Cisco is a long-time front-runner in delivering cutting-edge firewall appliances for the widest possible variety of deployments. Cisco's Firepower Next Generation Firewalls (NGFWs) provide an advanced cybersecurity platform that marshals sophisticated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to anticipate, identify, and respond to cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall consultants can assist your organization to plan and execute an efficient migration to Cisco Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and show you how to integrate Firepower appliances with Cisco's cloud-based services to create and centrally control IT ecosystems that include local offices, data centers, and cloud resources. Progent's firewall consultants can also help you to maintain and debug older-generation Cisco security appliances. Progent's certified network security experts can assist you with policy creation and tuning based on industry best practices in order to build a consistent and effective security posture that applies to all your devices at any location.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower Next Generation Firewalls provide a major performance boost over Cisco's popular ASA 5500-X security appliances and include centralized management and automation of advanced cybersecurity features such as application visibility and control, next-generation intrusion protection with risk prioritization, advanced malware protection (AMP), URL filtering, and multi-node sandboxing. For more information about Cisco's Firepower portfolio of Next Generation Firewalls (NGFWs), refer to Cisco Firepower Series firewalls integration experts.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco's ASA 5500-X Series, ASA 5500, and PIX firewall appliances provide integrated firewall, VPN, and intrusion prevention system services in single-box devices, delivering a wide range of features to match the security needs of companies from small and mid-size businesses to enterprises and Internet service providers. Cisco's ASA 5500-X Series, ASA 5500, and PIX firewalls enable IT security teams to protect their network perimeter and offer safe offsite and mobile access while using advanced administration mechanisms built on Cisco's world-class firewall technology.
Cisco's ASA 5500 Series and PIX firewall appliances have arrived at end-of-life status but are still widely used in small and mid-size businesses and in some larger data centers. Cisco's ASA 5500-X Next-Generation Firewalls represent significantly more value and have superseded the ASA 5500 and PIX lines of firewalls for new deployments. However, Cisco's older model firewalls, if properly managed, can deliver a high level of security by providing multiple security functions such as stateful firewall, Virtual Private Network (VPN) connections, and IPS.
Since Cisco's purchase of Sourcefire, the entire family of ASA 5500-X firewalls can be configured to support Firepower Services, based on Sourcefire's Snort technology, which is the market's most deployed network intrusion protection system. Firepower services provide enhanced capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco CCIE-premier network engineers can help your organization to maintain and troubleshoot older ASA 5500 Series and PIX 500 firewalls and can also assist you to design and implement an efficient migration to Cisco's ASA 5500-X Series firewalls with Firepower. Progent can also assist you to design, integrate, tune, administer and debug new firewall solutions built on Cisco's current ASA 5500-X models with Firepower. Progent's firewall consultants can also help you to upgrade from your Cisco ASA 5500-X Series solution to Cisco's Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive family of ASA 5500-X firewalls includes an enhanced substitute for every rack-mountable unit in the previous ASA 5500 line of devices. Each ASA 5500-X firewall targets the same environment as the associated previous models, which gives small and midsize businesses plenty of choice for picking a firewall that aligns with their security requirements and budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and support Cisco's advanced security services. All models in Cisco's ASA 5500-X family deliver dependable protection across any combination of physical, virtual, and cloud environments.
For more information about Cisco's ASA 5500-X security appliances, Cisco Firepower services, and Progent's consulting for ASA 5500-X security appliances, visit Cisco Firepower configuration and troubleshooting consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with either software or hardware modules that enable Firepower Services, which provide layered defense against multi-vector threats. Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA firewalls include:
- Layered defense against both familiar and zero-day threats
- Advanced Malware Protection (AMP) that uses big data techniques to discover and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at users, network infrastructure, software applications, and content to detect threats that use multiple vectors
- High-resolution Application Visibility and Control that is aware of thousands of applications and can automatically launch standard and customized IPS policies depending on the severity of risk
Firepower Services for Cisco ASA 5500-X firewalls provide multi-layered protection
Smaller deployments of Cisco ASA firewalls can be efficiently administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool provided with all ASA 5500-X models. ASDM includes a simple web console for deploying, administering, and troubleshooting ASA 5500-X firewalls and service modules.
For more complex environments, ASA 5500-X firewalls with Firepower Services can be administered with Cisco's Firepower Management Center, available as one or several physical units or virtual devices. Firepower Management Center provides centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection (AMP). Due to frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under several names including Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center centralizes event and policy control for Firepower firewall appliances
Firepower Management Center offers features unavailable with Cisco's on-box Adaptive Security Device Manager tool. Extra capabilities include expanded context awareness, Advanced Malware Protection with remediation for user devices, a console that offers dynamic network visualization, automated policy tuning based on risk assessment of threats, advanced IPS, custom app discovery for Application Visibility and Control, customized health notifications, improved reporting options, and application interfaces for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's ASA 5500-X on-device ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls build on engineering behind the PIX 500 Security Appliance, the Cisco IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 Series concentrator. These solutions enable the Cisco ASA Firewall product line to offer a firewall that defends against the broadest range of threats. Cisco ASA 5500 Series Firewalls provide application security, local containment and control, and clean VPN connectivity throughout Cisco's product portfolio. This broad scope of protection allows defense of any network segment, including the most common threat vectors such as remote locations, locally-attached internal users, and off-site connected VPNs.
