Cisco's PIX firewalls and Cisco ASA Series firewalls combine comprehensive firewall, intrusion defense, and Virtual Private Network (VPN) functionality in a cost-effective, single-cabinet package. Both product lines have been superseded by Cisco's ASA 5500-X series of firewalls with Firepower. (Refer to configuration and troubleshooting support for Cisco AA 5500-X firewalls with Firepower Services.) Still, both PIX and previous-generation Cisco ASA 5500 model firewalls are extensively deployed and continue to offer small and mid-size organizations a reliable firewall environment.

Cisco PIC and the original ASA 5500 firewalls deliver powerful client and application policy enforcement, mutlivector assault protection, and safe connectivity services. The enhanced knowledge sharing of consolidated protection features in a stand-alone package offers customers deploying these integrated firewalls the advantages of enhanced protection, reduced TCO, and minimal maintenance expense.

Cisco PIX security appliances and the ASA 5500 Series join IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 switches, and 7600 routers as parts of Cisco's versatile, integrated firewall solutions. Based on an expandable, building-block platform, each offering is equipped with a particular array of options to deliver more efficient protection to a variety of networking situations. These products can be individually deployed to secure specific areas of a network environment, or can be grouped for a systematic, defense-in-depth strategy following the design best practices described in Cisco's SAFE framework. Rounding out the integrated firewall product line, Cisco provides a complete security management product portfolio, spanning Cisco security device and Cisco IOS Software security features and built-in appliance managers, to standalone management applications, helping to ensure that customers can productively use their Cisco security infrastructure investments.

PIX Security Appliance Series
Cisco PIX Security Appliance Series deliver robust policy enforcement, multivector invasion protection, and safe networking services in economical, easy-to-deploy solutions. These specialized devices provide a broad range of built-in protection and connectivity capabilities such as process-aware firewall features, Voice over IP and multimedia security, reliable site-to-site and remote-connectivity IP Security Virtual Private Network (VPN) connectivity, excellent resiliency, smart networking features, and versatile management solutions. The PIX firewall Appliance family ranges from small plug-and-go desktop units for small or home offices to stackable gigabit appliances with investment protection for enterprise and service-provider environments, PIX firewalls provide high levels of protection, speed, and availability for environments of any size.

Cisco PIX Security Help

Based upon a hardened, specialized software platform that offers a wealth of protection features, PIX security appliances offer excellent security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IPsec qualification. PIX firewall appliances offer protection for a wide range of VoIP and additional mixed-media conventions such as H.323 Version 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol, helping organizations to safeguard installations of a wide array of contemporary and next-generation VoIP and mixed-media applications.

Cisco PIX firewalls offer a variety of configuration, tracking, and troubleshooting features, giving businesses the versatility to utilize the techniques that best match their needs. Administrative solutions include common, policy-based administration tools, integrated web-based management, and compatibility with remote-tracking protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface provides a world-class web-based management solution that significantly simplifies the installation, ongoing modification, and tracking of a specific Cisco PIX firewall without requiring any extra software other than an ordinary web browser and Java plug-in to be running on a manager's computer.

IT managers can also remotely configure, monitor, and analyze PIX security appliances via a command-line interface. Secure command-line interface (CLI) access is possible through several techniques such as Secure Shell (SSHv2) Protocol, Telnet over IP Security, and out-of-band via a console port. Cisco PIX firewall appliances also include dependable auto-update capabilities, a set advanced protected remote-management services that make sure that firewall configurations and software images are kept up to date.

Cisco Adaptive Security Appliances Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are specially engineered solutions that bring together advanced, industry-leading security and Virtual Private Network support with an adaptive design. The end product is a powerful, multifunction network protection appliance better able to defend small and medium business (SMB) and larger networks and, at the same time, lower the total installation and operations expenses formerly associated with this high level of protection.

Cisco Adaptive Security Appliances Firewalls Consultants
Cisco Adaptive Security Appliances Firewalls leverage engineering behind Cisco's PIX 500 Series firewall, Cisco's IPS 4200 sensor, and the VPN 3000 Series concentrator. These solutions enable the Cisco ASA Firewall product line to deliver a firewall that stops a wide range of threats. Cisco Adaptive Security Appliances 5500 Series Firewalls provide application protection, network containment, and clean Virtual Private Network connectivity throughout Cisco's product line. This breadth of security allows defense of any network segment, including the most common attack conduits like remote sites, LAN-attached internal users, and remote connected VPNs.

Cisco Adaptive Security Appliances 5500 Series firewalls deliver robust application security through intelligent, application-aware inspection engines that analyze traffic at Layers 4-7. This produces a better protected environment covering web, voice, and mobile wireless connectivity. To defend networks from application-layer assaults and to offer organizations more policing of the programs and protocols utilized in their networks, these inspection engines integrate broad application and protocol knowledgebases and rely on protection enforcement technologies such as anomaly sensing and state monitoring. Also included are attack sensing and remediation technology such as application and protocol command filtering and URL deobfuscation. Cisco ASA 5500 Series firewall inspection engines also provide management of instant messaging and tunneling applications, allowing organizations to enforce usage policies and conserve network bandwidth for vital business processes.

At the same time as improving security, Cisco Adaptive Security Appliances (ASA) firewalls also decrease deployment and operational expenses. By providing extensive Virtual Private Network and security services, the Cisco ASA firewall can be used as the single device for many uses, allowing platform commonality. The Cisco ASA firewall can be used as a consolidated attack-prevention device at a central location by leveraging its access control, process inspection, and malicious assault remediation technologies. The Cisco Adaptive Security Appliances firewall can also be deployed as a specialized remote connectivity device utilizing its Virtual Private Network features. As an alternative, the Cisco Adaptive Security Appliances (ASA) firewall operates capably inside the network for interdepartmental connectivity control and to guard against malicious assaults internal workers may inadvertently introduce into the environment. For small company and satellite office networks, the Cisco ASA firewall serves as an all-in-one device offering comprehensive intrusion prevention and VPN services while suiting the cost structure and operational models of such deployments.

This versatile one-device, multiple-solution approach minimizes the number of appliances that need to be deployed and managed while offering a standard functional and management environment across all those deployments. This architecture simplifies the training of configuration, tracking, support, and protection personnel. To further minimize operations expenses, Cisco Adaptive Security Appliances firewalls are also exceptionally network conscious, enabling them to insert gracefully into the environment without interfering with legitimate traffic and applications.

How Progent's Cisco Certified Experts Can Assist Your Business with Cisco Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX family security appliances incorporate an array of setup, monitoring, and troubleshooting options which offer you the flexibility to set up these security appliances to match your company's requirements. Progent's CCIE certified network experts can show you how to maintain your current network infrastructure that incorporates Cisco ASA or PIX firewalls and that provides protection, fault tolerance, performance, and recoverability. Progent can also assist your organization to migrate to ASA 5500-X firewalls with Firepower Services.

Progent's GISA and CISM-certified IS security consultants can help your business to develop a security strategy appropriate for your situation and can set up your security appliance to enforce your security policies. Progent's security assessment professionals can evaluate the strength of your existing firewall deployment and help determine the overall security of your whole information system network. Progentís Help Desk Call Center can deliver emergency online technical support for Cisco products and can give you fast access to a Cisco CCIE expert.

To learn additional details concerning Progent's consulting expertise for Cisco products, select a topic:

In order to ask Progent about engineering support for Cisco technology, call 1-800-993-9400 or refer to Contact Progent.

© 2002- 2019 Progent Corporation. All rights reserved.