Cisco is a long-time front-runner in delivering cutting-edge firewalls for the widest possible range of environments. Cisco's Firepower NGFWs Firewalls provide a modern firewall solution that combines dedicated hardware, cloud services, and machine learning to anticipate, discover, and respond to threats without manual intervention. Progent's Cisco-certified CCIE firewall experts can assist your organization to design and carry out an efficient upgrade to Cisco Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and help you integrate Firepower firewalls with Cisco's cloud-based services to create and centrally manage network ecosystems that include local offices, data centers, private clouds and public clouds. Progent can also help you to maintain and debug older-generation Cisco firewalls. Progent's certified cybersecurity experts can assist you with policy creation driven by leading best practices in order to establish a consistent and effective security profile that applies to all your networked endpoints anywhere.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a major performance improvement over Cisco's previous-generation ASA 5500-X security appliances and offer unified control of advanced cybersecurity features such as application visibility, next-generation intrusion protection with risk prioritization, advanced malware protection (AMP), DDoS mitigation, and multi-node sandboxing. For details about Cisco's Firepower family of Next Generation Firewalls (NGFWs), visit Firepower firewalls consulting expertise.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco's ASA 5500-X, ASA 5500, and PIX 500 firewall appliances provide combined firewall, IPsec VPN, and intrusion prevention system services in compact single-box devices, delivering a broad array of features to match the security needs of companies from small and mid-size businesses to enterprises and ISPs. Cisco's ASA 5500-X Series, ASA 5500, and PIX 500 firewalls allow network security teams to defend their network edge and offer safe offsite and mobile access while utilizing advanced administration tools built on Cisco's industry-leading firewall technology.
Cisco's ASA 5500 and PIX 500 firewalls have reached end-of-life (EOL) status but are still widely deployed in small and mid-size organizations and in some larger data centers. Cisco's ASA 5500-X Next-Generation Firewalls represent significantly more bang for the buck and have superseded Cisco's ASA 5500 and PIX 500 lines of firewalls for new installations. Still, Cisco's legacy firewall appliances, if properly maintained, continue to offer a high degree of protection by supplying multiple services such as stateful firewall, IPsec VPN, and IPS.
After Cisco's acquisition of Sourcefire, the entire line of ASA 5500-X firewalls can be provisioned to enable Firepower Services, built on Sourcefire's Snort product, which is the world's most deployed network intrusion protection system. Firepower services bring powerful new capabilities such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco-premier infrastructure engineers can help your organization to maintain and troubleshoot legacy ASA 5500 and PIX firewalls and can also help you to plan and carry out an efficient upgrade to Cisco's ASA 5500-X firewalls with Firepower. Progent can also help you to plan, integrate, tune, manage and troubleshoot new firewall solutions based on Cisco's latest ASA 5500-X models with Firepower. Progent can also assist your organization to upgrade from your Cisco ASA 5500-X solution to Cisco's Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X security appliances includes an improved replacement for every rack-mountable unit in the previous ASA 5500 line of devices. Each ASA 5500-X firewall is suited for the identical environment as the associated previous models, which gives small and midsize businesses plenty of room for picking a firewall that meets their security needs and budgets. All ASA 5500-X products are based on Cisco's tested stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and support Cisco's powerful protection services. All models in Cisco's ASA 5500-X family deliver dependable protection across any mix of physical, virtual, and cloud deployments.
For additional information about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA 5500-X firewalls, go to Firepower configuration and troubleshooting expertise
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances accept software or hardware modules that support Cisco's Firepower Services, which offer layered defense against advanced attacks. Firepower Services are powered by technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services for ASA security appliances include:
- Layered protection against familiar and zero-day attacks
- Advanced Malware Protection (AMP) that uses big data to discover and mitigate security breaches
- A Next-Generation Intrusion Prevention System that performs contextual analysis that looks at users, infrastructure, apps, and content to discover threats that use simultaneous vectors
- Fine-grained Application Visibility and Control that is familiar with thousands of applications and can automatically activate standard and customized IPS policies depending on the severity of threats
Firepower Services for ASA 5500-X firewalls provide advanced multi-layered security
Smaller deployments of ASA firewalls can be effectively managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool which is provided with all ASA 5500-X versions. ASDM includes a convenient web console for configuring, administering, and troubleshooting ASA 5500-X firewalls and service modules.
For multi-device and multi-site environments, ASA 5500-X firewalls with Firepower can be managed using Cisco's Firepower Management Center, implemented as one or several physical units or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under various names that include Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Cisco Firepower Management Center unifies event and policy management for Firepower firewall appliances
Firepower Management Center offers capabilities unavailable with Cisco's on-box Adaptive Security Device Manager utility. Extra capabilities include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for client devices, a dashboard that provides dynamic infrastructure visualization, automated policy optimization based on risk assessment of threats, comprehensive IPS, custom application discovery for Application Visibility and Control, customized health alerts, enhanced reporting features, and application interfaces for host input and databases. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be handled using Cisco's ASA 5500-X on-device ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Adaptive Security Appliances
Cisco ASA 5500 Series Firewalls build on technology developed for Cisco's PIX 500 firewall, the IPS 4200 Series Intrusion Prevention System, and the Cisco VPN 3000 Series concentrator. These solutions converge on the Cisco ASA Firewall product line to deliver a firewall that stops the broadest range of attacks. Cisco ASA Firewalls deliver program security, network containment, and safe Virtual Private Network connectivity throughout the entire product portfolio. This broad scope of security enables the guarding of any network segment, including the most common attack vectors such as remote sites, locally-connected inside users, and remote connected VPNs.
