Cisco is a perennial front-runner in developing state-of-the-art firewall appliances for the widest possible range of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) provide an advanced cybersecurity platform that marshals sophisticated hardware, cloud-based services, and machine learning to block, identify, and mitigate threats automatically. Progent's Cisco-certified CCIE firewall experts can assist you to plan and execute a smooth migration to Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and show you how to enhance Firepower appliances with Cisco's security services to create and centrally manage network environments that span local offices, data centers, and cloud resources. Progent can also assist you to maintain and troubleshoot older-generation Cisco security appliances. Progent's certified network security consultants can assist you with policy creation driven by industry best practices so you can establish a consistent cybersecurity posture that applies to all your endpoints at any location.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower NGFWs Firewalls provide a significant performance boost over Cisco's popular ASA 5500-X security appliances and include centralized control of advanced cybersecurity capabilities like application visibility, next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection (AMP), distributed denial of service (DDoS) mitigation, and sandboxing. For more information about Cisco's Firepower family of Next Generation Firewalls, refer to Firepower firewalls consulting services.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco’s ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls provide combined firewall, IPsec VPN, and intrusion prevention system (IPS) capabilities in compact single-box devices, delivering a wide array of features to meet the security and compliance needs of organizations from small businesses to enterprises and ISPs. Cisco’s ASA 5500-X Series, ASA 5500 Series, and PIX firewalls allow IT security teams to protect their network perimeter and provide secure remote access while utilizing advanced management mechanisms based on Cisco's world-class firewall products.
Cisco’s ASA 5500 and PIX 500 firewalls have reached end-of-life status but remain commonly used in small and mid-size organizations and in a few enterprise data centers. Cisco’s ASA 5500-X Next-Generation Firewalls represent significantly more bang for the buck and have superseded the ASA 5500 and PIX lines of firewalls for new deployments. However, Cisco's legacy firewall appliances, if carefully managed, can deliver a high level of protection by supplying multiple security functions including firewall, VPN tunneling, and IPS.
Following Cisco's acquisition of Sourcefire, the whole line of Cisco ASA 5500-X firewalls can be provisioned to enable Firepower Services, built on Sourcefire's Snort technology, which is the market's most popular network intrusion protection system. Firepower services bring enhanced capabilities such as advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco CCIE-premier network engineers can assist your organization to support and debug older ASA 5500 and PIX firewall appliances and can also assist you to plan and implement a smooth migration to Cisco’s ASA 5500-X firewalls with Firepower Services. Progent can also assist you to design, configure, optimize, manage and troubleshoot new firewall solutions built on Cisco's latest ASA 5500-X firewalls with Firepower Services. Progent's firewall consultants can also assist you to migrate from your Cisco ASA 5500-X solution to Cisco's latest Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive family of ASA 5500-X security appliances includes an improved substitute for each rack-mountable model in the older ASA 5500 series of firewalls. Each ASA 5500-X model targets the same market as the corresponding previous models, which gives small and midsize businesses ample choice for picking a firewall that meets their security needs and IT budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful security services. All models in Cisco's ASA 5500-X product line deliver consistent security across any combination of physical, virtual, and cloud deployments.
For more details about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA firewalls, see Firepower integration and troubleshooting expertise
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X firewalls accept software or hardware modules that support Cisco's Firepower Services, which offer layered defense against sophisticated attacks. Cisco's Firepower Services are powered by innovative technology adopted by Cisco from Sourcefire. Major features of Firepower Services for ASA firewalls include:
- Layered defense against familiar and zero-day threats
- Advanced Malware Protection (AMP) that uses big data to find and remediate intrusions
- A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at clients, infrastructure, apps, and content to discover attacks that use simultaneous vectors
- Fine-grained Application Visibility and Control (AVC that is aware of thousands of applications and can automatically activate standard and custom IPS policies depending on the degree of risk
Firepower Services for Cisco ASA firewalls provide multi-layered security
Simpler deployments of ASA 5500-X firewalls can be efficiently managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility included with all ASA 5500-X versions. ASDM includes a convenient web dashboard for configuring, managing, and troubleshooting ASA 5500-X firewalls and service modules.
For more complex environments, ASA 5500-X appliances with Firepower can be managed with Cisco's Firepower Management Center, available as one or more physical units or virtual devices. Firepower Management Center offers centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names that include Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center centralizes event and policy control for Firepower firewall appliances
Cisco's Firepower Management Center provides features beyond those available with Cisco's on-device Adaptive Security Device Manager tool. Extra capabilities include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for client devices, a console that provides real-time network visualization, automated policy optimization based on risk evaluation of attacks, comprehensive IPS, custom application detectors for Application Visibility and Control (AVC), customized health notifications, improved reporting options, and APIs for host input and database access. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be handled using Cisco's ASA 5500-X on-box ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage technology behind Cisco's PIX 500 Security Appliance, Cisco's IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These technologies enable the Cisco Adaptive Security Appliances Firewall product line to deliver a firewall that stops the broadest variety of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver program protection, network containment and control, and clean Virtual Private Network functionality throughout Cisco's product portfolio. This breadth of security enables the guarding of any network segment, including the most common threat conduits like remote locations, LAN-attached internal users, and remote access Virtual Private Networks.
