Cisco's PIX firewalls and Cisco ASA Series firewalls integrate comprehensive firewall, intrusion protection, and VPN features in an affordable, single-box package. Both of these product lines have been replaced by Cisco's ASA 5500-X series of security appliances with Firepower. (Refer to integration and troubleshooting expertise for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and earlier-generation Cisco ASA 5500 model adaptive security appliances are widely used and continue to provide small and mid-size companies a viable firewall solution.

PIX and legacy ASA 5500 firewalls deliver robust user and program policy enforcement, mutlivector assault defense, and safe access features. The enhanced knowledge sharing of consolidated security services in a single package provides customers deploying these integrated solutions the advantages of enhanced protection, lower TCO, and minimal maintenance expense.

PIX security appliances and Cisco's ASA 5500 Series combine with IOS Firewall, the Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series switches, and 7600 family routers as parts of Cisco's versatile, self-contained firewall product. Based on a scalable, building-block approach, every offering is designed with a specific feature set to deliver better security to a variety of networking situations. These products can be independently installed to secure certain areas of the connectivity environment, or can be grouped for a layered, defense-in-depth approach based on the architecture best practices outlined in the Cisco SAFE framework. Rounding out the integrated firewall product line, Cisco provides a comprehensive security management portfolio, spanning Cisco security appliance and Cisco IOS Software security components and built-in device managers, to self-contained management utilities, moving to ensure that customers can productively use their Cisco protection solution investments.

PIX Firewalls
Cisco PIX Security Appliance Series offer robust policy support, multi-source invasion defense, and secure networking features in cost-effective, out-of-the-box solutions. These purpose-built appliances provide a broad range of built-in protection and networking services including application-aware firewall services, Voice over IP (VoIP) and multimedia security, reliable site-to-site and remote-connectivity IP Security (IPsec) Virtual Private Network (VPN) networking, excellent resiliency, smart networking features, and versatile administration solutions. The PIX Security Appliance Series product line ranges from small plug-and-go devices for small offices and home offices to modular high-bandwidth appliances with investment protection for enterprise and ISP environments, PIX Security Appliance Series provide dependable protection, performance, and reliability for network environments of any size.

Cisco PIX Firewalls Consulting Firm

Based upon a tested, purpose-built OS that delivers a wealth of protection features, Cisco PIX firewalls provide a high level of security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. PIX security appliances offer security for a broad array of VoIP and other mixed-media conventions such as H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping organizations to safeguard deployments of a wide array of contemporary and next-generation VoIP and mixed-media applications.

PIX firewalls offer a wealth of configuration, tracking, and analysis features, giving IT managers the flexibility to use the techniques that most closely meet their needs. Management options include centralized, policy-based administration tools, integrated web-accessible management, and support for remote-monitoring protocols such as Simple Network Management Protocol and syslog. The integrated ASDM system offers a world-class web-accessible management platform that greatly simplifies the deployment, ongoing configuration, and monitoring of a specific Cisco PIX firewall without the need of any extra software beyond a standard browser and Java applet to be installed on a manager's computer.

IT managers can furthermore remotely set up, track, and analyze Cisco PIX security appliances via a CLI interface. Secure command-line interface (CLI) communication is available using several methods including Secure Shell Protocol, Telnet through IPsec, and out-of-band via a console port. Cisco PIX security appliances also include robust auto-update capabilities, a collection of secure remote-administration services that ensure firewall configurations and software images are always current.

Cisco ASA Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are specially engineered solutions that incorporate advanced, best-of-breed protection and VPN support with an adaptive architecture. The result is a powerful, versatile network security appliance better suited to protect small and medium company and enterprise networks and, at the same time, lower the overall installation and maintenance costs formerly associated with this enhanced degree of security.

>Cisco ASA Firewalls Consulting
Cisco Adaptive Security Appliances Firewalls leverage technology developed for the Cisco PIX 500 family Security Appliance, Cisco's IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to deliver a platform that stops a wide range of attacks. Cisco ASA 5500 Series Firewalls deliver application protection, local containment and control, and clean VPN connectivity throughout Cisco's product portfolio. This breadth of security allows the guarding of any network area, including the most common threat conduits such as remote locations, locally-connected inside users, and off-site access Virtual Private Networks.

Cisco Adaptive Security Appliances (ASA) firewalls provide a high-level of application protection through intelligent, application-sensitive inspection processes that analyze network flows at Layers 4-7. This results in a better protected network including web, voice, and mobile wireless services. To protect networks against application-layer attacks and to offer organizations greater policing of the programs and protocols used in their networks, Cisco's inspection engines integrate extensive application and protocol knowledge and rely on protection enforcement technologies such as protocol anomaly detection and state monitoring. Also included are attack detection and remediation technology including application/protocol command filters and URL deobfuscation. Cisco ASA firewall inspection engines also provide control over IM and tunneling applications, enabling businesses to police usage policies and free up network bandwidth for important business applications.

At the same time as increasing network protection, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also decrease deployment and support costs. By offering broad VPN and security functions, the Cisco ASA 5500 Series firewall can be used as the the only platform for many uses, allowing platform standardization. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as a converged attack-prevention device at a central location by taking advantage of its connectivity control, application inspection, and worm, virus, and other malware remediation capabilities. The Cisco ASA firewall can also be used as a specialized remote connectivity device utilizing its Virtual Private Network capabilities. As an alternative, the Cisco ASA firewall operates equally well in the network interior for interdepartmental access management and to defend against worms, viruses, and other malicious code inside workers might unknowingly introduce into the network. For small business and branch office environments, the Cisco Adaptive Security Appliances 5500 Series firewall acts as an all-in-one device offering comprehensive intrusion prevention and Virtual Private Network functionality while suiting the budgets and operational models of these situations.

This adaptive one-platform, many-solution design minimizes the total number of appliances that must be deployed and maintained while providing a standard operating and administrative system across all deployments. This approach streamlines the training of setup, tracking, troubleshooting, and security personnel. To further reduce maintenance expenses, Cisco Adaptive Security Appliances (ASA) firewalls are also highly network conscious, allowing these devices to insert seamlessly into the environment without disrupting authorized data flow and applications.

How Progent Can Help Your Business with Cisco PIX and ASA Firewalls
Cisco's ASA Series adaptive security appliances and PIX family security appliances incorporate an array of configuration, monitoring, and troubleshooting options which give you the flexibility to deploy these firewalls to match your company's requirements. Progent's CCIE certified network consultants can show you how to maintain your current network infrastructure that incorporates Cisco ASA and/or PIX firewalls and that provides protection, resilience, performance, and manageability. Progent's firewall experts can also assist your organization to migrate to ASA 5500-X firewalls with Firepower Services.

Progent's CISA and CISSP-ISSP-qualified information security experts can help your business to create a security strategy that makes sense for your environment and can set up your PIX or ASA firewall to enforce your security policies. Progent's risk evaluation engineers can evaluate the strength of your current firewall solution and validate the overall security of your entire information system network. Progentís Technical Response Center can deliver urgent remote technical support for Cisco products and offer fast access to a Cisco CCIE network engineer.

To find out additional details about Progent's consulting assistance for Cisco networking products, pick a topic:

In order to get in touch with Progent about consulting support for Cisco products, call 1-800-993-9400 or refer to Contact Progent.
















© 2002- 2017 Progent Corporation. All rights reserved.