Cisco is a perennial leader in delivering cutting-edge firewalls for the widest possible range of environments. Cisco's Firepower NGFWs Firewalls provide a modern cybersecurity solution that marshals sophisticated hardware, cloud services, and machine learning to block, discover, and mitigate cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can assist you to plan and carry out an efficient migration to Cisco Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you enhance Firepower firewalls with Cisco's security services to create and centrally manage IT ecosystems that include local offices, data centers, and cloud resources. Progent's firewall consultants can also assist you to manage and troubleshoot legacy Cisco firewalls. Progent's certified network security consultants can assist you with policy creation and tuning based on industry best practices in order to establish a consistent security profile that applies to all your networked endpoints anywhere.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a significant performance improvement over Cisco's popular ASA 5500-X security appliances and offer unified management of advanced security features such as application visibility, next-generation intrusion protection with risk prioritization, advanced malware protection (AMP), URL filtering, and multi-node sandboxing. For more information about Cisco's Firepower portfolio of NGFWs Firewalls, see Firepower firewalls integration services.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500, and PIX firewall appliances provide combined firewall, VPN, and intrusion prevention system capabilities in compact single-box packages, delivering a broad range of features to match the security and compliance requirements of companies ranging from small businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X Series, ASA 5500, and PIX firewalls enable network security staffs to defend their network perimeter and provide secure offsite and mobile access while using advanced management mechanisms built on Cisco's industry-leading firewall products.
Ciscoís ASA 5500 and PIX firewalls have reached end-of-life but are still widely used in small and mid-size organizations and in some larger data centers. The ASA 5500-X Series Next-Generation Firewalls represent substantially more value and have superseded the ASA 5500 and PIX 500 lines of firewalls for new installations. However, Cisco's legacy firewall appliances, if properly managed, continue to deliver a high level of protection by supplying a variety of security functions such as firewall, Virtual Private Network (VPN) connections, and IPS.
Since Cisco's purchase of Sourcefire, the entire line of ASA 5500-X devices can be configured to support Firepower Services, built on Sourcefire's Snort product, which is the world's most deployed intrusion protection system. Firepower services provide enhanced features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco CCIE-premier infrastructure engineers can help your organization to support and debug older ASA 5500 and PIX 500 firewalls and can also assist you to plan and carry out a smooth upgrade to Ciscoís ASA 5500-X firewalls with Firepower Services. Progent can also help you to plan, configure, tune, administer and troubleshoot new firewall solutions built on Cisco's current ASA 5500-X firewalls with Firepower Services. Progent's firewall consultants can also assist you to migrate from your Cisco ASA 5500-X solution to Cisco's Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X security appliances includes an improved replacement for every rack-mountable unit in the older ASA 5500 line of devices. Each ASA 5500-X firewall targets the identical market as the associated previous models, which offers small and midsize businesses plenty of choice for selecting a firewall that aligns with their security requirements and IT budgets. All ASA 5500-X products are based on Cisco's proven stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore processors and are capable of running Cisco's powerful security services. All models in Cisco's ASA 5500-X product line deliver consistent security across any combination of physical, virtual, and cloud environments.
For more information about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's consulting for Cisco ASA 5500-X firewalls, see Cisco Firepower integration and troubleshooting consulting
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with either software or hardware modules that enable Firepower Services, which offer layered defense against sophisticated attacks. Cisco's Firepower Services are based on technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA security appliances include:
- Multi-layer protection against familiar and new attacks
- Advanced Malware Protection (AMP) that uses big data to find and remediate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at clients, network infrastructure, software applications, and content to detect attacks that use multiple approaches
- High-resolution Application Visibility and Control that is aware of thousands of apps and can automatically launch standard and customized IPS policies based on the degree of risk
Firepower Services for ASA firewalls offer multi-layered threat protection
Simpler deployments of ASA firewalls can be efficiently managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all ASA 5500-X versions. ASDM includes a convenient web dashboard for configuring, administering, and debugging ASA 5500-X appliances and modules.
For more complex environments, ASA 5500-X appliances with Firepower can be managed using Firepower Management Center, implemented as one or several physical units or virtual appliances. Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection. Due to ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been delivered under various names including Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center unifies event and policy management for Firepower firewall appliances
Cisco's Firepower Management Center offers features unavailable with Cisco's on-device ASDM tool. Additional features include greater context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for client devices, a dashboard that offers dynamic infrastructure visualization, automated policy optimization driven by impact assessment of threats, comprehensive IPS, custom app discovery for Application Visibility and Control (AVC), customized health notifications, improved reporting options, and APIs for host input and databases. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's ASA 5500-X on-device ASDM or the ASA command line interface.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances Firewalls build on engineering behind Cisco's PIX 500 Series firewall, Cisco's IPS 4200 family Intrusion Prevention System, and the VPN 3000 Series concentrator. These solutions converge on the Cisco Adaptive Security Appliances 5500 Series Firewall product line to offer a platform that stops the broadest range of threats. Cisco Adaptive Security Appliances Firewalls deliver application security, local containment, and clean Virtual Private Network connectivity across the entire product line. This breadth of protection enables the guarding of any network segment, including the most typical threat vectors such as remote sites, locally-attached internal users, and remote connected VPNs.