The scalable design of the ASA 5500 family enables you to add features by installing service modules and security service cards (SSCs). These user-installable options give you the ability to add IPS and content protection services such as blocking virus, worms, and phishing assaults and executing data and URL filtering. Beside allowing you to react rapidly to the latest threat vectors, the extensible architecture of the Cisco ASA 5500 family also protects your hardware investment by prolonging the life of your firewalls. The Cisco ASA 5500 family also protects your investment in administrative staff training by supporting the rich set of PIX management tools and protocols such as the Cisco Adaptive Security Device Manager (ASDM) platform, protected command-line interface availability, syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances firewalls provide robust application protection through smart, application-aware inspection engines that examine traffic at Layers 4-7. This produces a more secure environment including Web, voice, and mobile wireless connectivity. To defend against application-layer assaults and to provide better policing of the programs and protocols utilized in their networks, Cisco's inspection engines incorporate broad application and protocol knowledge and employ security enforcement solutions such as protocol anomaly detection and state tracking. Also included are assault detection and mitigation techniques including application/protocol command filters and content verification. Cisco ASA 5500 Series firewall inspection engines also deliver control over IM and peer-to-peer file sharing, allowing organizations to enforce usage policies and preserve network bandwidth for vital business processes.
For more information about Progent's consulting services for ASA 5500 security appliances, go to Cisco ASA 5500 firewalls configuration and debugging consulting.
PIX Security Appliance Series
Built upon a hardened, specialized software platform that offers rich security features, Cisco PIX firewalls offer excellent protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec certification. PIX security appliances provide protection for a broad range of Voice over IP and other mixed-media conventions such as H.323 Version 4, Session Initiation Protocol (SIP), SCCP, RTSP, and MGCP, helping businesses to protect installations of a wide range of current and upcoming Voice over IP and video applications.
PIX security appliances offer a wealth of setup, monitoring, and analysis features, providing IT managers the flexibility to utilize the techniques that best match their needs. Management options include common, policy-based management utilities, integrated web-accessible administration, and compatibility with remote-tracking protocols such as SNMP and syslog. The integrated ASDM system offers a powerful Web-accessible control solution that significantly simplifies the deployment, ongoing modification, and monitoring of a specific PIX firewall without the need of any additional software other than a standard browser and Java applet to be installed on an administrator's PC.
Administrators can also remotely configure, monitor, and troubleshoot PIX security appliances using a CLI interface. Safe command-line interface (CLI) access is possible using a number of techniques such as Secure Shell Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. PIX firewall appliances also have dependable auto-update features, a collection of revolutionary protected remote-management options that make sure that firewall configurations and software images are kept up to date.
For more details about Progent's support services for Cisco PIX 500 security appliances, go to PIX firewalls configuration and debugging support.
Progent's Migration Support Services for Cisco Firewalls
Because Cisco has ceased offering the PIX 500 and ASA 5500 product lines, many companies are uncomfortable with relying on a key infrastructure mechanism that might stop being supported. ASA 5500-X and Firepower NGFW Series security appliances offer the benefit of being current products and also bring several technical and financial advantages in comparison to PIX 500 firewalls. These benefits include substantially better throughput, optional Secure Sockets Layer tunneling support, and an expandable architecture that protects your investment by allowing you to self-install new security services whenever you require them. Progent's Cisco network engineers can assist you to assess the strategic case for migrating from PIX or Cisco ASA 5500 security appliances, design a migration plan that permits a fast and non-disruptive upgrade, help your IT staff to configure new ASA 5500-x Series or Firepower NGFW Series appliances, and provide remote training, consulting, and troubleshooting services.
Other Ways Progent Can Help Your Business with Cisco ASA and PIX Security Appliances
Cisco Firepower Series, ASA 5500 Series, and PIX family firewalls incorporate a wealth of configuration, monitoring, and analysis features which give you the flexibility to configure these security appliances to align optimally with your company's requirements. Progent's CCIE authorized network experts can assist you to design a cost-effective network infrastructure that incorporates Cisco security appliances and that provides advanced protection, resilience, throughput, and recoverability. Progent's CISA and CISSP-ISSP-certified IS security professionals can help you to create a security strategy appropriate for your situation and can configure your firewall to enforce your security policies. Progent's risk assessment engineers can assess the effectiveness of your existing firewall deployment and audit the overall security of your whole IS environment. Progent's Technical Response Center can deliver urgent remote troubleshooting for Cisco products and can give you quick access to a Cisco expert.
For more details concerning Progent's consulting support for Cisco networking products, select a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to get in touch with Progent about engineering support for Cisco technology, call 1-800-993-9400 or visit Contact Progent.