The expandable architecture of the ASA 5500 family allows you to add more features via security service modules (SSMs) and security service cards (SSCs). These user-installable options provide the ability to add Intrusion Protection and content protection services like filtering virus, worms, and phishing assaults and executing data and web filtering. In addition to allowing your IT staff to react quickly to the latest threat environments, the expandable design of the Cisco ASA 5500 Series also protects your hardware investment by prolonging the useful life of your firewalls. The Cisco ASA 5500 family also protects your investment in administrative staff training by supporting the rich library of PIX 500 management utilities and protocols such as the Cisco Adaptive Security Device Manager system, secure command-line interface (CLI) availability, verbose syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances firewalls provide robust application protection via intelligent, application-aware inspection engines that examine traffic at Layers 4-7. This results in a better protected network covering Web, voice, and 3G-mobile wireless access. To defend against application-layer attacks and to provide stronger control over the applications and protocols utilized in their environments, Cisco's inspection engines integrate broad application and protocol knowledge and rely on protection enforcement solutions that include anomaly detection and application and protocol state tracking. Also included are attack detection and mitigation techniques including application and protocol command filters and content verification. Cisco Adaptive Security Appliances firewall inspection engines also deliver control over instant messaging and peer-to-peer file sharing, allowing businesses to enforce usage policies and free up network bandwidth for crucial business processes.
For more details about Progent's consulting services for ASA 5500 security appliances, visit ASA 5500 firewalls configuration and troubleshooting support.
Based upon a hardened, specialized operating system that delivers a wealth of security services, Cisco PIX firewalls offer excellent protection and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security qualification. Cisco PIX firewall appliances offer security for a broad array of VoIP and other mixed-media standards including H.323 Version 4, SIP, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and MGCP, helping organizations to protect deployments of a broad range of contemporary and upcoming VoIP and multimedia applications.
Cisco PIX firewalls offer a variety of setup, monitoring, and analysis options, providing IT managers the flexibility to utilize the methods that best match their needs. Management options include centralized, policy-based administration utilities, integrated web-accessible management, and support for remote-monitoring standards such as Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager interface offers a world-class Web-accessible control solution that greatly streamlines the deployment, in-place configuration, and tracking of a single PIX firewall appliance without requiring any additional software beyond an ordinary Web browser and Java applet to be installed on a manager's PC.
Administrators can also remotely set up, monitor, and troubleshoot PIX firewall appliances using a CLI interface. Safe CLI interface communication is possible through several methods such as Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. PIX firewalls also include robust auto-update features, a set of advanced secure remote-management services that make sure that firewall settings and software images are always up to date.
For additional information about Progent's consulting services for Cisco PIX security appliances, visit Cisco PIX 500 firewalls integration and debugging consulting.
Progent's Migration Consulting Support for Cisco Firewalls
Since Cisco has discontinued selling the PIX and ASA 5500 product lines, many businesses are concerned about depending on a critical security mechanism that might no longer be supported. Cisco ASA 5500-X and Firepower Series firewalls offer the benefit of being new products and also offer a number of technical and budgetary advantages in comparison to PIX 500 firewalls. These advantages include substantially better throughput, optional Secure Sockets Layer tunneling support, and an expandable architecture that protects your investment by allowing you to add new security features whenever you require them. Progent's Cisco network engineers can assist your company to determine the strategic value of for upgrading from PIX or Cisco ASA 5500 firewalls, create a migration process that allows for a quick and seamless changeover, help your IT staff to set up new ASA 5500-x Series or Firepower NGFW Series appliances, and provide online, consulting, and troubleshooting services.
Other Ways Progent Can Help You with Cisco ASA and PIX Firewalls
Cisco Firepower Series, ASA Series, and PIX security appliances incorporate a wealth of configuration, monitoring, and troubleshooting options which offer you the flexibility to deploy these security appliances to match your company's needs. Progent's CCIE authorized network experts can help you to design an efficient infrastructure that incorporates Cisco security appliances and that provides advanced protection, fault tolerance, throughput, and manageability. Progent's GISA and CISM-certified IS security engineers can assist you to create a security policy appropriate for your environment and can configure your security appliance to enforce your security policies. Progent's security assessment engineers can assess the strength of your existing firewall deployment and help determine the security of your entire information system network. Progent's Help Desk support team can deliver emergency remote troubleshooting for Cisco technology and can give you fast access to a Cisco CCIE network engineer.
For more information concerning Progent's engineering expertise for Cisco solutions, choose a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to contact Progent about professional support for Cisco products, call 1-800-993-9400 or see Contact Progent.