Cisco is a perennial leader in delivering cutting-edge firewall appliances for the widest possible range of deployments. Cisco's Firepower NGFWs Firewalls represent a modern firewall solution that marshals sophisticated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to anticipate, identify, and respond to cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can help you to design and carry out an efficient upgrade to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and help you enhance Firepower firewalls with Cisco's cloud-based services to build and centrally control network environments that span local offices, data centers, and cloud resources. Progent can also assist you to manage and debug legacy Cisco firewalls. Progent's certified network security experts can assist you with policy creation and tuning driven by industry best practices so you can establish a consistent cybersecurity posture that applies to all your networked devices anywhere.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a significant performance improvement compared to Cisco's previous-generation ASA 5500-X firewalls and offer unified control of advanced cybersecurity features such as application visibility and control (AVC), next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection, DDoS mitigation, and multi-node sandboxing. For details about Cisco's Firepower line of NGFWs Firewalls, see Firepower Series firewalls integration experts.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco's ASA 5500-X, ASA 5500, and PIX firewall appliances offer combined firewall, IPsec VPN, and intrusion prevention system (IPS) capabilities in single-box devices, delivering a wide array of features to match the security requirements of organizations ranging from small businesses to enterprises and Internet service providers. Cisco's ASA 5500-X, ASA 5500, and PIX firewall appliances enable network security staffs to protect their network edge and provide secure remote access while utilizing powerful administration mechanisms based on Cisco's world-class firewall technology.
Cisco's ASA 5500 Series and PIX firewall appliances have arrived at end-of-life (EOL) but are still widely used in smaller businesses and in a few larger networks. Cisco's ASA 5500-X Series Next-Generation Firewalls deliver significantly more value and have superseded Cisco's ASA 5500 and PIX 500 families of firewalls for new installations. However, Cisco's older model firewall appliances, if carefully maintained, continue to deliver a high level of security by supplying a variety of features including firewall, IPsec VPN, and IPS.
After Cisco's purchase of Sourcefire, the whole family of Cisco ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort technology, which is the market's most popular network intrusion protection system. Firepower services provide powerful new capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-certified infrastructure consultants can help you to maintain and debug legacy ASA 5500 Series and PIX 500 firewall appliances and can also help you to plan and implement an efficient upgrade to Cisco's ASA 5500-X firewalls with Firepower. Progent can also assist you to design, integrate, tune, administer and debug new firewall solutions based on Cisco's current ASA 5500-X firewalls with Firepower Services. Progent can also assist your organization to upgrade from your Cisco ASA 5500-X Series deployment to Cisco's Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X firewalls includes an improved replacement for each rack-mountable model in the older ASA 5500 generation of firewalls. Each ASA 5500-X model targets the same market as the corresponding earlier models, which gives most plenty of choice for picking a solution that aligns with their security needs and budgets. All ASA 5500-X products build on Cisco's proven stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore processors and support Cisco's powerful protection services. All models in Cisco's ASA 5500-X family deliver consistent security across any mix of physical, virtual, and cloud environments.
For additional details about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA 5500-X security appliances, see Firepower configuration and troubleshooting consulting
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with software or physical modules that support Firepower Services, which provide layered defense against sophisticated threats. Firepower Services are powered by technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA security appliances include:
- Layered protection against familiar and zero-day threats
- Advanced Malware Protection that uses big data techniques to find and remediate security breaches
- A Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at users, infrastructure, software applications, and content to detect attacks that incorporate simultaneous approaches
- Fine-grained Application Visibility and Control that is aware of thousands of apps and can automatically activate both standard and customized IPS policies depending on the severity of threats
Firepower Services for ASA 5500-X firewalls offer multi-layered security
Smaller implementations of ASA 5500-X firewalls can be efficiently managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility included with all ASA 5500-X versions. ASDM includes an easy-to-use web console for deploying, administering, and troubleshooting ASA 5500-X firewalls and service modules.
For multi-device and multi-site environments, ASA 5500-X appliances with Firepower Services can be managed using Cisco's Firepower Management Center, implemented as one or more physical or virtual devices. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names that include Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Cisco Firepower Management Center unifies event and policy management for Cisco Firepower firewall appliances
Firepower Management Center provides features beyond those available with Cisco's on-device Adaptive Security Device Manager tool. Extra capabilities include expanded context awareness, Cisco's Advanced Malware Protection with mitigation for client devices, a console that offers dynamic infrastructure visualization, automated policy tuning driven by impact evaluation of attacks, comprehensive IPS, custom application detectors for Application Visibility and Control (AVC), customized health alerts, improved reporting options, and APIs for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's ASA 5500-X on-box ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Adaptive Security Appliances
Cisco ASA Firewalls leverage engineering behind the Cisco PIX 500 Series firewall, the IPS 4200 sensor, and the Cisco VPN 3000 family concentrator. These technologies converge on the Cisco ASA 5500 Series Firewall product line to deliver a firewall that stops the widest variety of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver program security, network containment, and clean Virtual Private Network functionality across the entire product line. This broad scope of protection allows the guarding of any network segment, including the most common threat conduits like remote locations, LAN-connected internal users, and remote access Virtual Private Networks.
