Cisco's PIX firewalls and ASA Series adaptive security appliances integrate comprehensive firewall, intrusion defense, and VPN technologies in a cost-effective, one-box package. Both of these product families have been replaced by Cisco's ASA 5500-X line of security appliances with Firepower Services. (Refer to configuration and debugging support for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and previous-generation Cisco ASA 5500 model firewalls are widely used and continue to offer small and mid-size organizations a viable security environment.

Cisco PIC and the original ASA 5500 firewalls deliver robust user and application policy enforcement, mutlivector assault defense, and secure access features. The enhanced intelligence sharing of consolidated protection features in a single package provides users deploying these aggregated solutions the benefits of advanced security, reduced cost of ownership, and smaller maintenance expense.

Cisco PIX firewalls and Cisco's ASA 5500 Series join IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 switches, and Cisco 7600 routers as components of Cisco's flexible, integrated firewall solutions. Engineered with an expandable, modular platform, every offering is designed with a particular array of options to provide better security to different networking environments. These solutions can be individually deployed to protect specific facets of a connectivity infrastructure, or can be combined for a layered, defense-in-depth strategy based on the architecture best practices outlined in Cisco's SAFE Blueprint. Completing the modular firewall product line, Cisco has developed a complete security management catalog, spanning Cisco security device and Cisco IOS security components and embedded appliance managers, to self-contained management applications, helping to make sure that businesses can effectively manage their Cisco protection infrastructure purchases.

Cisco PIX Firewall Appliances
PIX firewalls offer reliable user and application policy support, multivector invasion defense, and secure networking services in economical, out-of-the-box solutions. These purpose-built devices provide a wealth of integrated protection and connectivity services such as process-aware firewall services, Voice over IP (VoIP) and multimedia security, robust multi-location and remote-connectivity IPcec Virtual Private Network connectivity, excellent resiliency, intelligent networking services, and versatile administration options. The Cisco PIX firewall product line spans compact plug-and-play appliances for small or at home offices to modular gigabit products with ROI for enterprise and service-provider environments, PIX firewall appliances provide high levels of security, speed, and reliability for network environments of any size.

PIX Firewalls Experts

Built upon a tested, purpose-built software platform that delivers rich security features, PIX firewall appliances offer a high level of protection and have been awarded EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. PIX security appliances provide protection for a wide array of Voice over IP and other multimedia conventions including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol (MGCP), enabling organizations to safeguard installations of a broad array of current and upcoming IP voice and video applications.

PIX firewalls feature a variety of configuration, tracking, and troubleshooting options, providing businesses the versatility to use the techniques that best match their needs. Administrative options include centralized, policy-based management tools, integrated web-accessible management, and compatibility with remote-tracking protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM interface provides a powerful web-based control platform that greatly streamlines the installation, ongoing configuration, and monitoring of a single Cisco PIX security appliance without requiring any additional utility beyond an ordinary browser and Java applet to be running on an administrator's computer.

Administrators can furthermore remotely configure, monitor, and analyze PIX security appliances using a CLI interface. Safe CLI interface communication is possible using a number of techniques such as Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewall appliances also include dependable auto-update features, a set of protected remote-management options that make sure that security settings and software images are always up to date.

Cisco ASA Firewalls
Cisco Adaptive Security Appliances Firewalls are specially engineered solutions that bring together market-proven, best-of-breed protection and Virtual Private Network support plus an adaptive architecture. The end product is a powerful, versatile network protection appliance better suited to protect small and medium business and larger networks and, at the same time, lower the total deployment and operations costs previously required for this high level of protection.

>Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls Consulting
Cisco Adaptive Security Appliances 5500 Series Firewalls build on engineering developed for Cisco's PIX 500 Series firewall, the IPS 4200 Series Intrusion Prevention System, and the VPN 3000 family concentrator. These solutions enable the Cisco ASA Firewall product line to offer a firewall that defends against a broad range of threats. Cisco ASA Firewalls deliver program security, network containment and control, and clean VPN functionality across the entire product line. This breadth of security enables the guarding of any network section, which includes the most common threat conduits like remote locations, locally-attached inside users, and off-site connected Virtual Private Networks.

Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide a high-level of application security via intelligent, application-sensitive inspection processes that examine network flows at Layers 4-7. This produces a better protected environment including web, voice, and mobile wireless connectivity. To protect networks from application-layer attacks and to give businesses more policing of the applications and protocols utilized in their environments, Cisco's inspection engines incorporate extensive application and protocol knowledgebases and employ security enforcement technologies such as protocol anomaly sensing and state monitoring. Also incorporated are attack sensing and remediation technology such as application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver management of IM and tunneling applications, allowing businesses to police usage policies and preserve network bandwidth for vital business applications.

At the same time as improving network protection, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also decrease deployment and support costs. By offering broad Virtual Private Network and security functions, the Cisco Adaptive Security Appliances firewall can be used as the single device for a multitude of uses, allowing platform commonality. The Cisco Adaptive Security Appliances 5500 Series firewall can be used as a converged attack-prevention device at the datacenter by taking advantage of its access control, process inspection, and malware remediation technologies. The Cisco Adaptive Security Appliances firewall can also be used as a dedicated remote access solution utilizing its Virtual Private Network features. Alternatively, the Cisco Adaptive Security Appliances (ASA) firewall operates equally well inside the network for inter-office connectivity management and to guard against malware internal workers might unknowingly release into the network. For small business and branch office environments, the Cisco ASA 5500 Series firewall serves as an all-in-one device offering complete intrusion prevention and VPN services while fitting within the budgets and performance models of these situations.

This versatile one-device, many-use approach reduces the total number of devices that need to be installed and maintained while providing a common operating and administrative system across all those deployments. This approach simplifies the training of configuration, monitoring, troubleshooting, and security personnel. To further reduce operations costs, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also exceptionally network conscious, allowing them to integrate seamlessly into the network without interfering with authorized data flow and applications.

How Progent's Cisco Certified Experts Can Help You with Cisco PIX and ASA Firewalls
Cisco's ASA Series firewalls and PIX firewalls provide a wealth of configuration, tracking, and troubleshooting features that offer you the flexibility to configure these firewalls to align optimally with your company's requirements. Progent's CCIE certified network consultants can show you how to support your current infrastructure that incorporates Cisco ASA or PIX firewall technology and that provides protection, resilience, performance, and recoverability. Progent's firewall experts can also assist your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.

Progent's CISA and CISM-certified IS security professionals can help your business to create a security policy that makes sense for your situation and can configure your PIX or ASA firewall to support your security policies. Progent's risk evaluation engineers can assess the effectiveness of your existing firewall deployment and audit the overall security of your entire information system network. Progentís Technical Response Center (TRC) can deliver urgent remote technical support for Cisco technology and can give you quick access to a Cisco CCIE expert.

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic: For more information about Progent's professional assistance for Cisco technology, pick a subject: For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.
















© 2002- 2017 Progent Corporation. All rights reserved.

More topics of interest: