIX Firewall Appliances
Built around a hardened, specialized operating system that offers a wealth of protection services, Cisco PIX security appliances provide a high level of security and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. Cisco PIX firewall appliances provide security for a broad range of VoIP and additional multimedia conventions including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and MGCP, helping businesses to protect installations of a wide array of current and upcoming IP voice and multimedia applications.
PIX firewalls feature a variety of configuration, tracking, and troubleshooting options, providing businesses the flexibility to use the methods that best match their needs. Administrative solutions include centralized, policy-based administration utilities, integrated web-based management, and support for remote-tracking standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a world-class Web-based management platform that greatly streamlines the deployment, ongoing modification, and tracking of a specific PIX security appliance without the need of any extra software beyond an ordinary browser and Java applet to be installed on an administrator's PC.
Administrators can furthermore remotely set up, monitor, and analyze PIX firewalls via a CLI interface. Secure command-line interface (CLI) communication is possible through several methods including SSHv2 Protocol, Telnet over IP Security, and out-of-band through a console port. Cisco PIX firewalls also include robust auto-update features, a collection of revolutionary protected remote-administration services that make sure that security settings and software images are always current.
For additional information about Progent's support services for PIX 500 security appliances, see PIX 500 firewalls configuration and troubleshooting support.
Progent's Migration Consulting for Cisco Firewalls
Since Cisco has stopped selling the PIX 500 and ASA 5500 families of firewalls, many companies are concerned about depending on a key infrastructure component that may stop being supported by Cisco. ASA 5500-X and Firepower NGFW Series firewalls have the advantage of being current devices and also bring a number of technical and budgetary advantages in comparison to PIX devices. These benefits include substantially higher performance, optional Secure Sockets Layer tunneling capability, and an expandable design that guards your investment by enabling you to add more security services whenever you require them. Progent's Cisco network engineers can help your company to determine the business value of for upgrading from PIX 500 or Cisco ASA 5500 security appliances, design a migration process that permits a quick and non-disruptive changeover, help you to configure new ASA 5500-x Series or Firepower NGFW Series firewalls, and offer remote training, consulting, and technical support services.
Additional Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco's Firepower NGFW Series, ASA 5500 Series, and PIX firewalls incorporate a wealth of setup, monitoring, and analysis options which give you the ability to deploy these security appliances to match your business requirements. Progent's CCIE authorized network experts can help you to design an efficient infrastructure that includes Cisco security appliances and that provides world-class protection, resilience, throughput, and manageability. Progent's CISA and CISM-premier information security consultants can assist you to develop a security policy appropriate for your environment and can set up your security appliance to enforce your security policies. Progent's risk assessment professionals can evaluate the effectiveness of your current firewall deployment and audit the security of your entire IT network. Progent’s Help Desk Call Center can deliver emergency online troubleshooting for Cisco products and can give you quick access to a Cisco CCIE expert.
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
To find out more details concerning Progent's engineering expertise for Cisco products, select a subject:
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.