Cisco is a long-time leader in delivering cutting-edge firewall appliances for the broadest possible range of deployments. Cisco's Firepower Next Generation Firewalls represent a modern firewall platform that marshals sophisticated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to anticipate, discover, and mitigate threats without manual intervention. Progent's Cisco-certified CCIE firewall consultants can assist you to plan and carry out an efficient upgrade to Cisco Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and show you how to enhance Firepower firewalls with Cisco's security services to create and centrally manage network ecosystems that span local offices, data centers, and cloud resources. Progent can also assist you to maintain and troubleshoot legacy Cisco firewalls. Progent's certified cybersecurity experts can help you with policy creation and tuning based on leading best practices so you can build a consistent and effective security posture across all your networked devices at any location.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a significant performance improvement compared to Cisco's popular ASA 5500-X firewalls and include centralized management and automation of modern cybersecurity capabilities such as application visibility and control (AVC), next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection, distributed denial of service (DDoS) mitigation, and sandboxing. For more information about Cisco's Firepower family of Next Generation Firewalls (NGFWs), see Firepower firewalls consulting services.
Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500, and PIX firewall appliances offer combined firewall, IPsec VPN, and intrusion prevention system capabilities in compact single-box packages, delivering a wide array of features to meet the security and compliance needs of organizations ranging from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X, ASA 5500, and PIX 500 firewall appliances enable network security staffs to defend their network edge and offer safe remote access while using powerful administration tools based on Cisco's world-class firewall products.
Ciscoís ASA 5500 Series and PIX 500 firewalls have reached end-of-life (EOL) status but remain widely used in smaller businesses and in a few larger networks. Ciscoís ASA 5500-X Series Next-Generation Firewalls deliver significantly more value and have supplanted Cisco's ASA 5500 and PIX lines of firewalls for new installations. Still, Cisco's legacy firewall appliances, if properly maintained, continue to offer a high degree of security by supplying a variety of services such as firewall, VPN tunneling, and IPS.
Following Cisco's purchase of Sourcefire, the whole family of ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort product, which is the market's most popular intrusion protection system (IPS). Firepower services provide powerful new capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco-certified infrastructure engineers can help your organization to support and troubleshoot legacy ASA 5500 and PIX firewall appliances and can also assist you to plan and implement an efficient migration to Ciscoís ASA 5500-X firewalls with Firepower. Progent can also help you to design, configure, optimize, manage and troubleshoot new firewall solutions based on Cisco's current ASA 5500-X models with Firepower Services. Progent can also help you to migrate from your Cisco ASA 5500-X Series deployment to Cisco's Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X security appliances includes an improved substitute for each rack-mountable model in the older ASA 5500 line of firewalls. Each ASA 5500-X model targets the identical environment as the corresponding earlier models, which gives most ample room for selecting a firewall that meets their security needs and budgets. All ASA 5500-X firewalls build on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and are capable of running Cisco's powerful protection services. All devices in Cisco's ASA 5500-X family deliver consistent protection across any combination of physical, virtual, and cloud deployments.
For more information about ASA 5500-X firewalls, Firepower services, and Progent's consulting for Cisco ASA firewalls, see Firepower integration and troubleshooting expertise
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with software or hardware modules that support Firepower Services, which offer layered defense against sophisticated threats. Cisco's Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X firewalls include:
- Layered defense against both familiar and zero-day attacks
- Advanced Malware Protection (AMP) that utilizes big data techniques to find and mitigate security breaches
- A Next-Generation Intrusion Prevention System that provides contextual analysis that looks at users, network infrastructure, apps, and content to detect threats that incorporate simultaneous approaches
- Fine-grained Application Visibility and Control (AVC that is aware of thousands of applications and can automatically launch both standard and customized IPS policies based on the degree of threats
Firepower Services for Cisco ASA firewalls offer advanced multi-layered protection
Smaller implementations of Cisco ASA 5500-X firewalls can be effectively administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility provided with all ASA 5500-X versions. ASDM provides a simple web dashboard for configuring, administering, and troubleshooting ASA 5500-X appliances and modules.
For more complex environments, ASA 5500-X appliances with Firepower Services can be administered with Cisco's Firepower Management Center, available as one or several physical or virtual appliances. Firepower Management Center offers centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names including Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center centralizes event and policy management for Cisco Firepower firewalls
Firepower Management Center offers capabilities unavailable with Cisco's on-device ASDM tool. Additional capabilities include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for user devices, a console that provides dynamic infrastructure visualization, automated policy optimization driven by impact evaluation of threats, advanced IPS, custom app discovery for Application Visibility and Control, customized health alerts, enhanced reporting features, and APIs for host input and databases. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be handled using either Cisco's ASA 5500-X on-box ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Family of Firewalls
Cisco ASA Firewalls leverage engineering developed for Cisco's PIX 500 Security Appliance, Cisco's IPS 4200 Intrusion Prevention System, and the Cisco VPN 3000 Series concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to deliver a firewall that stops the broadest variety of threats. Cisco ASA Firewalls deliver program protection, network containment and control, and safe VPN functionality throughout Cisco's product line. This broad scope of protection allows defense of any network section, which includes the most typical attack conduits like remote sites, locally-attached inside users, and off-site connected Virtual Private Networks.
