Cisco is a long-time front-runner in delivering state-of-the-art firewalls for the widest possible variety of deployments. Cisco's Firepower NGFWs Firewalls provide a modern firewall solution that combines sophisticated hardware, cloud-based services, and machine learning to block, discover, and mitigate cyber attacks without manual intervention. Progent's Cisco-certified CCIE firewall consultants can assist you to plan and execute an efficient upgrade to Cisco Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you enhance Firepower appliances with Cisco's security services to create and centrally manage network environments that span branch offices, data centers, and cloud resources. Progent's firewall consultants can also help you to manage and debug older-generation Cisco security appliances. Progent's certified cybersecurity experts can help you with policy creation and tuning driven by industry best practices in order to build a consistent and effective cybersecurity profile across all your networked devices anywhere.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower Next Generation Firewalls provide a significant performance improvement over Cisco's previous-generation ASA 5500-X firewalls and offer unified management and automation of advanced security capabilities such as application visibility and control (AVC), next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection, DDoS mitigation, and sandboxing. For details about Cisco's Firepower line of NGFWs Firewalls, see Cisco Firepower Series firewalls consulting services.
Cisco's ASA 5500-X Series and Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewalls offer combined firewall, VPN, and intrusion prevention system (IPS) services in compact single-box packages, delivering a wide array of features to match the security needs of companies ranging from small and mid-size businesses to enterprises and ISPs. Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX firewalls allow network security staffs to protect their network edge and provide safe remote access while utilizing advanced administration tools based on Cisco's world-class firewall products.
Ciscoís ASA 5500 Series and PIX 500 firewall appliances have reached end-of-life status but remain widely used in small and mid-size organizations and in some enterprise data centers. The ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have superseded the ASA 5500 and PIX 500 lines of firewalls for new deployments. However, Cisco's older model firewall appliances, if carefully maintained, continue to deliver a high level of protection by providing multiple features such as firewall, VPN tunneling, and IPS.
After Cisco's purchase of Sourcefire, the entire family of ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort technology, which is the world's most popular intrusion protection system (IPS). Firepower services provide enhanced features such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco-premier infrastructure consultants can help your organization to maintain and debug legacy ASA 5500 Series and PIX 500 firewall appliances and can also help you to design and carry out a smooth upgrade to Ciscoís ASA 5500-X Series firewalls with Firepower. Progent can also help you to plan, integrate, optimize, administer and troubleshoot new firewall solutions built on Cisco's latest ASA 5500-X firewalls with Firepower. Progent can also assist your organization to upgrade from your Cisco ASA 5500-X Series solution to Cisco's latest Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X security appliances includes an improved substitute for every rack-mountable model in the older ASA 5500 line of firewalls. Each ASA 5500-X model is suited for the same environment as the corresponding previous models, which gives small and midsize businesses plenty of room for picking a firewall that aligns with their security needs and budgets. All ASA 5500-X products build on Cisco's tested stateful-inspection firewall technology and all include 64-bit hardware with multicore processors and support Cisco's advanced security services. All devices in Cisco's ASA 5500-X product line deliver dependable protection across any mix of physical, virtual, and cloud deployments.
For more details about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's support for ASA 5500-X firewalls, go to Firepower configuration and debugging consulting
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with software or physical modules that enable Firepower Services, which provide layered defense against advanced threats. Cisco's Firepower Services are based on technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA firewalls include:
- Multi-layer defense against familiar and new attacks
- Cisco's Advanced Malware Protection that utilizes big data to discover and mitigate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at users, network infrastructure, apps, and content to detect threats that incorporate simultaneous vectors
- Fine-grained Application Visibility and Control that is familiar with thousands of apps and can automatically activate standard and custom IPS policies based on the degree of risk
Firepower Services for ASA firewalls provide multi-layered protection
Simpler deployments of Cisco ASA 5500-X firewalls can be effectively managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool included with all ASA 5500-X models. ASDM includes a simple web console for configuring, administering, and troubleshooting ASA 5500-X appliances and modules.
For more complex environments, ASA 5500-X firewalls with Firepower Services can be administered with Cisco's Firepower Management Center, available as one or several physical or virtual devices. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under various names that include Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Firepower Management Center unifies event and policy control for Cisco Firepower firewall appliances
Cisco's Firepower Management Center offers features unavailable with Cisco's on-box Adaptive Security Device Manager tool. Extra features include expanded context awareness, Advanced Malware Protection with remediation for user devices, a console that provides dynamic infrastructure visualization, automated policy optimization based on risk evaluation of threats, advanced IPS, custom application detectors for Application Visibility and Control, customized health notifications, enhanced reporting options, and APIs for host input and database access. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed via Cisco's ASA 5500-X on-box ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on technology behind Cisco's PIX 500 Security Appliance, Cisco's IPS 4200 Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These technologies enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to deliver a firewall that stops the broadest variety of threats. Cisco ASA 5500 Series Firewalls provide application protection, local containment, and clean Virtual Private Network functionality throughout Cisco's product line. This breadth of protection enables defense of any network segment, including the most common attack conduits like remote locations, LAN-connected inside users, and remote connected VPNs.