The scalable design of the Cisco ASA 5500 family permits you to add more security services via security service modules and cards. These easy-to-install options provide the option of adding Intrusion Protection and content protection services such as blocking virus, worms, and phishing assaults and executing data and URL screening. In addition to allowing your IT staff to respond rapidly to new threat vectors, the expandable architecture of the Cisco ASA 5500 Series also leverages your capital investment by increasing the useful life of your firewalls. The Cisco ASA 5500 Series also leverages your investment in IT team training by supporting the rich set of PIX 500 security management tools and protocols such as the Cisco Adaptive Security Device Manager system, secure command-line interface (CLI) availability, verbose syslog, and Simple Network Management Protocol (SNMP).
Cisco Adaptive Security Appliances firewalls deliver a high-level of application security via smart, application-aware inspection processes that examine traffic at Layers 4-7. This results in a better protected network including Web, voice, and 3G-mobile wireless access. To protect against application-layer assaults and to offer stronger policing of the applications and protocols utilized in their environments, Cisco's inspection engines incorporate broad application and protocol knowledge and employ security enforcement technologies that include anomaly detection and application and protocol state tracking. Also included are assault sensing and mitigation techniques including application/protocol command filters and content verification. Cisco ASA 5500 Series firewall inspection engines also deliver control over IM and peer-to-peer file sharing, enabling organizations to police usage policies and preserve bandwidth for crucial business processes.
For additional details about Progent's consulting services for ASA 5500 firewalls, see Cisco ASA 5500 series firewalls integration and troubleshooting support.
PIX Firewall Appliances
Built upon a tested, specialized OS that offers rich protection features, PIX firewall appliances provide a high level of security and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security (IPsec) qualification. Cisco PIX security appliances offer protection for a broad range of VoIP and additional multimedia conventions such as H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), enabling businesses to safeguard deployments of a wide array of current and next-generation VoIP and video applications.
PIX security appliances feature a wealth of configuration, tracking, and analysis features, providing businesses the flexibility to use the methods that most closely meet their needs. Management options include common, policy-based management utilities, integrated web-accessible administration, and support for remote-monitoring standards such as SNMP and syslog. The integrated ASDM interface offers a powerful Web-accessible management solution that greatly simplifies the deployment, ongoing configuration, and monitoring of a single Cisco PIX firewall without the need of any extra software other than an ordinary browser and Java applet to be running on a manager's PC.
Administrators can furthermore remotely set up, track, and analyze PIX security appliances using a command-line interface. Secure CLI interface access is possible through several methods such as Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band via a console port. Cisco PIX security appliances also include robust automatic-update features, a set of revolutionary secure remote-administration options that ensure security settings and software images are kept up to date.
For more information about Progent's consulting services for Cisco PIX 500 firewalls, go to Cisco PIX 500 firewalls integration and debugging consulting.
Progent's Migration Consulting for Cisco Firewalls
Since Cisco has discontinued offering the PIX 500 and ASA 5500 product lines, many companies are uncomfortable with relying on a critical security mechanism that might no longer be supported by Cisco. ASA 5500-X and Firepower NGFW Series security appliances offer the advantage of being new products and also bring a number of functions and financial advantages in comparison to PIX 500 devices. These benefits include substantially higher throughput, optional Secure Sockets Layer VPN capability, and an expandable design that protects your investment by enabling you to self-install more security services when and if you require them. Progent's CCIE-certified network engineers can assist you to determine the business case for migrating from PIX 500 or Cisco ASA 5500 firewalls, design a migration process that permits a quick and seamless upgrade, assist you to deploy new ASA 5500-x Series or Firepower NGFW Series firewalls, and provide online, consulting, and troubleshooting services.
Additional Ways Progent Can Assist Your Business with Cisco Firewalls
Cisco Firepower Series, ASA Series, and PIX family firewalls incorporate an array of setup, monitoring, and troubleshooting features which give you the flexibility to configure these security appliances to align optimally with your business needs. Progent's CCIE certified network consultants can assist you to design an efficient infrastructure that includes Cisco security appliances and that provides world-class security, fault tolerance, throughput, and recoverability. Progent's CISA and CISSP-ISSP-certified IS security professionals can help you to create a security strategy that makes sense for your situation and can configure your PIX or ASA firewall to support your security policies. Progent's security evaluation engineers can evaluate the effectiveness of your current firewall solution and help determine the security of your entire information system network. Progentís Technical Response Center can provide emergency remote troubleshooting for Cisco technology and can give you quick access to a Cisco CCIE network engineer.
To see additional details concerning Progent's engineering assistance for Cisco networking products, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To contact Progent about professional help for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.