Cisco is a long-time front-runner in delivering cutting-edge firewalls for the widest possible range of deployments. Cisco's Firepower Next Generation Firewalls (NGFWs) represent a modern firewall solution that combines sophisticated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to block, identify, and respond to threats automatically. Progent's Cisco-certified CCIE firewall experts can assist you to design and execute a smooth migration to Cisco Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and help you enhance Firepower firewalls with Cisco's cloud-based services to build and centrally control network environments that span local offices, data centers, and cloud resources. Progent's firewall consultants can also help you to maintain and debug legacy Cisco security appliances. Progent's certified network security experts can help you with policy creation and tuning based on industry best practices in order to build a consistent and effective cybersecurity posture that applies to all your endpoints at any location.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a significant performance boost compared to Cisco's popular ASA 5500-X firewalls and include unified control of advanced cybersecurity capabilities like application visibility, next-generation intrusion protection with risk prioritization, advanced malware protection (AMP), URL filtering, and multi-node sandboxing. For details about Cisco's Firepower portfolio of Next Generation Firewalls, visit Cisco Firepower firewalls integration expertise.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco’s ASA 5500-X Series, ASA 5500, and PIX firewall appliances offer combined firewall, IPsec VPN, and intrusion prevention system (IPS) services in single-box devices, delivering a wide array of features to meet the security and compliance needs of organizations ranging from small and mid-size businesses to enterprises and ISPs. Cisco’s ASA 5500-X, ASA 5500, and PIX 500 firewalls allow IT security teams to protect their network edge and offer safe remote connectivity while using advanced management tools based on Cisco's world-class firewall technology.
Cisco’s ASA 5500 Series and PIX firewall appliances have arrived at end-of-life but are still commonly deployed in smaller organizations as well as in a few larger networks. The ASA 5500-X Series Next-Generation Firewalls deliver substantially more bang for the buck and have supplanted Cisco's ASA 5500 and PIX 500 families of firewalls for new deployments. Still, Cisco's legacy firewalls, if properly maintained, can deliver a high degree of security by providing a variety of security functions including stateful firewall, Virtual Private Network (VPN) connections, and IPS.
Following Cisco's purchase of Sourcefire, the entire line of Cisco ASA 5500-X devices can be provisioned to support Firepower Services, built on Sourcefire's Snort product, which is the world's most popular intrusion protection system (IPS). Firepower services bring powerful new features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco-certified network consultants can help you to maintain and troubleshoot legacy ASA 5500 Series and PIX firewall appliances and can also help you to plan and implement a smooth migration to Cisco’s ASA 5500-X firewalls with Firepower. Progent can also help you to plan, deploy, optimize, administer and troubleshoot new firewall ecosystems built on Cisco's latest ASA 5500-X models with Firepower. Progent's firewall consultants can also assist you to upgrade from your Cisco ASA 5500-X solution to Cisco's latest Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X security appliances features an improved substitute for each rack-mountable model in the previous ASA 5500 generation of devices. Each ASA 5500-X firewall is suited for the same market as the corresponding previous models, which gives most ample choice for selecting a solution that aligns with their security requirements and budgets. All ASA 5500-X products are based on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and support Cisco's powerful security services. All models in Cisco's ASA 5500-X family deliver consistent protection across any combination of physical, virtual, and cloud deployments.
For additional information about ASA 5500-X security appliances, Firepower services, and Progent's consulting for ASA 5500-X security appliances, go to Firepower configuration and troubleshooting expertise
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls accept software or hardware modules that enable Firepower Services, which provide layered defense against sophisticated threats. Cisco's Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X firewalls include:
- Layered defense against both familiar and new threats
- Cisco's Advanced Malware Protection (AMP) that utilizes big data techniques to find and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at users, network infrastructure, apps, and content to discover threats that incorporate simultaneous vectors
- High-resolution Application Visibility and Control (AVC that is aware of thousands of apps and can automatically launch standard and customized IPS policies based on the degree of threats
Firepower Services for ASA firewalls provide advanced multi-layered threat protection
Simpler implementations of ASA firewalls can be efficiently managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility included with all ASA 5500-X models. ASDM includes a simple web console for configuring, administering, and troubleshooting ASA 5500-X firewalls and service modules.
For multi-device and multi-site environments, ASA 5500-X appliances with Firepower can be administered with Firepower Management Center, available as one or more physical units or virtual appliances. Cisco's Firepower Management Center offers unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection. Because of frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under various names that include Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center centralizes event and policy control for Cisco Firepower firewall appliances
Cisco's Firepower Management Center provides features unavailable with Cisco's on-device Adaptive Security Device Manager tool. Additional capabilities include expanded context awareness, Advanced Malware Protection (AMP) with remediation for user devices, a console that provides real-time network infrastructure visualization, automated policy optimization based on impact evaluation of attacks, advanced IPS, custom application discovery for Application Visibility and Control, customized health alerts, improved reporting options, and application interfaces for host input and database access. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be handled using either the on-device ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Series Firewalls
Cisco ASA 5500 Series Firewalls leverage technology behind the Cisco PIX 500 family firewall, Cisco's IPS 4200 family sensor, and the VPN 3000 model concentrator. These technologies enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to deliver a platform that defends against the broadest variety of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver program security, local containment and control, and safe Virtual Private Network functionality across the entire product line. This breadth of security enables defense of any network segment, which includes the most common threat vectors such as remote locations, LAN-attached inside users, and remote access VPNs.
