Cisco is a perennial leader in delivering cutting-edge firewalls for the widest possible variety of environments. Cisco's Firepower NGFWs Firewalls provide a modern cybersecurity platform that marshals sophisticated hardware, cloud services, and machine learning to anticipate, identify, and mitigate cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can assist you to design and carry out an efficient migration to Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you enhance Firepower firewalls with Cisco's security services to build and centrally manage network environments that span branch offices, data centers, and cloud resources. Progent can also help you to maintain and troubleshoot older-generation Cisco security appliances. Progent's certified network security consultants can help you with policy creation and tuning based on industry best practices in order to build a consistent and effective cybersecurity profile across all your networked devices anywhere.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower NGFWs Firewalls deliver a significant performance improvement compared to Cisco's previous-generation ASA 5500-X security appliances and include centralized control of advanced cybersecurity features like application visibility and control (AVC), next-generation intrusion protection with risk prioritization, advanced malware protection (AMP), DDoS mitigation, and multi-node sandboxing. For more information about Cisco's Firepower line of Next Generation Firewalls, see Cisco Firepower Series firewalls consulting services.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco's ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances offer integrated firewall, IPsec VPN, and intrusion prevention system (IPS) capabilities in single-box packages, delivering a broad array of features to meet the security and compliance requirements of organizations from small and mid-size businesses to enterprises and ISPs. Cisco's ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewalls enable IT security staffs to protect their network perimeter and provide secure offsite and mobile connectivity while using advanced administration mechanisms based on Cisco's industry-leading firewall technology.
Cisco's ASA 5500 and PIX 500 firewall appliances have arrived at end-of-life (EOL) status but remain commonly deployed in smaller organizations and in some enterprise networks. The ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have supplanted Cisco's ASA 5500 and PIX 500 families of firewalls for new deployments. Still, Cisco's legacy firewalls, if carefully maintained, can offer a high level of security by providing a variety of services including firewall, VPN, and IPS.
Following Cisco's purchase of Sourcefire, the whole family of ASA 5500-X firewalls can be configured to support Firepower Services, based on Sourcefire's Snort product, which is the world's most deployed network intrusion protection system. Firepower services bring enhanced features including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco-certified network consultants can assist you to maintain and debug legacy ASA 5500 and PIX 500 firewall appliances and can also assist you to plan and implement a smooth upgrade to Cisco's ASA 5500-X firewalls with Firepower. Progent can also help you to design, configure, optimize, administer and troubleshoot new firewall ecosystems based on Cisco's current ASA 5500-X firewalls with Firepower. Progent can also assist you to upgrade from your Cisco ASA 5500-X deployment to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X security appliances includes an improved replacement for each rack-mountable model in the older ASA 5500 generation of firewalls. Each ASA 5500-X firewall targets the same market as the corresponding earlier models, which offers most ample room for selecting a solution that aligns with their security needs and IT budgets. All ASA 5500-X products build on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore processors and are capable of running Cisco's powerful protection services. All models in Cisco's ASA 5500-X product line provide dependable security across any combination of physical, virtual, and cloud deployments.
For more details about ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA 5500-X firewalls, go to Firepower configuration and troubleshooting consulting
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with either software or hardware modules that support Cisco's Firepower Services, which provide layered defense against sophisticated attacks. Cisco's Firepower Services are based on technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA security appliances include:
- Layered protection against familiar and zero-day attacks
- Cisco's Advanced Malware Protection (AMP) that uses big data to find and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers clients, network infrastructure, software applications, and content to discover threats that use simultaneous approaches
- High-resolution Application Visibility and Control that is familiar with thousands of apps and can automatically activate standard and customized IPS policies based on the degree of threats
Firepower Services for ASA firewalls provide multi-layered threat protection
Simpler implementations of ASA 5500-X firewalls can be effectively administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all ASA 5500-X versions. ASDM provides an easy-to-use web dashboard for configuring, managing, and troubleshooting ASA 5500-X firewalls and modules.
For more complex environments, ASA 5500-X firewalls with Firepower can be administered using Firepower Management Center, available as one or several physical or virtual appliances. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of ongoing rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center unifies event and policy control for Cisco Firepower firewalls
Cisco's Firepower Management Center provides capabilities unavailable with Cisco's on-device ASDM utility. Additional features include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for user devices, a console that provides real-time network infrastructure visualization, automated policy tuning driven by risk evaluation of attacks, comprehensive IPS, custom application discovery for Application Visibility and Control (AVC), customized health notifications, enhanced reporting features, and application interfaces for host input and databases. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be managed via the on-device ASDM or the ASA command line interface.
Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances Firewalls build on technology developed for the Cisco PIX 500 Series Security Appliance, Cisco's IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 family concentrator. These solutions enable the Cisco Adaptive Security Appliances (ASA) Firewall family to deliver a firewall that defends against the widest range of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver program protection, local containment, and safe Virtual Private Network connectivity throughout the entire product line. This breadth of protection allows the guarding of any network area, which includes the most common threat vectors like remote sites, LAN-connected inside users, and remote connected Virtual Private Networks.
The scalable design of the ASA 5500 Series enables you to add more services via security service modules and security service cards (SSCs). These user-installable enhancements give you the ability to add Intrusion Protection and content protection services such as filtering virus, worms, and phishing attacks and performing file and URL filtering. In addition to allowing you to respond quickly to new threat vectors, the extensible design of the Cisco ASA 5500 family also leverages your capital investment by prolonging the useful life of your firewalls. The Cisco ASA 5500 family also protects your investment in IT staff training by utilizing the rich set of PIX 500 security management tools and protocols including the Cisco Adaptive Security Device Manager system, secure command-line interface (CLI) availability, syslog, and Simple Network Management Protocol (SNMP).
Cisco ASA firewalls provide robust application protection through smart, application-sensitive inspection engines that analyze traffic at Layers 4-7. The result is a safer network including Web, voice, and mobile wireless connectivity. To defend against application-layer assaults and to offer better policing of the applications and protocols utilized in their networks, these inspection engines incorporate broad application and protocol knowledgebases and employ security enforcement solutions that include protocol anomaly detection and state tracking. Also incorporated are attack sensing and remediation technology including application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide control over IM and peer-to-peer file sharing, allowing organizations to enforce usage policies and free up network bandwidth for vital business processes.
For additional details about Progent's consulting services for Cisco's ASA 5500 security appliances, go to Cisco ASA 5500 firewalls integration and troubleshooting consulting.
Based around a hardened, purpose-built operating system that offers rich protection services, PIX firewall appliances provide a high level of security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. Cisco PIX firewall appliances provide security for a wide array of Voice over IP and additional mixed-media standards including H.323 Version 4, SIP, SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol, enabling businesses to protect installations of a broad array of current and next-generation VoIP and mixed-media applications.
Cisco PIX firewall appliances offer a wealth of setup, monitoring, and troubleshooting features, giving businesses the flexibility to utilize the methods that best meet their requirements. Administrative solutions include common, policy-based management tools, integrated web-based management, and compatibility with remote-monitoring protocols such as Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager system offers a world-class Web-accessible control solution that significantly simplifies the installation, ongoing modification, and tracking of a specific PIX security appliance without requiring any additional software other than an ordinary browser and Java applet to be installed on a manager's computer.
IT managers can also remotely configure, track, and troubleshoot Cisco PIX security appliances using a CLI interface. Secure command-line interface (CLI) access is possible using several methods including Secure Shell (SSHv2) Protocol, Telnet over IPsec, and out-of-band through a console port. PIX firewall appliances also have dependable automatic-update capabilities, a collection of advanced secure remote-administration services that make sure that security configurations and software images are always current.
For more details about Progent's support services for Cisco PIX 500 firewalls, go to Cisco PIX firewalls configuration and troubleshooting support.
Progent's Migration Consulting for Cisco Firewalls
Since Cisco has stopped selling the PIX and ASA 5500 families of firewalls, many businesses are uncomfortable with depending on a key security component that may no longer be supported by Cisco. ASA 5500-X and Firepower NGFW Series firewalls offer the advantage of being current products and also offer several functions and financial benefits in comparison to PIX 500 firewalls. These benefits include substantially higher throughput, optional SSL VPN support, and an expandable design that protects your investment by allowing you to self-install new security services when and if you require them. Progent's CCIE-certified experts can assist you to determine the business case for moving from PIX or Cisco ASA 5500 firewalls, design a migration plan that allows for a quick and non-disruptive upgrade, assist you to install new ASA 5500-x or Firepower NGFW Series appliances, and provide remote training, consulting, and technical support services.
Additional Ways Progent Can Help Your Business with Cisco ASA and PIX Security Appliances
Cisco Firepower Series, ASA Series, and PIX security appliances incorporate a wealth of setup, tracking, and troubleshooting features that give you the flexibility to deploy these firewalls to match your company's needs. Progent's CCIE authorized network experts can help you to design a cost-effective infrastructure that includes Cisco security appliances and that offers advanced protection, fault tolerance, throughput, and manageability. Progent's GISA and CISM-premier IS security experts can help your business to develop a security policy appropriate for your business and can configure your firewall to support your security policies. Progent's security evaluation consultants can assess the strength of your existing firewall deployment and audit the overall security of your whole IT network. Progent's Technical Response Center (TRC) can deliver emergency online troubleshooting for Cisco technology and offer fast access to a Cisco CCIE expert.
To find out additional details about Progent's professional help for Cisco technology, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to get in touch with Progent about technical support for Cisco products, phone 1-800-993-9400 or go to Contact Progent.