Cisco's PIX firewalls and ASA Series firewalls integrate comprehensive firewall, intrusion defense, and VPN technologies in an economical, single-box package. Both of these product families have been replaced by the ASA 5500-X line of firewalls with Firepower Services. (See configuration and debugging help with Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and previous-generation Cisco ASA 5500 Series firewalls are widely deployed and continue to offer small and mid-size companies a reliable firewall environment.

Cisco PIC and legacy ASA 5500 firewalls deliver powerful client and program policy support, mutlivector assault defense, and safe connectivity services. The increased knowledge sharing of integrated security features in a single platform provides users implementing these aggregated solutions the benefits of enhanced security, lower cost of ownership, and smaller maintenance expense.

Cisco PIX security appliances and the ASA 5500 product line join Cisco IOS Firewall, the FWSM for Catalyst 6500 Series switches, and 7600 Series routers as parts of Cisco's flexible, self-contained firewall line. Engineered with an expandable, modular approach, every offering is equipped with a specific array of options to provide more efficient protection to different networking situations. These products can be individually installed to protect certain areas of the network infrastructure, or can be grouped for a systematic, defense-in-depth strategy based on the design leading practices described in Cisco's SAFE framework. Completing the modular firewall solutions, Cisco provides a comprehensive security management portfolio, ranging from Cisco security device and IOS security features and built-in device managers, to self-contained management utilities, moving to ensure that customers can productively manage their Cisco security solution purchases.

Cisco PIX Firewalls
PIX Security Appliance Series deliver reliable user and application policy support, multi-source attack protection, and secure networking services in economical, out-of-the-box modules. These purpose-built devices provide a broad range of integrated security and connectivity capabilities such as process-aware firewall services, VoIP and multimedia security, reliable site-to-site and remote-connectivity IP Security (IPsec) VPN connectivity, fault tolerance, smart networking features, and flexible administration solutions. The PIX firewall Appliance product line spans small plug-and-go devices for small offices and at home offices to stackable gigabit products with investment protection for enterprise and ISP environments, PIX firewalls provide high levels of protection, speed, and availability for environments of all sizes.

Cisco PIX Firewalls Support

Built around a tested, specialized software platform that offers a wealth of security services, Cisco PIX firewalls offer a high level of protection and have been awarded EAL 4 status and ICSA Labs Firewall and IPsec certification. PIX firewall appliances offer security for a broad array of Voice over IP and other multimedia conventions such as H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping businesses to safeguard installations of a broad range of current and upcoming Voice over IP and video applications.

PIX security appliances feature a wealth of configuration, monitoring, and troubleshooting options, giving businesses the versatility to utilize the techniques that best match their needs. Management solutions include centralized, policy-based administration tools, integrated web-accessible administration, and compatibility with remote-tracking protocols like Simple Network Management Protocol and syslog. The integrated ASDM interface provides a world-class web-accessible control solution that significantly streamlines the installation, ongoing configuration, and tracking of a specific Cisco PIX security appliance without requiring any additional software other than a standard web browser and Java plug-in to be installed on a manager's PC.

Administrators can also remotely set up, track, and analyze PIX firewalls via a CLI interface. Secure command-line interface communication is possible using a number of methods such as Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. PIX firewall appliances also include robust auto-update features, a set advanced protected remote-administration options that make sure that firewall settings and software images are always current.

Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco ASA Firewalls are specially engineered solutions that bring together market-proven, best-of-breed security and VPN services plus an adaptive architecture. The end product is a powerful, multifunction network protection appliance better able to protect small and medium business (SMB) and larger networks and, at the same time, lower the overall installation and operations expenses previously required for this enhanced level of security.

>Cisco Adaptive Security Appliances Firewalls Experts
Cisco ASA 5500 Series Firewalls leverage engineering behind the PIX 500 family Security Appliance, the Cisco IPS 4200 family sensor, and the Cisco VPN 3000 family concentrator. These technologies enable the Cisco ASA 5500 Series Firewall product line to deliver a firewall that defends against a wide range of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver program security, network containment, and clean Virtual Private Network connectivity across the entire product portfolio. This breadth of protection allows defense of any network area, which includes the most common threat conduits like remote sites, locally-connected internal users, and remote access Virtual Private Networks.

Cisco ASA firewalls provide a high-level of application security via intelligent, application-aware inspection engines that examine traffic at Layers 4-7. The result is a more secure network covering web, voice, and mobile wireless access. To defend networks against application-layer assaults and to give organizations greater control over the applications and protocols utilized in their environments, Cisco's inspection engines integrate extensive application and protocol knowledge and employ protection enforcement technologies such as protocol anomaly sensing and state monitoring. Also included are assault sensing and remediation technology including application and protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver control over IM and tunneling applications, allowing organizations to enforce usage policies and conserve bandwidth for important business applications.

While increasing security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower installation and support expenses. By providing broad Virtual Private Network and security functions, the Cisco ASA firewall can be a single device for a multitude of environments, enabling product standardization. The Cisco Adaptive Security Appliances 5500 Series firewall can be deployed as a consolidated threat-prevention appliance at a central location by taking advantage of its connectivity control, application inspection, and worm, virus, and other malware remediation capabilities. The Cisco Adaptive Security Appliances (ASA) firewall can also be used as a specialized remote access solution utilizing its VPN features. Alternatively, the Cisco ASA 5500 Series firewall serves capably inside the network for inter-office connectivity control and to defend against malicious assaults inside users might inadvertently introduce into the network. For small company and branch office networks, the Cisco ASA 5500 Series firewall acts as an all-in-one platform offering complete threat prevention and VPN functionality while suiting the budgets and operational demands of such situations.

This adaptive single-device, many-use approach reduces the total number of appliances that need to be installed and maintained while offering a common functional and management system throughout all those installations. This architecture simplifies the education of setup, monitoring, support, and security personnel. To further minimize operations expenses, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also highly network conscious, enabling them to insert seamlessly into the environment without disrupting legitimate data flow and applications.

How Progent's Consultants Can Assist Your Business with Cisco Firewalls
Cisco ASA 5500 Series adaptive security appliances and PIX family security appliances incorporate an array of configuration, tracking, and analysis options that give you the flexibility to deploy these security appliances to match your company's needs. Progent's CCIE certified network experts can help you to support your existing infrastructure that includes Cisco ASA or PIX firewalls and that offers protection, fault tolerance, performance, and recoverability. Progent's firewall experts can also assist your organization to upgrade to ASA 5500-X firewalls with Firepower Services.

Progent's CISA and CISSP-ISSP-certified information security professionals can assist your business to create a security strategy appropriate for your business and can set up your PIX or ASA firewall to support your security policies. Progent's risk assessment engineers can evaluate the effectiveness of your existing firewall deployment and audit the overall security of your whole IT network. Progentís Technical Response Center can provide urgent online troubleshooting for Cisco products and can give you fast access to a Cisco CCIE expert.

To learn more information about Progent's consulting expertise for Cisco technology, choose a topic:

To ask Progent about technical expertise for Cisco networking, phone 1-800-993-9400 or refer to Contact Progent.

© 2002- 2018 Progent Corporation. All rights reserved.