The scalable architecture of the ASA 5500 Series permits you to add more features via service modules and cards. These user-installable enhancements provide the ability to add Intrusion Protection and content protection functions like filtering virus, worms, and phishing attacks and executing data and web screening. In addition to enabling you to react quickly to the latest threat environments, the extensible design of the Cisco ASA 5500 Series also protects your capital investment by prolonging the life of your security appliances. The ASA 5500 family also leverages your investment in IT staff education by supporting the familiar library of PIX management tools and protocols including the Cisco Adaptive Security Device Manager (ASDM) platform, secure command-line interface (CLI) access, syslog, and Simple Network Management Protocol.
Cisco ASA 5500 Series firewalls provide robust application protection via intelligent, application-aware inspection engines that analyze traffic at Layers 4-7. The result is a safer environment covering Web, voice, and mobile wireless access. To protect against application-layer attacks and to offer stronger policing of the applications and protocols utilized in their networks, Cisco's inspection engines incorporate extensive application and protocol knowledge and employ protection enforcement technologies such as protocol anomaly detection and application and protocol state tracking. Also included are assault sensing and mitigation technology such as application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide control over instant messaging and tunneling applications, enabling businesses to enforce usage policies and free up network bandwidth for critical business applications.
For additional details about Progent's support services for ASA 5500 security appliances, go to Cisco ASA 5500 series firewalls integration and troubleshooting consulting.
PIX Firewall Appliances
Based upon a hardened, specialized software platform that offers rich protection features, PIX firewall appliances offer excellent protection and have received EAL 4 status and ICSA Labs Firewall and IP Security qualification. Cisco PIX firewall appliances provide protection for a wide range of VoIP and other mixed-media standards including H.323 v. 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, helping organizations to safeguard deployments of a wide range of current and next-generation Voice over IP and mixed-media applications.
Cisco PIX firewall appliances feature a variety of setup, monitoring, and analysis options, giving IT managers the flexibility to utilize the techniques that best match their requirements. Administrative options include common, policy-based management tools, integrated web-accessible management, and support for remote-monitoring protocols such as Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a powerful Web-accessible control solution that significantly streamlines the installation, in-place configuration, and monitoring of a single PIX firewall appliance without the need of any extra software beyond an ordinary Web browser and Java applet to be installed on an administrator's PC.
Administrators can furthermore remotely configure, track, and troubleshoot Cisco PIX security appliances using a command-line interface. Secure CLI interface access is available using a number of techniques including SSHv2 Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. Cisco PIX security appliances also have robust auto-update capabilities, a set of advanced secure remote-administration options that make sure that firewall configurations and software images are always current.
For more details about Progent's consulting services for Cisco PIX 500 firewalls, go to PIX 500 firewalls configuration and troubleshooting consulting.
Progent's Migration Consulting Support for Cisco Firewalls
Since Cisco has stopped offering the PIX 500 and ASA 5500 families of firewalls, many businesses are concerned about relying on a key infrastructure component that might stop being supported. ASA 5500-X and Firepower NGFW Series security appliances offer the advantage of being current products and also bring a number of functions and budgetary advantages in comparison to PIX 500 devices. These advantages include significantly higher throughput, optional SSL VPN capability, and an expandable design that guards your investment by allowing you to self-install more security services when and if you need them. Progent's Cisco certified network engineers can assist you to determine the strategic case for upgrading from PIX or ASA 5500 security appliances, create a migration plan that allows for a quick and seamless changeover, assist your IT staff to deploy new ASA 5500-x Series or Firepower Series appliances, and provide remote training, consulting, and troubleshooting services.
Other Ways Progent Can Help Your Business with Cisco Firewalls
Cisco Firepower NGFW Series, ASA 5500 Series, and PIX family security appliances provide an array of configuration, tracking, and troubleshooting features that give you the flexibility to configure these security appliances to align optimally with your company's requirements. Progent's CCIE authorized network consultants can help you to design a cost-effective infrastructure that incorporates Cisco firewall technology and that provides advanced security, fault tolerance, performance, and recoverability. Progent's CISA and CISSP-ISSP-certified information security consultants can help your business to develop a security strategy that makes sense for your environment and can configure your firewall to enforce your security policies. Progent's security assessment consultants can evaluate the strength of your existing firewall solution and help determine the overall security of your whole information system network. Progentís Help Desk support team can deliver emergency remote troubleshooting for Cisco products and can give you fast access to a Cisco CCIE expert.
To find out more details about Progent's engineering assistance for Cisco networking products, select a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to contact Progent about engineering expertise for Cisco networking, call 1-800-993-9400 or refer to Contact Progent.