Cisco PIX firewalls and Cisco ASA 5500 Series adaptive security appliances combine next-generation firewall, intrusion protection, and Virtual Private Network (VPN) functionality in an economical, one-box format. Both of these product families have been superseded by Cisco's ASA 5500-X line of security appliances with Firepower Services. (See configuration and debugging support for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and earlier-generation ASA 5500 model adaptive security appliances are widely used and continue to provide small and mid-size organizations a reliable firewall environment.

Cisco PIC and the original ASA 5500 firewalls deliver robust user and program policy enforcement, mutlivector attack defense, and secure access features. The enhanced knowledge sharing of consolidated protection features in a stand-alone package provides customers deploying these integrated firewalls the advantages of enhanced protection, reduced cost of ownership, and minimal maintenance costs.

PIX firewalls and the ASA 5500 product line join IOS Firewall, the FWSM for Catalyst 6500 switches, and 7600 family routers as components of Cisco's flexible, self-contained firewall solutions. Engineered with an expandable, modular platform, every device is equipped with a particular array of options to provide more efficient security to different network environments. These solutions can be individually deployed to protect specific areas of a connectivity infrastructure, or can be grouped for a systematic, protection-in-depth strategy following the architecture best practices described in the Cisco SAFE Blueprint. Rounding out the modular firewall product line, Cisco provides a comprehensive security management product portfolio, ranging from Cisco security device and Cisco IOS Software security features and embedded appliance controllers, to self-contained management applications, moving to make sure that businesses can productively use their Cisco security solution investments.

Cisco PIX Firewalls
PIX Security Appliance Series deliver robust user and application policy enforcement, multi-source attack defense, and secure connectivity features in cost-effective, easy-to-deploy modules. These specialized devices offer a broad range of integrated security and networking capabilities including process-aware firewall features, VoIP and multimedia security, reliable site-to-site and remote-connectivity IP Security Virtual Private Network networking, excellent resiliency, intelligent networking features, and versatile administration solutions. The PIX firewall Appliance product line ranges from small plug-and-play devices for small or at home offices to stackable gigabit appliances with investment protection for large business and ISP environments, PIX Security Appliance Series deliver high levels of security, speed, and availability for environments of any size.

PIX Security Consulting Firm

Built upon a hardened, specialized software platform that delivers rich protection features, Cisco PIX firewall appliances offer a high level of protection and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security (IPsec) certification. Cisco PIX firewalls offer security for a broad range of VoIP and additional mixed-media conventions including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping businesses to safeguard deployments of a broad array of current and next-generation IP voice and video applications.

Cisco PIX firewalls offer a wealth of configuration, monitoring, and analysis options, providing businesses the flexibility to use the methods that best match their needs. Management options include common, policy-based administration utilities, integrated web-based administration, and compatibility with remote-monitoring protocols such as SNMP and syslog. The integrated Adaptive Security Device Manager interface provides a powerful web-based control solution that significantly streamlines the installation, in-place modification, and monitoring of a specific Cisco PIX firewall without requiring any additional software other than an ordinary web browser and Java plug-in to be installed on an administrator's PC.

Administrators can also remotely configure, track, and analyze PIX firewall appliances via a command-line interface (CLI). Safe CLI interface communication is available using several techniques including SSHv2 Protocol, Telnet through IP Security, and out-of-band via a console port. Cisco PIX firewall appliances also have robust automatic-update features, a collection advanced secure remote-management options that ensure security configurations and software images are always current.

Cisco Adaptive Security Appliances Firewalls
Cisco ASA Firewalls are purpose-built solutions that incorporate advanced, industry-leading protection and Virtual Private Network services plus a flexible design. The result is a robust, multifunction network protection solution better suited to protect small and midsize company and larger networks and, at the same time, lower the overall deployment and operations expenses formerly required for this enhanced level of protection.

Cisco Adaptive Security Appliances (ASA) Firewalls Consulting Firm
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on technology behind the PIX 500 family firewall, the IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 Series concentrator. These technologies enable the Cisco ASA 5500 Series Firewall product line to offer a platform that defends against a wide range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide program protection, local containment and control, and clean VPN connectivity across Cisco's product line. This breadth of security enables the guarding of any network segment, including the most typical attack vectors like remote sites, LAN-attached internal users, and remote connected VPNs.

Cisco Adaptive Security Appliances firewalls deliver robust application security through intelligent, application-aware inspection processes that examine network flows at Layers 4-7. This produces a better protected network covering web, voice, and mobile wireless access. To defend environments from application-layer assaults and to give organizations greater policing of the applications and protocols utilized in their environments, Cisco's inspection engines incorporate broad application and protocol knowledge and employ protection enforcement solutions that include protocol anomaly detection and application and protocol state tracking. Also included are attack sensing and mitigation technology such as application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver management of IM and peer-to-peer file sharing, enabling organizations to enforce usage policies and free up network bandwidth for critical business processes.

While increasing network protection, Cisco ASA firewalls also decrease deployment and operational expenses. By offering broad VPN and security services, the Cisco Adaptive Security Appliances 5500 Series firewall can be a the only platform for a multitude of uses, enabling platform commonality. The Cisco Adaptive Security Appliances (ASA) firewall can be deployed as a converged attack-protection device at the datacenter by leveraging its connectivity control, process inspection, and malware mitigation technologies. The Cisco Adaptive Security Appliances (ASA) firewall can also be deployed as a dedicated remote access device utilizing its VPN capabilities. As an alternative, the Cisco ASA firewall operates capably in the network interior for inter-office connectivity management and to guard against malicious assaults internal workers may unwittingly release into the environment. For small business and branch office networks, the Cisco ASA firewall acts as a total solution platform offering complete intrusion defense and VPN functionality while suiting the budgets and operational demands of such deployments.

This versatile single-device, multiple-solution approach minimizes the number of appliances that must be deployed and managed while providing a standard operating and administrative system throughout all deployments. This approach simplifies the training of configuration, tracking, support, and security staff. To further reduce operations costs, Cisco Adaptive Security Appliances firewalls are also exceptionally network conscious, allowing these devices to insert gracefully into the network without interfering with legitimate data flow and processes.

How Progent's Consultants Can Assist Your Business with Cisco Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX security appliances incorporate an array of setup, monitoring, and troubleshooting options which offer you the ability to deploy these security appliances to align optimally with your company's requirements. Progent's CCIE authorized network professionals can assist you to support your existing infrastructure that includes Cisco ASA and/or PIX firewall technology and that provides protection, resilience, performance, and manageability. Progent can also help you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.

Progent's GISA and CISSP-ISSP-certified information security consultants can help you to develop a security policy that makes sense for your environment and can configure your PIX or ASA firewall to enforce your security policies. Progent's risk evaluation consultants can evaluate the strength of your current firewall deployment and audit the security of your entire IS network. Progentís Technical Response Center can provide emergency online troubleshooting for Cisco technology and offer fast access to a Cisco CCIE expert.

To see more information about Progent's professional support for Cisco technology, choose a topic:

If you wish to ask Progent about technical expertise for Cisco networking, phone 1-800-993-9400 or see Contact Progent.

© 2002- 2019 Progent Corporation. All rights reserved.