The scalable design of the Cisco ASA 5500 Series allows you to add more security services by installing security service modules (SSMs) and cards. These easy-to-install enhancements give you the ability to add Intrusion Protection and content protection services such as filtering virus, spyware, and phishing attacks and performing data and URL filtering. Beside allowing you to react quickly to new risk vectors, the extensible design of the ASA 5500 family also leverages your hardware investment by increasing the life of your security appliances. The ASA 5500 Series also leverages your investment in IT team education by utilizing the rich set of PIX 500 security management utilities and protocols including the Cisco ASDM system, protected command-line interface availability, verbose syslog, and Simple Network Management Protocol.
Cisco ASA 5500 Series firewalls deliver robust application protection through intelligent, application-aware inspection processes that examine traffic at Layers 4-7. The result is a better protected environment including Web, voice, and mobile wireless connectivity. To protect networks against application-layer assaults and to provide stronger control over the applications and protocols utilized in their networks, Cisco's inspection engines integrate broad application and protocol knowledge and rely on security enforcement solutions that include anomaly detection and application and protocol state monitoring. Also included are assault detection and mitigation techniques including application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver management of instant messaging and tunneling applications, enabling businesses to enforce usage policies and free up network bandwidth for critical business processes.
For more information about Progent's consulting services for ASA 5500 security appliances, see Cisco ASA 5500 series firewalls integration and debugging consulting.
Cisco PIX Security Appliance Series
Based upon a tested, specialized software platform that delivers rich security features, Cisco PIX firewalls offer excellent security and have received EAL 4 status and ICSA Firewall and IPsec qualification. PIX security appliances offer protection for a broad array of Voice over IP and other multimedia standards including H.323 Version 4, Session Initiation Protocol (SIP), SCCP, RTSP, and Media Gateway Control Protocol, helping businesses to safeguard installations of a wide range of current and upcoming IP voice and video applications.
PIX security appliances offer a wealth of setup, monitoring, and troubleshooting features, giving businesses the flexibility to utilize the techniques that most closely match their requirements. Administrative options include centralized, policy-based administration utilities, integrated web-based management, and compatibility with remote-tracking protocols such as Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager system offers a world-class Web-based management platform that greatly simplifies the installation, in-place configuration, and monitoring of a specific PIX firewall without the need of any additional utility other than a standard Web browser and Java plug-in to be running on an administrator's computer.
Administrators can furthermore remotely configure, monitor, and analyze PIX firewall appliances via a command-line interface. Secure command-line interface access is possible using several methods including Secure Shell (SSHv2) Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. Cisco PIX security appliances also include dependable auto-update capabilities, a set of advanced protected remote-management services that make sure that firewall settings and software images are kept up to date.
For more information about Progent's consulting services for PIX 500 security appliances, see Cisco PIX firewalls configuration and troubleshooting support.
Progent's Migration Consulting Support for Cisco Firewalls
Because Cisco has stopped selling the PIX and ASA 5500 families of firewalls, many companies are uncomfortable with relying on a critical security mechanism that might no longer be supported by Cisco. ASA 5500-X and Firepower Series security appliances have the benefit of being current products and also offer a number of functions and economic benefits in comparison to PIX 500 devices. These benefits include substantially better performance, optional SSL VPN support, and a modular architecture that guards your investment by enabling you to add new security features when and if you need them. Progent's CCIE-certified network engineers can help you to assess the strategic case for upgrading from PIX or ASA 5500 firewalls, design a migration process that allows for a fast and seamless upgrade, assist you to set up new ASA 5500-x or Firepower Series firewalls, and provide online, consulting, and troubleshooting services.
Additional Ways Progent Can Assist Your Business with Cisco Firewalls
Cisco's Firepower Series, ASA 5500 Series, and PIX family security appliances provide an array of configuration, tracking, and troubleshooting features that give you the flexibility to configure these firewalls to match your company's requirements. Progent's CCIE authorized network experts can show you how to build an efficient network infrastructure that incorporates Cisco firewalls and that provides world-class security, fault tolerance, throughput, and recoverability. Progent's GISA and CISM-premier information security experts can help your business to create a security policy appropriate for your situation and can set up your PIX or ASA firewall to support your security strategy. Progent's risk assessment consultants can evaluate the effectiveness of your current firewall deployment and audit the security of your entire IS network. Progent’s Technical Response Center can deliver urgent remote technical support for Cisco products and offer quick access to a Cisco CCIE expert.
For additional information about Progent's consulting expertise for Cisco technology, choose a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To ask Progent about consulting expertise for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.