Cisco is a perennial leader in developing state-of-the-art firewall appliances for the broadest possible variety of deployments. Cisco's Firepower Next Generation Firewalls (NGFWs) represent an advanced cybersecurity solution that marshals dedicated hardware, cloud services, and machine learning to block, discover, and mitigate cyber attacks automatically. Progent's Cisco-certified CCIE firewall experts can help you to plan and execute a smooth migration to Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and show you how to enhance Firepower appliances with Cisco's cloud-based services to build and centrally control IT ecosystems that span local offices, data centers, and cloud resources. Progent's firewall consultants can also assist you to maintain and troubleshoot legacy Cisco firewalls. Progent's certified cybersecurity experts can help you with policy creation and tuning driven by industry best practices in order to establish a consistent and effective security profile that applies to all your devices at any location.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a significant performance improvement over Cisco's popular ASA 5500-X firewalls and include centralized management and automation of advanced cybersecurity features such as application visibility and control (AVC), next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), DDoS mitigation, and sandboxing. For more information about Cisco's Firepower family of NGFWs Firewalls, see Firepower firewalls integration services.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco’s ASA 5500-X Series, ASA 5500, and PIX 500 firewalls provide integrated firewall, IPsec VPN, and intrusion prevention system (IPS) services in single-box packages, delivering a wide array of features to match the security needs of organizations from small and mid-size businesses to enterprises and Internet service providers. Cisco’s ASA 5500-X, ASA 5500, and PIX 500 firewall appliances enable IT security teams to defend their network perimeter and offer safe remote connectivity while utilizing powerful administration tools built on Cisco's world-class firewall products.
Cisco’s ASA 5500 Series and PIX 500 firewalls have reached end-of-life (EOL) status but are still widely deployed in small and mid-size organizations as well as in a few enterprise data centers. The ASA 5500-X Series Next-Generation Firewalls deliver substantially more value and have supplanted the ASA 5500 and PIX families of firewalls for new installations. Still, Cisco's legacy firewall appliances, if properly managed, continue to offer a high degree of protection by supplying multiple services including stateful firewall, IPsec VPN, and IPS.
After Cisco's purchase of Sourcefire, the entire line of ASA 5500-X devices can be provisioned to support Firepower Services, built on Sourcefire's Snort technology, which is the market's most popular intrusion protection system. Firepower services bring enhanced capabilities such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco-premier network engineers can help you to support and debug legacy ASA 5500 Series and PIX 500 firewall appliances and can also help you to design and implement a smooth migration to Cisco’s ASA 5500-X Series firewalls with Firepower. Progent can also help you to plan, integrate, tune, administer and debug new firewall ecosystems built on Cisco's latest ASA 5500-X models with Firepower Services. Progent can also assist your organization to upgrade from your Cisco ASA 5500-X Series deployment to Cisco's Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X security appliances includes an enhanced replacement for each rack-mountable model in the older ASA 5500 line of firewalls. Each ASA 5500-X model targets the same market as the corresponding earlier models, which offers small and midsize businesses ample room for selecting a solution that meets their security requirements and IT budgets. All ASA 5500-X products build on Cisco's proven stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and support Cisco's advanced protection services. All devices in Cisco's ASA 5500-X family provide consistent security across any mix of physical, virtual, and cloud environments.
For more information about Cisco's ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for ASA security appliances, see Cisco Firepower integration and debugging expertise
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls work with either software or hardware modules that support Cisco's Firepower Services, which offer layered defense against multi-vector threats. Cisco's Firepower Services are based on innovative technology adopted by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA 5500-X security appliances include:
- Multi-layer defense against familiar and new attacks
- Cisco's Advanced Malware Protection (AMP) that uses big data techniques to discover and mitigate security breaches
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at clients, infrastructure, software applications, and content to detect attacks that use simultaneous vectors
- Fine-grained Application Visibility and Control that is aware of thousands of apps and can automatically launch standard and custom IPS policies based on the degree of threats
Firepower Services for Cisco ASA 5500-X firewalls offer multi-layered protection
Simpler deployments of ASA 5500-X firewalls can be effectively administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool which is provided with all ASA 5500-X models. ASDM provides a convenient web console for deploying, managing, and troubleshooting ASA 5500-X appliances and service modules.
For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower Services can be managed using Firepower Management Center, available as one or several physical units or virtual appliances. Cisco's Firepower Management Center offers unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection. Because of frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names that include Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center unifies event and policy control for Cisco Firepower firewall appliances
Cisco's Firepower Management Center offers capabilities unavailable with Cisco's on-device Adaptive Security Device Manager tool. Extra capabilities include expanded context awareness, Advanced Malware Protection (AMP) with mitigation for user devices, a dashboard that provides dynamic infrastructure visualization, automated policy optimization driven by impact evaluation of attacks, comprehensive IPS, custom app detectors for Application Visibility and Control, customized health alerts, improved reporting features, and APIs for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed using Cisco's ASA 5500-X on-device ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Family of Adaptive Security Appliances
Cisco Adaptive Security Appliances 5500 Series Firewalls build on engineering developed for the PIX 500 family Security Appliance, Cisco's IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These solutions enable the Cisco Adaptive Security Appliances (ASA) Firewall family to offer a platform that stops the widest range of attacks. Cisco Adaptive Security Appliances Firewalls deliver program protection, local containment, and safe Virtual Private Network connectivity throughout Cisco's product line. This broad scope of security allows defense of any network segment, which includes the most typical threat vectors like remote locations, LAN-attached internal users, and off-site connected VPNs.
