Cisco is a perennial leader in developing cutting-edge firewalls for the broadest possible variety of deployments. Cisco's Firepower Next Generation Firewalls (NGFWs) provide a modern firewall platform that marshals sophisticated hardware, cloud services, and machine learning to anticipate, identify, and mitigate cyber attacks automatically. Progent's Cisco-certified CCIE-certified firewall consultants can help you to design and carry out a smooth migration to Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and help you enhance Firepower appliances with Cisco's security services to build and centrally control network ecosystems that include local offices, data centers, private clouds and public clouds. Progent can also assist you to manage and debug older-generation Cisco security appliances. Progent's certified network security consultants can assist you with policy creation and tuning based on industry best practices in order to establish a consistent security posture across all your devices at any location.
Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a major performance boost compared to Cisco's popular ASA 5500-X security appliances and offer unified management of advanced security capabilities like application visibility and control, next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection (AMP), DDoS mitigation, and multi-node sandboxing. For details about Cisco's Firepower family of Next Generation Firewalls (NGFWs), visit Firepower Series firewalls consulting experts.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco's ASA 5500-X Series, ASA 5500 Series, and PIX firewalls offer integrated firewall, VPN, and intrusion prevention system (IPS) services in single-box devices, delivering a wide range of features to match the security and compliance needs of companies ranging from small and mid-size businesses to enterprises and ISPs. Cisco's ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances enable network security teams to defend their network perimeter and provide safe offsite and mobile access while using powerful management tools based on Cisco's world-class firewall products.
Cisco's ASA 5500 Series and PIX 500 firewalls have reached end-of-life (EOL) status but remain widely used in small and mid-size organizations and in a few enterprise data centers. Cisco's ASA 5500-X Next-Generation Firewalls represent significantly more bang for the buck and have supplanted Cisco's ASA 5500 and PIX lines of firewalls for new deployments. However, Cisco's legacy firewall appliances, if carefully maintained, can offer a high level of security by supplying a variety of security functions such as stateful firewall, VPN tunneling, and IPS.
After Cisco's acquisition of Sourcefire, the entire line of Cisco ASA 5500-X firewalls can be provisioned to enable Firepower Services, built on Sourcefire's Snort technology, which is the world's most deployed network intrusion protection system (IPS). Firepower services bring powerful new features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.
Progent's Cisco CCIE-premier network engineers can help you to support and troubleshoot older ASA 5500 and PIX 500 firewalls and can also assist you to plan and implement an efficient migration to Cisco's ASA 5500-X Series firewalls with Firepower. Progent can also assist you to plan, configure, tune, manage and troubleshoot new firewall solutions built on Cisco's current ASA 5500-X firewalls with Firepower. Progent can also help your organization to migrate from your Cisco ASA 5500-X deployment to Cisco's Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Series Firewalls
Cisco's extensive family of ASA 5500-X security appliances features an enhanced replacement for every rack-mountable model in the previous ASA 5500 series of devices. Each ASA 5500-X firewall is suited for the same environment as the associated previous models, which gives most plenty of room for picking a solution that meets their security needs and budgets. All ASA 5500-X products are based on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore processors and are capable of running Cisco's powerful protection services. All devices in Cisco's ASA 5500-X product line deliver dependable security across any mix of physical, virtual, and cloud environments.
For additional information about ASA 5500-X security appliances, Firepower services, and Progent's support for ASA security appliances, see Cisco Firepower integration and debugging expertise
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with software or physical modules that support Cisco's Firepower Services, which offer layered protection against multi-vector attacks. Firepower Services are based on technology adopted by Cisco from Sourcefire. Major features of Firepower Services for ASA 5500-X firewalls include:
Smaller implementations of ASA firewalls can be efficiently administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all ASA 5500-X versions. ASDM provides a simple web dashboard for deploying, administering, and debugging ASA 5500-X firewalls and modules.
For multi-device and multi-site environments, ASA 5500-X firewalls with Firepower Services can be administered with Cisco's Firepower Management Center, available as one or several physical or virtual appliances. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names including Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Cisco's Firepower Management Center provides features unavailable with Cisco's on-device ASDM utility. Additional capabilities include expanded context awareness, Cisco's Advanced Malware Protection with remediation for client devices, a console that provides dynamic infrastructure visualization, automated policy tuning based on risk evaluation of attacks, advanced IPS, custom application discovery for Application Visibility and Control (AVC), customized health notifications, enhanced reporting features, and APIs for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be managed using Cisco's ASA 5500-X on-device ASDM or the ASA command line interface.