The scalable design of the ASA 5500 Series permits you to add features via security service modules and security service cards (SSCs). These easy-to-install options give you the ability to add IPS and content protection functions like blocking virus, worms, and phishing attacks and performing data and URL screening. In addition to allowing your IT staff to react quickly to the latest threat environments, the expandable architecture of the Cisco ASA 5500 Series also leverages your capital investment by prolonging the useful life of your firewalls. The Cisco ASA 5500 Series also protects your investment in IT staff education by utilizing the familiar set of PIX 500 security management utilities and protocols such as the Cisco Adaptive Security Device Manager (ASDM) platform, protected command-line interface (CLI) access, syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver robust application protection via smart, application-aware inspection engines that analyze traffic at Layers 4-7. This results in a more secure network including Web, voice, and mobile wireless connectivity. To defend networks against application-layer attacks and to offer better control over the applications and protocols used in their environments, Cisco's inspection engines integrate extensive application and protocol knowledge and employ protection enforcement solutions such as protocol anomaly sensing and application and protocol state monitoring. Also incorporated are attack sensing and remediation techniques such as application/protocol command filters and content verification. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver management of IM and tunneling applications, enabling organizations to police usage policies and recover bandwidth for important business applications.
For additional details about Progent's consulting services for Cisco's ASA 5500 firewalls, see ASA 5500 series firewalls integration and troubleshooting support.
Cisco PIX Firewall Appliances
Based upon a hardened, purpose-built software platform that delivers a wealth of security features, Cisco PIX firewall appliances offer excellent protection and have earned EAL 4 status and ICSA Labs Firewall and IPsec certification. PIX firewall appliances offer security for a broad range of VoIP and additional multimedia conventions such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping organizations to safeguard deployments of a wide range of current and next-generation VoIP and multimedia applications.
Cisco PIX security appliances offer a variety of configuration, monitoring, and analysis features, giving businesses the versatility to use the methods that best match their requirements. Administrative solutions include common, policy-based management utilities, integrated web-accessible administration, and compatibility with remote-monitoring standards such as SNMP and syslog. The integrated Adaptive Security Device Manager system offers a powerful Web-accessible control platform that greatly streamlines the installation, ongoing configuration, and tracking of a specific PIX firewall without requiring any extra utility beyond a standard browser and Java plug-in to be running on a manager's PC.
Administrators can also remotely set up, track, and troubleshoot Cisco PIX firewall appliances via a CLI interface. Safe command-line interface (CLI) access is possible through several techniques including Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. PIX security appliances also include dependable auto-update capabilities, a collection of advanced secure remote-management options that make sure that security settings and software images are always up to date.
For more information about Progent's support services for Cisco PIX firewalls, visit Cisco PIX 500 firewalls integration and troubleshooting support.
Progent's Migration Consulting Services for Cisco Firewalls
Because Cisco has ceased selling the PIX and ASA 5500 families of firewalls, many companies are concerned about depending on a key security mechanism that might no longer be supported. Cisco ASA 5500-X and Firepower Series security appliances have the advantage of being current products and also offer several technical and financial benefits in comparison to PIX devices. These benefits include substantially higher performance, optional SSL VPN support, and an expandable design that protects your investment by enabling you to self-install more security features when and if you need them. Progent's CCIE-certified network engineers can assist your company to determine the strategic case for migrating from PIX or Cisco ASA 5500 firewalls, create a migration plan that allows for a fast and non-disruptive upgrade, assist you to install new ASA 5500-x or Firepower Series appliances, and offer online, consulting, and technical support services.
Other Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco's Firepower Series, ASA 5500 Series, and PIX security appliances provide a wealth of setup, monitoring, and troubleshooting options that offer you the flexibility to set up these security appliances to align optimally with your business needs. Progent's CCIE authorized network experts can show you how to design an efficient infrastructure that includes Cisco security appliances and that offers world-class security, fault tolerance, throughput, and manageability. Progent's GISA and CISM-premier IS security professionals can help you to develop a security policy that makes sense for your business and can set up your PIX or ASA firewall to support your security strategy. Progent's security assessment professionals can assess the effectiveness of your current firewall deployment and validate the security of your whole information system environment. Progent's Technical Response Center (TRC) can deliver emergency online troubleshooting for Cisco technology and can give you fast access to a Cisco CCIE network engineer.
For more details about Progent's engineering support for Cisco solutions, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To get in touch with Progent about engineering expertise for Cisco networking, call 1-800-993-9400 or see Contact Progent.