Cisco's PIX family security appliances and ASA 5500 Series adaptive security appliances integrate comprehensive firewall, intrusion defense, and Virtual Private Network features in an economical, single-box package. Both of these product lines have been superseded by Cisco's ASA 5500-X series of security appliances with Firepower Services. (Refer to configuration and troubleshooting help with Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation ASA 5500 model firewalls are extensively used and continue to offer small and mid-size companies a reliable security solution.

PIX and the original ASA 5500 firewalls deliver robust client and program policy support, mutlivector attack defense, and secure connectivity services. The enhanced knowledge sharing of consolidated security services in a single platform provides users implementing these aggregated solutions the advantages of enhanced protection, reduced TCO, and smaller management costs.

Cisco PIX security appliances and the ASA 5500 product line join Cisco IOS Firewall, the FWSM for Cisco Catalyst 6500 Series switches, and 7600 family routers as components of Cisco's versatile, self-contained firewall solutions. Engineered with an expandable, building-block platform, every device is designed with a specific feature set to deliver better security to different networking situations. These products can be individually deployed to secure specific areas of a network environment, or can be grouped for a layered, protection-in-depth approach based on the architecture leading practices outlined in Cisco's SAFE framework. Completing the integrated firewall product line, Cisco provides a complete security management product portfolio, spanning Cisco security device and IOS security features and built-in device controllers, to self-contained management programs, moving to ensure that customers can productively use their Cisco security solution purchases.

Cisco PIX Security Appliance Series
PIX firewall appliances deliver robust policy enforcement, multivector attack defense, and secure connectivity features in economical, simple-to-configure modules. These specialized appliances offer a broad range of built-in security and networking services including application-aware firewall services, Voice over IP and multimedia security, robust multi-site and remote-access IPcec Virtual Private Network (VPN) networking, excellent resiliency, smart networking features, and flexible management options. The PIX Security Appliance Series product line spans compact plug-and-go devices for small offices or at home offices to modular high-bandwidth products with ROI for enterprise and ISP environments, Cisco PIX firewalls deliver dependable protection, speed, and availability for environments of all sizes.

Cisco PIX Security Consulting

Built around a hardened, purpose-built operating system that delivers rich protection services, Cisco PIX firewall appliances offer excellent security and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security certification. Cisco PIX firewall appliances provide security for a wide range of Voice over IP and other mixed-media conventions such as H.323 v. 4, SIP, SCCP, RTSP, and Media Gateway Control Protocol, enabling organizations to safeguard deployments of a wide array of contemporary and next-generation IP voice and mixed-media applications.

PIX security appliances feature a variety of configuration, monitoring, and troubleshooting options, providing IT managers the versatility to utilize the methods that most closely meet their needs. Management options include centralized, policy-based management utilities, integrated web-accessible management, and support for remote-monitoring protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface provides a world-class web-accessible management platform that greatly simplifies the installation, ongoing configuration, and monitoring of a specific PIX firewall without the need of any additional utility beyond an ordinary browser and Java plug-in to be running on a manager's PC.

Administrators can also remotely configure, track, and troubleshoot Cisco PIX security appliances using a CLI interface. Secure command-line interface access is possible using a number of techniques including Secure Shell (SSHv2) Protocol, Telnet over IPsec, and out-of-band through a console port. Cisco PIX firewall appliances also have robust automatic-update features, a set advanced secure remote-administration services that ensure security configurations and software images are kept current.

Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco Adaptive Security Appliances Firewalls are purpose-built devices that bring together market-proven, best-of-breed security and VPN support with a flexible design. The result is a robust, versatile network protection solution better able to defend small and midsize company and larger networks and, simultaneously, reduce the overall installation and maintenance expenses formerly associated with this enhanced level of protection.

>Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls Help
Cisco ASA 5500 Series Firewalls build on technology behind the PIX 500 firewall, Cisco's IPS 4200 Series Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) Firewall product line to deliver a firewall that stops a broad range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver program security, network containment, and clean VPN functionality across Cisco's product portfolio. This breadth of protection allows defense of any network section, which includes the most typical attack conduits such as remote sites, LAN-attached inside users, and remote connected Virtual Private Networks.

Cisco Adaptive Security Appliances 5500 Series firewalls provide robust application security via smart, application-aware inspection engines that analyze traffic at Layers 4-7. This results in a more secure environment including web, voice, and mobile wireless access. To protect networks against application-layer attacks and to offer businesses greater policing of the applications and protocols utilized in their networks, these inspection engines incorporate broad application and protocol knowledgebases and employ protection enforcement solutions that include protocol anomaly detection and application and protocol state monitoring. Also incorporated are assault sensing and remediation techniques including application/protocol command filters and URL deobfuscation. Cisco ASA 5500 Series firewall inspection engines also deliver management of IM and peer-to-peer file sharing, enabling organizations to police usage policies and conserve bandwidth for important business processes.

While improving security, Cisco Adaptive Security Appliances (ASA) firewalls also lower installation and support costs. By offering extensive VPN and security functions, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as the single device for a multitude of environments, enabling product commonality. The Cisco Adaptive Security Appliances (ASA) firewall can be used as a converged attack-prevention device at the datacenter by leveraging its access control, application inspection, and worm, virus, and other malware remediation technologies. The Cisco Adaptive Security Appliances 5500 Series firewall can also be deployed as a specialized remote access solution utilizing its Virtual Private Network features. As an alternative, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves equally well inside the network for inter-office connectivity control and to defend against malicious assaults inside users might unknowingly introduce into the environment. For small company and branch office networks, the Cisco ASA 5500 Series firewall serves as an all-in-one device providing complete threat prevention and Virtual Private Network services while fitting within the cost structure and operational models of these situations.

This versatile one-platform, multiple-solution design reduces the total number of devices that must be deployed and managed while providing a standard operating and administrative system across all deployments. This approach simplifies the education of setup, tracking, support, and security staff. To further reduce maintenance expenses, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also highly network conscious, allowing these devices to insert seamlessly into the environment without interfering with legitimate data flow and applications.

How Progent's Cisco Certified Experts Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco's ASA 5500 Series firewalls and PIX family security appliances provide a wealth of configuration, tracking, and analysis features that give you the flexibility to deploy these security appliances to align optimally with your business needs. Progent's CCIE certified network experts can assist you to support your existing infrastructure that incorporates Cisco ASA and/or PIX firewall technology and that offers protection, resilience, performance, and recoverability. Progent's firewall experts can also assist you to migrate to ASA 5500-X firewalls with Firepower Services.

Progent's CISA and CISSP-ISSP-qualified information security engineers can help your business to develop a security policy appropriate for your business and can configure your firewall to enforce your security strategy. Progent's risk assessment engineers can evaluate the strength of your existing firewall deployment and help determine the overall security of your entire IS network. Progentís Help Desk support team can provide urgent online troubleshooting for Cisco technology and offer fast access to a Cisco CCIE network engineer.

To learn more details about Progent's consulting help for Cisco products, select a subject:

If you wish to ask Progent about engineering expertise for Cisco networking, phone 1-800-993-9400 or go to Contact Progent.

© 2002- 2018 Progent Corporation. All rights reserved.