The scalable architecture of the Cisco ASA 5500 family permits you to add features by installing security service modules (SSMs) and security service cards (SSCs). These easy-to-install options give you the ability to add IPS and content protection services like filtering virus, spyware, and phishing assaults and performing data and URL screening. Beside allowing your IT staff to respond quickly to new threat environments, the expandable architecture of the ASA 5500 Series also protects your hardware investment by prolonging the useful life of your security appliances. The Cisco ASA 5500 Series also protects your investment in administrative staff education by supporting the rich library of PIX management utilities and protocols including the Cisco ASDM platform, secure command-line interface (CLI) availability, verbose syslog, and SNMP.
Cisco ASA 5500 Series firewalls deliver a high-level of application security through smart, application-sensitive inspection processes that analyze network flows at Layers 4-7. This produces a more secure environment covering Web, voice, and 3G-mobile wireless access. To defend networks against application-layer assaults and to provide stronger policing of the programs and protocols utilized in their networks, these inspection engines incorporate extensive application and protocol knowledge and employ security enforcement solutions such as anomaly sensing and application and protocol state tracking. Also incorporated are attack detection and remediation techniques such as application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver control over IM and peer-to-peer file sharing, enabling organizations to enforce usage policies and free up network bandwidth for crucial business applications.
For more details about Progent's consulting services for Cisco's ASA 5500 security appliances, see Cisco ASA 5500 series firewalls configuration and debugging support.
PIX Firewall Appliances
Built around a tested, purpose-built operating system that offers a wealth of protection features, Cisco PIX firewalls offer a high level of protection and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security certification. PIX security appliances offer security for a wide range of Voice over IP and additional mixed-media standards such as H.323 v. 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol, enabling organizations to protect installations of a broad array of current and upcoming IP voice and multimedia applications.
PIX firewall appliances feature a wealth of setup, tracking, and analysis features, providing IT managers the versatility to use the techniques that best match their requirements. Management solutions include common, policy-based management tools, integrated web-based administration, and support for remote-monitoring standards like Simple Network Management Protocol and syslog. The integrated ASDM interface offers a world-class Web-based management solution that greatly streamlines the installation, ongoing modification, and tracking of a single Cisco PIX firewall appliance without requiring any additional utility other than an ordinary Web browser and Java applet to be running on an administrator's computer.
Administrators can also remotely configure, monitor, and analyze Cisco PIX firewall appliances via a CLI interface. Secure command-line interface access is possible through several techniques including SSHv2 Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. PIX security appliances also have dependable automatic-update capabilities, a set of revolutionary protected remote-management services that make sure that security settings and software images are always current.
For additional details about Progent's consulting services for PIX 500 firewalls, visit PIX 500 firewalls integration and troubleshooting support.
Progent's Migration Consulting for Cisco Firewalls
Since Cisco has ceased selling the PIX 500 and ASA 5500 product lines, many companies are uncomfortable with depending on a critical infrastructure component that might no longer be supported by Cisco. ASA 5500-X and Firepower NGFW Series firewalls have the advantage of being new products and also offer several functions and financial advantages in comparison to PIX 500 firewalls. These advantages include significantly higher throughput, optional Secure Sockets Layer VPN capability, and a modular design that protects your investment by allowing you to self-install more security services when and if you need them. Progent's CCIE-certified experts can help you to determine the business value of for upgrading from PIX 500 or ASA 5500 firewalls, design a migration process that allows for a fast and seamless changeover, assist your IT staff to install new ASA 5500-x Series or Firepower NGFW Series firewalls, and offer remote training, consulting, and technical support services.
Other Ways Progent Can Help Your Business with Cisco ASA and PIX Security Appliances
Cisco's Firepower Series, ASA 5500 Series, and PIX security appliances incorporate a wealth of configuration, monitoring, and troubleshooting options that give you the flexibility to deploy these firewalls to align optimally with your business requirements. Progent's CCIE certified network professionals can show you how to design a cost-effective network infrastructure that incorporates Cisco firewalls and that offers world-class protection, fault tolerance, performance, and manageability. Progent's GISA and CISM-certified information security consultants can help your business to develop a security policy appropriate for your situation and can set up your security appliance to enforce your security policies. Progent's risk evaluation experts can assess the effectiveness of your existing firewall solution and validate the overall security of your whole IT environment. Progent’s Technical Response Center can provide urgent remote technical support for Cisco products and can give you quick access to a Cisco CCIE expert.
For more details about Progent's professional expertise for Cisco networking products, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to contact Progent about professional help for Cisco products, call 1-800-993-9400 or see Contact Progent.