Cisco's PIX family firewalls and Cisco ASA 5500 Series adaptive security appliances combine next-generation firewall, intrusion defense, and Virtual Private Network (VPN) functionality in an affordable, single-box package. Both of these product families have been superseded by Cisco's ASA 5500-X family of firewalls with Firepower. (Refer to configuration and debugging support for Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and first-generation ASA 5500 model firewalls are widely deployed and continue to provide small and mid-size companies a reliable firewall solution.

PIX and legacy ASA 5500 firewalls offer robust client and application policy enforcement, mutlivector assault protection, and safe access services. The enhanced intelligence sharing of consolidated security services in a single platform provides users deploying these aggregated firewalls the advantages of enhanced security, reduced TCO, and minimal management expense.

PIX firewalls and Cisco's ASA 5500 family join Cisco IOS Firewall, the FWSM for Catalyst 6500 Series switches, and 7600 Series routers as components of Cisco's versatile, integrated firewall line. Engineered with an expandable, building-block approach, every offering is equipped with a specific array of options to deliver more efficient security to different networking situations. These products can be independently installed to protect certain areas of the connectivity environment, or can be combined for a systematic, protection-in-depth strategy based on the design best practices outlined in the Cisco SAFE Blueprint. Rounding out the integrated firewall solutions, Cisco provides a comprehensive security management product portfolio, ranging from Cisco security appliance and IOS Software security features and built-in appliance managers, to self-contained management programs, moving to ensure that customers can effectively manage their Cisco security solution investments.

PIX Firewalls
PIX Security Appliance Series deliver reliable policy support, multivector attack protection, and safe connectivity services in cost-effective, simple-to-configure solutions. These purpose-built appliances offer a wealth of integrated security and connectivity capabilities including process-aware firewall services, Voice over IP and multimedia protection, reliable multi-location and remote-access IP Security Virtual Private Network connectivity, excellent resiliency, intelligent networking services, and flexible management options. The PIX Security Appliance Series product line ranges from compact plug-and-play appliances for small offices and at home offices to modular gigabit products with investment protection for large business and service-provider customers, PIX firewall appliances deliver high levels of security, performance, and availability for network environments of any size.

Cisco PIX Security Consulting

Based around a hardened, specialized OS that offers a wealth of protection services, PIX security appliances offer excellent protection and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security certification. Cisco PIX security appliances provide protection for a broad range of VoIP and additional mixed-media conventions including H.323 v. 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping businesses to safeguard deployments of a wide range of contemporary and upcoming IP voice and mixed-media applications.

Cisco PIX firewalls offer a wealth of setup, tracking, and analysis features, giving IT managers the flexibility to utilize the techniques that most closely meet their requirements. Management options include common, policy-based administration tools, integrated web-accessible management, and support for remote-monitoring protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a powerful web-accessible control solution that greatly simplifies the installation, in-place configuration, and tracking of a specific PIX firewall appliance without requiring any extra utility beyond a standard browser and Java plug-in to be running on a manager's PC.

Administrators can furthermore remotely set up, monitor, and analyze PIX security appliances using a command-line interface. Secure command-line interface communication is possible through several techniques such as Secure Shell Protocol, Telnet through IP Security, and out-of-band via a console port. PIX firewalls also have dependable automatic-update features, a collection of protected remote-management options that make sure that firewall configurations and software images are always up to date.

Cisco ASA Firewalls
Cisco ASA Firewalls are specially engineered solutions that incorporate market-proven, industry-leading security and Virtual Private Network services with a flexible design. The result is a robust, multifunction network protection appliance better able to defend small and medium business (SMB) and larger networks and, simultaneously, reduce the total installation and operations expenses previously required for this high degree of protection.

Cisco Adaptive Security Appliances Firewalls Consultants
Cisco ASA Firewalls build on technology behind Cisco's PIX 500 family firewall, the IPS 4200 sensor, and the Cisco VPN 3000 model concentrator. These technologies enable the Cisco ASA 5500 Series Firewall family to deliver a firewall that stops a wide range of attacks. Cisco Adaptive Security Appliances Firewalls deliver program protection, local containment, and safe VPN connectivity throughout Cisco's product line. This breadth of protection enables the guarding of any network segment, which includes the most typical attack vectors such as remote sites, LAN-connected inside users, and off-site connected VPNs.

Cisco Adaptive Security Appliances 5500 Series firewalls deliver a high-level of application security through intelligent, application-sensitive inspection engines that analyze traffic at Layers 4-7. This results in a better protected network including web, voice, and mobile wireless services. To protect networks from application-layer attacks and to give organizations greater control over the programs and protocols utilized in their networks, Cisco's inspection engines integrate extensive application and protocol knowledge and employ security enforcement technologies that include anomaly detection and state tracking. Also included are attack sensing and remediation techniques such as application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, enabling businesses to enforce usage policies and conserve network bandwidth for important business applications.

While improving network security, Cisco ASA 5500 Series firewalls also lower deployment and operational expenses. By offering broad VPN and protection functions, the Cisco Adaptive Security Appliances firewall can be a the only platform for a multitude of environments, enabling platform commonality. The Cisco Adaptive Security Appliances firewall can be deployed as a consolidated attack-prevention device at a central location by taking advantage of its access control, process inspection, and worm, virus, and other malware mitigation technologies. The Cisco Adaptive Security Appliances 5500 Series firewall can also be deployed as a specialized remote connectivity solution using its Virtual Private Network capabilities. As an alternative, the Cisco ASA firewall serves capably inside the network for interdepartmental connectivity control and to defend against worms, viruses, and other malicious code inside users might unknowingly introduce into the network. In small business and satellite office environments, the Cisco ASA firewall serves as a total solution device providing comprehensive threat defense and VPN services while suiting the cost structure and operational demands of such situations.

This adaptive one-device, multiple-use design minimizes the number of devices that need to be deployed and maintained while providing a common functional and management environment across all those deployments. This approach streamlines the training of configuration, tracking, troubleshooting, and security personnel. To further reduce maintenance costs, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also exceptionally network aware, allowing them to integrate gracefully into the network without disrupting legitimate data flow and applications.

How Progent Can Help You with Cisco PIX and ASA Firewalls
Cisco ASA Series adaptive security appliances and PIX family firewalls incorporate a wealth of setup, tracking, and analysis options that give you the flexibility to set up these firewalls to match your business requirements. Progent's CCIE authorized network professionals can assist you to support your current network infrastructure that incorporates Cisco ASA and/or PIX firewalls and that offers protection, fault tolerance, performance, and manageability. Progent's firewall experts can also help your organization to migrate to Cisco ASA 5500-X firewalls with Firepower Services.

Progent's CISA and CISSP-ISSP-certified information security professionals can assist you to create a security policy appropriate for your environment and can configure your security appliance to enforce your security policies. Progent's security assessment experts can evaluate the strength of your current firewall solution and help determine the security of your entire IS network. Progentís Technical Response Center can provide urgent remote technical support for Cisco products and offer quick access to a Cisco expert.

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic: To learn additional information about Progent's engineering support for Cisco technology, pick a subject: For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.

© 2002- 2019 Progent Corporation. All rights reserved.

More topics of interest: