Cisco is a perennial front-runner in delivering state-of-the-art firewalls for the widest possible variety of deployments. Cisco's Firepower NGFWs Firewalls provide an advanced firewall solution that marshals dedicated hardware, cloud services, and machine learning to block, discover, and mitigate cyber attacks without manual intervention. Progent's Cisco-certified CCIE firewall experts can assist you to plan and execute a smooth migration to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and show you how to enhance Firepower appliances with Cisco's security services to create and centrally manage IT environments that span local offices, data centers, and cloud resources. Progent's firewall consultants can also assist you to manage and troubleshoot legacy Cisco firewalls. Progent's certified network security experts can assist you with policy creation based on industry best practices in order to build a consistent and effective cybersecurity posture across all your endpoints anywhere.
Cisco's Firepower NGFW Firewalls
Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a major performance improvement compared to Cisco's previous-generation ASA 5500-X firewalls and offer unified control of modern cybersecurity capabilities like application visibility and control, next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection (AMP), URL filtering, and multi-node sandboxing. For more information about Cisco's Firepower family of NGFWs Firewalls, visit Cisco Firepower firewalls integration services.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500, and PIX 500 firewall appliances offer integrated firewall, IPsec VPN, and intrusion prevention system services in compact single-box packages, delivering a broad array of features to match the security requirements of companies from small and mid-size businesses to enterprises and ISPs. Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances allow IT security staffs to defend their network edge and offer secure offsite and mobile connectivity while utilizing advanced management mechanisms based on Cisco's industry-leading firewall products.
Ciscoís ASA 5500 Series and PIX 500 firewalls have reached end-of-life (EOL) but remain widely deployed in smaller businesses as well as in a few larger networks. Ciscoís ASA 5500-X Series Next-Generation Firewalls represent substantially more bang for the buck and have supplanted Cisco's ASA 5500 and PIX families of firewalls for new installations. Still, Cisco's legacy firewalls, if properly managed, continue to deliver a high level of security by supplying multiple features such as stateful firewall, Virtual Private Network (VPN) connections, and IPS.
After Cisco's acquisition of Sourcefire, the entire family of ASA 5500-X devices can be configured to support Firepower Services, built on Sourcefire's Snort technology, which is the market's most popular network intrusion protection system. Firepower services provide powerful new features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.
Progent's Cisco CCIE-premier network consultants can assist your organization to maintain and troubleshoot older ASA 5500 and PIX 500 firewalls and can also assist you to plan and implement an efficient migration to Ciscoís ASA 5500-X Series firewalls with Firepower Services. Progent can also assist you to design, deploy, tune, manage and troubleshoot new firewall solutions based on Cisco's latest ASA 5500-X models with Firepower. Progent can also assist you to upgrade from your Cisco ASA 5500-X Series solution to Cisco's Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X firewalls includes an enhanced substitute for every rack-mountable unit in the older ASA 5500 line of firewalls. Each ASA 5500-X model is suited for the same environment as the associated earlier models, which gives small and midsize businesses plenty of room for selecting a firewall that meets their security requirements and IT budgets. All ASA 5500-X products build on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and support Cisco's advanced protection services. All devices in Cisco's ASA 5500-X product line deliver dependable security across any mix of physical, virtual, and cloud environments.
For additional information about Cisco's ASA 5500-X security appliances, Cisco Firepower services, and Progent's support for Cisco ASA 5500-X security appliances, go to Cisco Firepower integration and debugging consulting
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls accept either software or physical modules that enable Cisco's Firepower Services, which provide layered protection against multi-vector threats. Cisco's Firepower Services are powered by technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA firewalls include:
- Layered protection against both familiar and new attacks
- Advanced Malware Protection (AMP) that utilizes big data techniques to find and mitigate security breaches
- A Next-Generation Intrusion Prevention System that performs contextual analysis that covers clients, infrastructure, software applications, and content to detect threats that use simultaneous vectors
- High-resolution Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically activate standard and customized IPS policies based on the severity of risk
Firepower Services for ASA firewalls offer multi-layered protection
Smaller deployments of Cisco ASA firewalls can be effectively managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all ASA 5500-X versions. ASDM includes a simple web console for deploying, managing, and troubleshooting ASA 5500-X appliances and service modules.
For multi-device and multi-site environments, ASA 5500-X firewalls with Firepower Services can be managed with Firepower Management Center, implemented as one or several physical or virtual appliances. Firepower Management Center offers centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under various names that include Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center unifies event and policy control for Firepower firewall appliances
Firepower Management Center offers features unavailable with Cisco's on-box Adaptive Security Device Manager tool. Extra features include greater context awareness, Advanced Malware Protection with mitigation for user devices, a console that provides dynamic network visualization, automated policy tuning based on impact evaluation of threats, advanced IPS, custom application detectors for Application Visibility and Control (AVC), customized health alerts, enhanced reporting features, and APIs for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be handled via the on-box ASDM or the ASA command line interface.
Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on engineering developed for the Cisco PIX 500 family Security Appliance, the IPS 4200 Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These technologies converge on the Cisco ASA 5500 Series Firewall family to offer a firewall that stops the widest variety of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver application protection, network containment, and clean VPN functionality across the entire product line. This broad scope of protection enables the guarding of any network segment, including the most common threat conduits such as remote locations, locally-connected internal users, and remote access Virtual Private Networks.
The expandable architecture of the Cisco ASA 5500 family allows you to add services by installing security service modules and security service cards. These easy-to-install enhancements give you the option of adding IPS and content protection services like filtering virus, spyware, and phishing attacks and executing data and web screening. In addition to allowing you to react quickly to new threat vectors, the expandable design of the Cisco ASA 5500 family also protects your capital investment by increasing the useful life of your firewalls. The Cisco ASA 5500 Series also leverages your investment in administrative staff training by supporting the familiar library of PIX management tools and protocols including the Cisco Adaptive Security Device Manager system, secure command-line interface (CLI) availability, verbose syslog, and SNMP.
Cisco ASA 5500 Series firewalls deliver robust application protection via intelligent, application-aware inspection engines that analyze network flows at Layers 4-7. The result is a better protected network covering Web, voice, and mobile wireless connectivity. To protect networks against application-layer assaults and to provide better control over the programs and protocols used in their environments, these inspection engines integrate extensive application and protocol knowledgebases and rely on security enforcement solutions that include anomaly detection and state tracking. Also included are assault detection and mitigation techniques such as application and protocol command filters and URL deobfuscation. Cisco ASA 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, enabling businesses to enforce usage policies and preserve network bandwidth for critical business processes.
For additional details about Progent's support services for Cisco's ASA 5500 security appliances, visit ASA 5500 firewalls configuration and debugging consulting.
PIX Security Appliance Series
Built upon a tested, specialized OS that offers a wealth of protection services, Cisco PIX security appliances provide a high level of protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security certification. Cisco PIX firewall appliances offer security for a broad range of Voice over IP and other mixed-media standards including H.323 v. 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, helping organizations to safeguard deployments of a broad array of contemporary and upcoming VoIP and mixed-media applications.
PIX firewall appliances feature a variety of configuration, monitoring, and analysis options, providing businesses the flexibility to utilize the techniques that most closely meet their needs. Management solutions include centralized, policy-based management utilities, integrated web-accessible management, and support for remote-tracking standards such as SNMP and syslog. The integrated ASDM system offers a world-class Web-based control solution that significantly simplifies the installation, ongoing configuration, and tracking of a single Cisco PIX firewall without the need of any extra software other than an ordinary Web browser and Java applet to be installed on a manager's PC.
Administrators can furthermore remotely configure, monitor, and analyze PIX firewalls via a command-line interface. Secure CLI interface access is available through a number of techniques such as SSHv2 Protocol, Telnet over IPsec, and out-of-band through a console port. PIX security appliances also include dependable auto-update capabilities, a set of revolutionary secure remote-administration services that ensure security settings and software images are kept current.
For more information about Progent's consulting services for Cisco PIX security appliances, visit Cisco PIX 500 firewalls integration and troubleshooting services.
Progent's Migration Support Services for Cisco Firewalls
Since Cisco has stopped offering the PIX and ASA 5500 product lines, many businesses are uncomfortable with depending on a key security component that may no longer be supported. ASA 5500-X and Firepower NGFW Series firewalls have the benefit of being new products and also bring a number of functions and economic advantages in comparison to PIX firewalls. These advantages include significantly better throughput, optional SSL tunneling support, and an expandable architecture that guards your investment by allowing you to add more security features whenever you need them. Progent's Cisco experts can help your company to determine the strategic value of for moving from PIX 500 or ASA 5500 firewalls, create a migration process that allows for a quick and seamless changeover, help your IT staff to set up new ASA 5500-x Series or Firepower Series firewalls, and provide remote training, consulting, and technical support services.
Other Ways Progent Can Assist Your Business with Cisco ASA and PIX Firewalls
Cisco Firepower NGFW Series, ASA 5500 Series, and PIX firewalls provide a wealth of configuration, tracking, and analysis options which offer you the flexibility to configure these security appliances to align optimally with your business requirements. Progent's CCIE authorized network consultants can assist you to build an efficient network infrastructure that includes Cisco firewall technology and that offers world-class security, resilience, throughput, and recoverability. Progent's CISA and CISSP-ISSP-certified IS security consultants can assist you to develop a security strategy that makes sense for your situation and can configure your security appliance to support your security policies. Progent's security assessment consultants can evaluate the strength of your existing firewall deployment and validate the security of your whole IS network. Progentís Help Desk support team can deliver urgent online troubleshooting for Cisco technology and offer quick access to a Cisco CCIE expert.
To learn additional details concerning Progent's consulting support for Cisco networking products, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to contact Progent about consulting help for Cisco technology, call 1-800-993-9400 or refer to Contact Progent.