The expandable architecture of the ASA 5500 Series permits you to add security services via service modules and cards. These user-installable options give you the ability to add Intrusion Protection and content protection functions such as blocking virus, spyware, and phishing attacks and performing file and web filtering. Beside enabling your IT staff to react rapidly to new risk vectors, the expandable design of the ASA 5500 Series also protects your capital investment by prolonging the life of your security appliances. The Cisco ASA 5500 family also leverages your investment in IT staff education by supporting the rich library of PIX management utilities and protocols including the Cisco Adaptive Security Device Manager platform, secure command-line interface (CLI) access, verbose syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances 5500 Series firewalls provide a high-level of application security via intelligent, application-aware inspection engines that examine network flows at Layers 4-7. This produces a more secure environment covering Web, voice, and 3G-mobile wireless access. To defend networks against application-layer assaults and to offer better policing of the applications and protocols used in their environments, these inspection engines incorporate broad application and protocol knowledgebases and employ security enforcement technologies that include anomaly sensing and application and protocol state tracking. Also incorporated are attack sensing and mitigation techniques including application and protocol command filters and content verification. Cisco ASA 5500 Series firewall inspection engines also deliver management of IM and tunneling applications, allowing businesses to police usage policies and preserve network bandwidth for critical business applications.
For more information about Progent's support services for Cisco's ASA 5500 security appliances, see Cisco ASA 5500 firewalls integration and troubleshooting support.
Cisco PIX Firewall Appliances
Based around a tested, purpose-built operating system that delivers rich security services, PIX firewalls provide excellent protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security qualification. PIX firewall appliances offer security for a wide array of VoIP and additional mixed-media standards such as H.323 v. 4, SIP, Cisco Skinny Client Control Protocol (SCCP), RTSP, and MGCP, helping businesses to safeguard deployments of a broad range of current and next-generation IP voice and multimedia applications.
PIX firewalls feature a variety of setup, monitoring, and analysis options, providing IT managers the flexibility to utilize the methods that best match their requirements. Management options include centralized, policy-based management utilities, integrated web-based management, and support for remote-monitoring protocols like Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager interface offers a world-class Web-based control solution that greatly simplifies the deployment, in-place configuration, and tracking of a single PIX firewall appliance without requiring any additional software beyond a standard browser and Java plug-in to be installed on an administrator's computer.
IT managers can also remotely set up, monitor, and troubleshoot Cisco PIX firewall appliances using a command-line interface (CLI). Secure CLI interface access is available using several methods including SSHv2 Protocol, Telnet over IP Security, and out-of-band through a console port. Cisco PIX firewall appliances also have dependable auto-update capabilities, a set of revolutionary protected remote-administration options that ensure security configurations and software images are always up to date.
For additional information about Progent's support services for Cisco PIX firewalls, go to PIX 500 firewalls integration and troubleshooting services.
Progent's Migration Support Services for Cisco Firewalls
Since Cisco has stopped offering the PIX and ASA 5500 product lines, many businesses are concerned about depending on a critical security component that might no longer be supported by Cisco. ASA 5500-X and Firepower Series security appliances have the advantage of being new products and also offer several functions and economic advantages in comparison to PIX 500 devices. These advantages include substantially higher throughput, optional SSL tunneling capability, and a modular architecture that guards your investment by allowing you to add new security features whenever you require them. Progent's Cisco experts can assist you to assess the business value of for migrating from PIX or Cisco ASA 5500 security appliances, create a migration plan that allows for a fast and non-disruptive changeover, help your IT staff to set up new ASA 5500-x or Firepower NGFW Series appliances, and provide online, consulting, and technical support services.
Other Ways Progent Can Assist Your Business with Cisco ASA and PIX Security Appliances
Cisco's Firepower Series, ASA 5500 Series, and PIX family firewalls provide an array of setup, monitoring, and troubleshooting options which offer you the ability to deploy these security appliances to match your business requirements. Progent's CCIE certified network experts can assist you to configure and support a cost-effective infrastructure that incorporates Cisco firewall technology and that provides world-class security, fault tolerance, throughput, and recoverability. Progent's CISA and CISM-certified IS security consultants can help your business to create a security strategy appropriate for your environment and can set up your security appliance to enforce your security policies. Progent's risk evaluation experts can evaluate the effectiveness of your current firewall deployment and audit the security of your whole IS environment. Progent’s Help Desk Call Center can deliver urgent remote troubleshooting for Cisco products and offer quick access to a Cisco CCIE expert.
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
To see additional details concerning Progent's consulting support for Cisco solutions, choose a topic:
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.