Cisco is a perennial front-runner in delivering state-of-the-art firewall appliances for the widest possible variety of environments. Cisco's Firepower Next Generation Firewalls represent a modern cybersecurity solution that combines sophisticated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to block, discover, and respond to threats without manual intervention. Progent's Cisco-certified CCIE firewall experts can assist your organization to design and execute an efficient upgrade to Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and show you how to integrate Firepower appliances with Cisco's security services to create and centrally manage IT ecosystems that span local offices, data centers, and cloud resources. Progent can also help you to manage and troubleshoot legacy Cisco security appliances. Progent's certified cybersecurity experts can assist you with policy creation and tuning based on industry best practices so you can establish a consistent cybersecurity posture that applies to all your endpoints anywhere.
Cisco's Firepower NGFW Firewalls
Cisco's Firepower NGFWs Firewalls deliver a major performance boost compared to Cisco's popular ASA 5500-X firewalls and include centralized control of modern security capabilities such as application visibility and control (AVC), next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection (AMP), DDoS mitigation, and sandboxing. For more information about Cisco's Firepower family of Next Generation Firewalls (NGFWs), refer to Firepower Series firewalls consulting expertise.
Cisco's ASA 5500-X Series and Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX firewall appliances offer integrated firewall, IPsec VPN, and IPS services in compact single-box packages, delivering a broad array of features to match the security requirements of companies from small businesses to enterprises and Internet service providers. Ciscoís ASA 5500-X, ASA 5500 Series, and PIX 500 firewall appliances allow IT security staffs to protect their network edge and provide safe offsite and mobile connectivity while utilizing powerful administration mechanisms based on Cisco's industry-leading firewall technology.
Ciscoís ASA 5500 Series and PIX 500 firewalls have reached end-of-life status but are still commonly used in small and mid-size businesses and in a few larger networks. Ciscoís ASA 5500-X Next-Generation Firewalls represent significantly more bang for the buck and have superseded Cisco's ASA 5500 and PIX 500 families of firewalls for new deployments. Still, Cisco's older model firewall appliances, if carefully maintained, can deliver a high level of protection by providing multiple security functions including stateful firewall, VPN tunneling, and IPS.
Following Cisco's purchase of Sourcefire, the whole line of ASA 5500-X firewalls can be provisioned to enable Firepower Services, based on Sourcefire's Snort product, which is the market's most deployed intrusion protection system. Firepower services bring enhanced features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-premier network consultants can help your organization to support and troubleshoot legacy ASA 5500 and PIX firewall appliances and can also assist you to plan and implement a smooth migration to Ciscoís ASA 5500-X firewalls with Firepower. Progent can also help you to design, integrate, optimize, administer and troubleshoot new firewall ecosystems built on Cisco's latest ASA 5500-X firewalls with Firepower. Progent's firewall consultants can also assist your organization to upgrade from your Cisco ASA 5500-X solution to Cisco's latest Firepower NGFWs Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X firewalls includes an improved substitute for each rack-mountable unit in the previous ASA 5500 line of firewalls. Each ASA 5500-X firewall is suited for the same market as the corresponding earlier models, which gives most ample choice for picking a firewall that aligns with their security needs and IT budgets. All ASA 5500-X products build on Cisco's tested stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful security services. All models in Cisco's ASA 5500-X product line provide consistent protection across any combination of physical, virtual, and cloud deployments.
For additional information about ASA 5500-X firewalls, Cisco Firepower services, and Progent's consulting for ASA firewalls, go to Firepower configuration and debugging consulting
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances accept either software or hardware modules that enable Cisco's Firepower Services, which offer layered defense against sophisticated attacks. Cisco's Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA firewalls include:
- Layered defense against both familiar and new attacks
- Cisco's Advanced Malware Protection that uses big data to discover and mitigate security breaches
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that covers users, infrastructure, apps, and content to discover threats that use simultaneous vectors
- High-resolution Application Visibility and Control (AVC that is familiar with thousands of apps and can automatically activate standard and customized IPS policies based on the degree of risk
Firepower Services for ASA firewalls provide multi-layered threat protection
Smaller implementations of Cisco ASA 5500-X firewalls can be effectively administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool included with all ASA 5500-X versions. ASDM provides an easy-to-use web console for configuring, managing, and troubleshooting ASA 5500-X firewalls and service modules.
For multi-device and multi-site deployments, ASA 5500-X firewalls with Firepower can be administered using Firepower Management Center, available as one or several physical units or virtual appliances. Firepower Management Center offers centralized firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Advanced Malware Protection (AMP). Due to frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names including Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center centralizes event and policy control for Cisco Firepower firewalls
Cisco's Firepower Management Center provides capabilities unavailable with Cisco's on-device Adaptive Security Device Manager utility. Additional features include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for client devices, a dashboard that offers dynamic network visualization, automated policy optimization based on impact evaluation of threats, advanced IPS, custom app discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting options, and application interfaces for host input and database access. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's ASA 5500-X on-device ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on technology developed for the PIX 500 Series Security Appliance, the Cisco IPS 4200 family sensor, and Cisco's VPN 3000 family concentrator. These technologies enable the Cisco Adaptive Security Appliances Firewall family to offer a platform that stops the broadest range of attacks. Cisco ASA Firewalls deliver program protection, network containment and control, and safe VPN connectivity throughout the entire product portfolio. This breadth of security enables the guarding of any network section, including the most common attack vectors like remote sites, locally-connected internal users, and off-site connected VPNs.