The scalable architecture of the ASA 5500 Series enables you to add security services via security service modules (SSMs) and security service cards. These easy-to-install enhancements give you the ability to add Intrusion Protection and content protection functions like filtering virus, worms, and phishing assaults and performing data and URL screening. Beside enabling you to react quickly to new threat environments, the extensible design of the ASA 5500 Series also leverages your hardware investment by prolonging the life of your firewalls. The ASA 5500 family also leverages your investment in IT team education by utilizing the familiar library of PIX security management utilities and protocols such as the Cisco ASDM platform, secure command-line interface access, verbose syslog, and SNMP.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide a high-level of application protection through intelligent, application-aware inspection processes that analyze traffic at Layers 4-7. The result is a more secure environment covering Web, voice, and mobile wireless services. To defend networks against application-layer attacks and to provide stronger policing of the applications and protocols utilized in their networks, Cisco's inspection engines integrate extensive application and protocol knowledge and rely on security enforcement technologies that include anomaly sensing and application and protocol state tracking. Also incorporated are assault detection and mitigation technology such as application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver control over instant messaging and tunneling applications, enabling organizations to enforce usage policies and preserve network bandwidth for important business applications.
For more details about Progent's support services for ASA 5500 security appliances, see Cisco ASA 5500 firewalls configuration and debugging services.
Cisco PIX Firewalls
Based upon a hardened, purpose-built OS that delivers rich protection services, PIX security appliances offer excellent security and have been awarded EAL 4 status and ICSA Labs Firewall and IP Security certification. PIX security appliances provide protection for a broad range of Voice over IP and additional mixed-media conventions such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and MGCP, enabling organizations to protect deployments of a wide range of contemporary and next-generation IP voice and video applications.
PIX firewalls feature a variety of configuration, tracking, and analysis features, giving businesses the flexibility to use the methods that best match their needs. Management solutions include common, policy-based management utilities, integrated web-based management, and compatibility with remote-tracking protocols like Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a powerful Web-accessible management platform that greatly streamlines the deployment, ongoing modification, and tracking of a specific PIX firewall without requiring any extra utility other than a standard Web browser and Java applet to be running on an administrator's computer.
Administrators can also remotely configure, monitor, and troubleshoot PIX firewall appliances using a command-line interface. Safe command-line interface (CLI) access is available using a number of methods such as Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. PIX security appliances also include dependable auto-update features, a collection of advanced secure remote-management options that ensure security settings and software images are kept current.
For additional details about Progent's consulting services for Cisco PIX 500 firewalls, visit PIX 500 firewalls configuration and debugging support.
Progent's Migration Consulting for Cisco Firewalls
Because Cisco has ceased offering the PIX and ASA 5500 families of firewalls, many businesses are uncomfortable with relying on a key security mechanism that may stop being supported. Cisco ASA 5500-X and Firepower NGFW Series firewalls offer the advantage of being new products and also bring a number of technical and financial advantages in comparison to PIX 500 firewalls. These advantages include significantly better performance, optional SSL tunneling capability, and an expandable design that guards your investment by enabling you to self-install new security features when and if you require them. Progent's Cisco experts can assist you to determine the strategic value of for migrating from PIX 500 or Cisco ASA 5500 firewalls, create a migration process that allows for a fast and seamless upgrade, help you to install new ASA 5500-x Series or Firepower Series appliances, and offer online, consulting, and troubleshooting services.
Other Ways Progent Can Help Your Business with Cisco ASA and PIX Firewalls
Cisco Firepower NGFW Series, ASA Series, and PIX security appliances incorporate an array of configuration, tracking, and analysis options that give you the flexibility to deploy these security appliances to align optimally with your company's requirements. Progent's CCIE authorized network professionals can show you how to build an efficient network infrastructure that incorporates Cisco firewall technology and that provides world-class security, resilience, throughput, and manageability. Progent's CISA and CISSP-ISSP-certified IS security professionals can assist you to create a security policy that makes sense for your business and can configure your firewall to enforce your security strategy. Progent's risk assessment consultants can assess the strength of your existing firewall solution and audit the overall security of your whole information system network. Progentís Technical Response Center (TRC) can provide emergency remote troubleshooting for Cisco products and can give you quick access to a Cisco network engineer.
To learn additional information about Progent's engineering support for Cisco networking products, choose a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to get in touch with Progent about engineering expertise for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.