Cisco ASA 5500 Firewalls
Cisco Adaptive Security Appliances Firewalls build on engineering developed for the PIX 500 family firewall, the Cisco IPS 4200 Series Intrusion Prevention System, and the VPN 3000 model concentrator. These technologies enable the Cisco ASA 5500 Series Firewall product line to offer a platform that defends against the widest range of threats. Cisco ASA Firewalls provide application security, network containment, and clean Virtual Private Network functionality throughout Cisco's product line. This breadth of security enables defense of any network section, including the most typical threat conduits like remote sites, LAN-attached internal users, and off-site connected Virtual Private Networks.
Cisco Adaptive Security Appliances firewalls provide robust application security via smart, application-sensitive inspection processes that examine network flows at Layers 4-7. The result is a more secure network including Web, voice, and mobile wireless access. To defend networks against application-layer assaults and to offer better policing of the applications and protocols used in their environments, Cisco's inspection engines incorporate broad application and protocol knowledge and employ protection enforcement technologies that include protocol anomaly detection and state monitoring. Also included are assault sensing and remediation technology such as application and protocol command filtering and URL deobfuscation. Cisco ASA firewall inspection engines also deliver management of IM and tunneling applications, enabling businesses to enforce usage policies and preserve network bandwidth for crucial business processes.
For additional details about Progent's consulting services for Cisco's ASA 5500 firewalls, see Cisco ASA 5500 series firewalls integration and debugging support.
Cisco PIX Firewalls
Based upon a hardened, specialized OS that delivers a wealth of security services, PIX security appliances offer a high level of security and have earned EAL 4 status and ICSA Labs Firewall and IPsec qualification. Cisco PIX security appliances provide security for a broad array of Voice over IP and additional multimedia conventions including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, enabling businesses to protect deployments of a wide array of contemporary and next-generation VoIP and multimedia applications.
Administrators can also remotely configure, monitor, and analyze Cisco PIX firewalls using a command-line interface (CLI). Secure command-line interface (CLI) communication is possible using several techniques such as SSHv2 Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. PIX security appliances also have robust auto-update capabilities, a set of revolutionary protected remote-administration services that make sure that firewall settings and software images are kept current.
For additional details about Progent's consulting services for PIX 500 firewalls, see Cisco PIX 500 firewalls configuration and debugging consulting.
Progent's Migration Support for Cisco Firewalls
Since Cisco has discontinued selling the PIX 500 and ASA 5500 families of firewalls, many companies are uncomfortable with depending on a critical infrastructure mechanism that might no longer be supported. Cisco ASA 5500-X and Firepower Series firewalls offer the advantage of being current devices and also bring several functions and financial benefits in comparison to PIX firewalls. These benefits include significantly higher throughput, optional SSL VPN capability, and a modular architecture that guards your investment by enabling you to add new security features when and if you need them. Progent's Cisco network engineers can help you to determine the business case for upgrading from PIX 500 or Cisco ASA 5500 security appliances, design a migration plan that allows for a quick and seamless upgrade, help your IT staff to install new ASA 5500-x or Firepower NGFW Series appliances, and provide online, consulting, and troubleshooting services.
Additional Ways Progent Can Help You with Cisco ASA and PIX Firewalls
Cisco Firepower NGFW Series, ASA 5500 Series, and PIX family security appliances provide a wealth of configuration, tracking, and troubleshooting features which give you the ability to deploy these firewalls to align optimally with your company's requirements. Progent's CCIE authorized network experts can show you how to design a cost-effective network infrastructure that includes Cisco firewalls and that provides advanced security, resilience, performance, and manageability. Progent's CISA and CISSP-ISSP-certified information security engineers can help your business to create a security policy that makes sense for your situation and can configure your PIX or ASA firewall to support your security strategy. Progent's security assessment experts can evaluate the strength of your existing firewall solution and help determine the overall security of your whole information system network. Progent's Technical Response Center (TRC) can deliver emergency online troubleshooting for Cisco technology and offer fast access to a Cisco CCIE expert.
To learn more information concerning Progent's engineering expertise for Cisco networking products, select a subject:
Integration of Cisco and Third-party Firewall Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to contact Progent about technical assistance for Cisco products, call