The expandable design of the Cisco ASA 5500 family permits you to add features by installing security service modules (SSMs) and security service cards. These user-installable options provide the ability to add Intrusion Protection and content protection functions such as blocking virus, worms, and phishing attacks and performing file and web filtering. In addition to enabling you to respond rapidly to new threat environments, the extensible design of the ASA 5500 Series also protects your capital investment by increasing the life of your security appliances. The ASA 5500 Series also protects your investment in IT team education by utilizing the familiar library of PIX management utilities and protocols such as the Cisco Adaptive Security Device Manager platform, protected command-line interface access, syslog, and SNMP.
Cisco Adaptive Security Appliances 5500 Series firewalls provide a high-level of application security via intelligent, application-aware inspection processes that examine traffic at Layers 4-7. This produces a better protected network including Web, voice, and 3G-mobile wireless services. To defend against application-layer assaults and to provide stronger policing of the applications and protocols used in their environments, these inspection engines integrate extensive application and protocol knowledgebases and employ protection enforcement technologies such as protocol anomaly detection and state tracking. Also incorporated are assault sensing and mitigation technology including application/protocol command filtering and URL deobfuscation. Cisco ASA 5500 Series firewall inspection engines also deliver management of instant messaging and tunneling applications, allowing businesses to police usage policies and recover network bandwidth for important business applications.
For more details about Progent's support services for Cisco's ASA 5500 security appliances, go to Cisco ASA 5500 firewalls integration and debugging consulting.
Cisco PIX Firewalls
Built around a tested, specialized OS that delivers rich protection features, PIX firewall appliances provide excellent security and have earned EAL 4 status and ICSA Labs Firewall and IP Security qualification. Cisco PIX security appliances offer security for a wide range of VoIP and other multimedia conventions such as H.323 v. 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol, and MGCP, helping businesses to protect deployments of a wide array of contemporary and next-generation VoIP and mixed-media applications.
Cisco PIX firewall appliances feature a variety of setup, tracking, and troubleshooting options, giving businesses the flexibility to utilize the methods that most closely meet their needs. Management solutions include centralized, policy-based management tools, integrated web-based management, and compatibility with remote-monitoring standards like SNMP and syslog. The integrated ASDM interface provides a world-class Web-based management solution that greatly simplifies the deployment, in-place modification, and tracking of a specific PIX firewall appliance without the need of any additional software beyond an ordinary Web browser and Java plug-in to be installed on an administrator's PC.
Administrators can also remotely configure, track, and analyze Cisco PIX security appliances using a command-line interface (CLI). Safe command-line interface (CLI) communication is available through a number of methods including Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band through a console port. PIX security appliances also include dependable automatic-update capabilities, a collection of advanced secure remote-administration options that ensure firewall configurations and software images are kept up to date.
For additional details about Progent's consulting services for Cisco PIX security appliances, visit PIX firewalls integration and troubleshooting services.
Progent's Migration Consulting Support for Cisco Firewalls
Since Cisco has ceased selling the PIX 500 and ASA 5500 families of firewalls, many companies are concerned about relying on a key security mechanism that may no longer be supported by Cisco. Cisco ASA 5500-X and Firepower Series security appliances have the benefit of being new products and also bring several technical and financial benefits in comparison to PIX 500 devices. These benefits include significantly better throughput, optional SSL tunneling support, and a modular design that guards your investment by allowing you to add new security services whenever you require them. Progent's CCIE-certified experts can assist you to determine the strategic value of for moving from PIX 500 or Cisco ASA 5500 security appliances, create a migration process that allows for a quick and non-disruptive changeover, help your IT staff to deploy new ASA 5500-x or Firepower NGFW Series appliances, and provide remote training, consulting, and technical support services.
Additional Ways Progent Can Assist Your Business with Cisco Firewalls
Cisco's Firepower NGFW Series, ASA Series, and PIX family security appliances provide a wealth of setup, monitoring, and analysis options which give you the flexibility to deploy these firewalls to match your company's requirements. Progent's CCIE certified network consultants can show you how to build an efficient network infrastructure that includes Cisco security appliances and that provides world-class security, fault tolerance, performance, and manageability. Progent's GISA and CISM-certified IS security consultants can help you to develop a security strategy that makes sense for your situation and can configure your PIX or ASA firewall to support your security strategy. Progent's security assessment consultants can assess the effectiveness of your current firewall deployment and help determine the overall security of your whole information system network. Progentís Help Desk support team can deliver emergency online technical support for Cisco products and offer fast access to a Cisco CCIE expert.
For additional details concerning Progent's consulting help for Cisco solutions, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to contact Progent about technical expertise for Cisco networking, phone 1-800-993-9400 or go to Contact Progent.