Cisco's PIX security appliances and Cisco ASA Series firewalls combine next-generation firewall, intrusion protection, and Virtual Private Network functionality in an affordable, one-cabinet format. Both of these product families have been replaced by Cisco's ASA 5500-X line of security appliances with Firepower Services. (See configuration and debugging support for ASA 5500-X firewalls with Firepower Services.) Still, PIX and first-generation Cisco ASA 5500 Series adaptive security appliances are extensively used and continue to deliver small and mid-size organizations a viable firewall solution.

Cisco PIC and legacy ASA 5500 firewalls offer robust user and program policy support, mutlivector assault defense, and safe connectivity services. The increased knowledge sharing of consolidated security features in a single package provides customers deploying these integrated firewalls the benefits of advanced security, lower TCO, and smaller management expense.

Cisco PIX firewalls and the ASA 5500 family join Cisco IOS Firewall, the Firewall Services Module (FWSM) for Cisco Catalyst 6500 family switches, and Cisco 7600 Series routers as components of Cisco's versatile, self-contained firewall product. Based on a scalable, modular approach, every offering is designed with a specific feature set to provide more efficient protection to a variety of networking situations. These solutions can be independently deployed to secure specific areas of the connectivity infrastructure, or can be grouped for a layered, protection-in-depth strategy based on the architecture leading practices described in the Cisco SAFE Blueprint. Rounding out the modular firewall product line, Cisco provides a comprehensive security management product portfolio, spanning Cisco security appliance and Cisco IOS Software security features and embedded appliance managers, to self-contained management applications, helping to ensure that businesses can productively manage their Cisco security solution investments.

Cisco PIX Firewalls
PIX firewalls offer robust user and application policy support, multivector invasion defense, and safe connectivity features in economical, simple-to-configure solutions. These specialized appliances offer a wealth of built-in security and networking capabilities such as application-aware firewall features, VoIP and multimedia protection, robust site-to-site and remote-access IP Security (IPsec) Virtual Private Network networking, excellent resiliency, smart networking features, and versatile administration options. The Cisco PIX Security Appliance Series family ranges from compact plug-and-play desktop units for small offices and at home offices to stackable high-bandwidth products with ROI for large business and ISP customers, Cisco PIX Security Appliance Series provide high levels of protection, performance, and availability for networks of all sizes.

Cisco PIX Security Support

Built upon a tested, specialized software platform that offers rich security services, PIX firewalls provide a high level of protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security (IPsec) qualification. PIX firewall appliances offer security for a wide range of VoIP and other multimedia conventions such as H.323 v. 4, Session Initiation Protocol, SCCP, RTSP, and Media Gateway Control Protocol, enabling businesses to protect installations of a wide array of current and next-generation VoIP and mixed-media applications.

Cisco PIX firewall appliances feature a wealth of configuration, monitoring, and analysis options, giving IT managers the versatility to use the techniques that most closely meet their requirements. Management solutions include centralized, policy-based management tools, integrated web-based management, and compatibility with remote-tracking protocols like Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a world-class web-accessible management platform that greatly simplifies the installation, ongoing modification, and tracking of a specific PIX firewall appliance without the need of any extra utility beyond an ordinary browser and Java applet to be installed on an administrator's computer.

IT managers can also remotely configure, track, and troubleshoot PIX firewalls via a command-line interface. Secure command-line interface access is possible through a number of methods including Secure Shell Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. Cisco PIX security appliances also have robust auto-update features, a set advanced protected remote-administration services that make sure that security settings and software images are always up to date.

Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls are specially engineered solutions that incorporate advanced, industry-leading security and VPN services plus an adaptive architecture. The result is a robust, multifunction network security solution better able to defend small and medium business (SMB) and larger networks and, at the same time, reduce the overall deployment and operations costs previously associated with this enhanced degree of protection.

>Cisco ASA 5500 Series Firewalls Professional Services
Cisco ASA Firewalls build on engineering developed for the PIX 500 firewall, Cisco's IPS 4200 family sensor, and the Cisco VPN 3000 family concentrator. These technologies enable the Cisco ASA Firewall family to deliver a firewall that defends against a broad range of attacks. Cisco ASA 5500 Series Firewalls provide program protection, local containment and control, and clean Virtual Private Network connectivity across Cisco's product portfolio. This broad scope of security enables defense of any network area, which includes the most typical threat conduits such as remote sites, LAN-connected inside users, and off-site access VPNs.

Cisco ASA 5500 Series firewalls deliver a high-level of application protection via smart, application-aware inspection engines that analyze traffic at Layers 4-7. The result is a safer network covering web, voice, and mobile wireless services. To defend networks from application-layer attacks and to offer businesses greater control over the programs and protocols utilized in their networks, these inspection engines integrate extensive application and protocol knowledge and employ protection enforcement solutions that include protocol anomaly detection and state tracking. Also incorporated are assault detection and mitigation techniques such as application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver management of IM and tunneling applications, allowing businesses to enforce usage policies and free up network bandwidth for important business applications.

While improving security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower installation and operational costs. By providing extensive VPN and security services, the Cisco ASA 5500 Series firewall can be a single device for many environments, enabling product standardization. The Cisco ASA firewall can be deployed as a converged threat-protection appliance at a central location by taking advantage of its access control, application inspection, and malicious assault mitigation capabilities. The Cisco Adaptive Security Appliances 5500 Series firewall can also be used as a dedicated remote access device utilizing its VPN features. As an alternative, the Cisco ASA firewall serves capably in the network interior for interdepartmental access control and to defend against malicious assaults inside workers might inadvertently release into the environment. In small business and branch office environments, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves as an all-in-one device offering comprehensive threat defense and Virtual Private Network services while fitting within the cost structure and operational models of such deployments.

This adaptive single-platform, multiple-solution approach minimizes the total number of devices that need to be installed and managed while providing a common operating and administrative system throughout all installations. This approach simplifies the training of configuration, tracking, support, and security personnel. To further minimize maintenance costs, Cisco Adaptive Security Appliances firewalls are also exceptionally network aware, allowing them to integrate seamlessly into the network without disrupting authorized traffic and processes.

How Progent's Consultants Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco ASA 5500 Series firewalls and PIX family security appliances provide a wealth of configuration, tracking, and troubleshooting features which offer you the ability to configure these firewalls to align optimally with your company's needs. Progent's CCIE authorized network consultants can help you to maintain your current infrastructure that includes Cisco ASA or PIX firewall technology and that offers protection, fault tolerance, performance, and recoverability. Progent's firewall experts can also help you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.

Progent's GISA and CISM-certified information security professionals can help your business to create a security policy that makes sense for your environment and can set up your PIX or ASA firewall to support your security strategy. Progent's security assessment consultants can assess the effectiveness of your existing firewall deployment and validate the overall security of your whole information system environment. Progentís Help Desk support team can deliver emergency online troubleshooting for Cisco products and offer fast access to a Cisco CCIE expert.

To learn more information concerning Progent's professional help for Cisco networking products, choose a topic:

If you wish to ask Progent about professional support for Cisco networking, call 1-800-993-9400 or see Contact Progent.

© 2002- 2018 Progent Corporation. All rights reserved.