Cisco PIX family firewalls and Cisco ASA 5500 Series firewalls combine comprehensive firewall, intrusion protection, and Virtual Private Network (VPN) functionality in a cost-effective, single-box format. Both of these product lines have been superseded by the ASA 5500-X family of security appliances with Firepower Services. (See configuration and debugging expertise for ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation ASA 5500 Series firewalls are widely deployed and continue to offer small and mid-size companies a viable security environment.

PIX and legacy ASA 5500 firewalls offer powerful user and application policy support, mutlivector attack protection, and safe connectivity features. The increased intelligence sharing of integrated protection services in a single platform offers users implementing these aggregated solutions the benefits of enhanced protection, lower cost of ownership, and minimal management expense.

PIX security appliances and the ASA 5500 Series combine with IOS Firewall, the FWSM for Cisco Catalyst 6500 family switches, and Cisco 7600 Series routers as parts of Cisco's flexible, integrated firewall solutions. Engineered with a scalable, modular platform, each offering is designed with a specific array of options to provide more efficient security to different network environments. These products can be individually deployed to protect specific areas of the network environment, or can be combined for a systematic, protection-in-depth strategy following the design best practices outlined in the Cisco SAFE Blueprint. Completing the modular firewall solutions, Cisco has developed a complete security management catalog, spanning Cisco security device and IOS Software security components and embedded device managers, to standalone management applications, helping to ensure that businesses can effectively manage their Cisco protection infrastructure investments.

PIX Firewalls
PIX firewall appliances deliver robust policy support, multivector invasion protection, and safe connectivity services in economical, easy-to-deploy solutions. These purpose-built devices offer a broad range of built-in protection and connectivity services such as process-aware firewall services, Voice over IP and multimedia protection, robust multi-site and remote-access IPcec Virtual Private Network networking, high availability, intelligent networking services, and flexible administration options. The PIX Security Appliance Series product line ranges from small plug-and-go desktop units for small and home offices to modular gigabit appliances with investment protection for enterprise and ISP environments, PIX Security Appliance Series deliver high levels of protection, speed, and availability for environments of all sizes.

Cisco PIX Security Help

Built upon a tested, purpose-built software platform that delivers rich security features, PIX security appliances provide a high level of security and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec certification. PIX firewall appliances offer security for a wide range of VoIP and additional multimedia standards such as H.323 Version 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, enabling businesses to protect installations of a broad range of current and next-generation Voice over IP and multimedia applications.

Cisco PIX security appliances offer a variety of setup, tracking, and troubleshooting options, providing businesses the versatility to utilize the methods that best match their needs. Administrative solutions include centralized, policy-based administration tools, integrated web-accessible administration, and compatibility with remote-tracking standards like Simple Network Management Protocol and syslog. The integrated ASDM system provides a powerful web-accessible control platform that greatly streamlines the installation, in-place configuration, and tracking of a specific Cisco PIX firewall appliance without the need of any extra utility other than a standard web browser and Java plug-in to be installed on an administrator's PC.

IT managers can also remotely set up, track, and troubleshoot PIX firewalls using a CLI interface. Safe command-line interface (CLI) access is possible through several techniques such as Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band via a console port. PIX security appliances also have robust automatic-update features, a collection of protected remote-administration options that make sure that firewall configurations and software images are always current.

Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco ASA Firewalls are specially engineered solutions that bring together market-proven, best-of-breed security and Virtual Private Network services plus an adaptive design. The end product is a powerful, multifunction network security solution better suited to protect small and medium company and enterprise networks and, at the same time, lower the total installation and maintenance expenses formerly associated with this enhanced degree of protection.

>Cisco Adaptive Security Appliances Firewalls Experts
Cisco Adaptive Security Appliances Firewalls leverage engineering behind the PIX 500 Series firewall, the IPS 4200 Series sensor, and the Cisco VPN 3000 Series concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to deliver a firewall that defends against a wide range of attacks. Cisco Adaptive Security Appliances Firewalls deliver application security, network containment and control, and safe Virtual Private Network functionality across the entire product line. This breadth of security allows the guarding of any network area, including the most typical attack vectors like remote sites, LAN-connected internal users, and remote connected Virtual Private Networks.

Cisco Adaptive Security Appliances 5500 Series firewalls deliver a high-level of application protection via intelligent, application-aware inspection processes that analyze network flows at Layers 4-7. The result is a safer environment covering web, voice, and mobile wireless services. To defend networks from application-layer assaults and to give organizations greater control over the applications and protocols used in their networks, these inspection engines incorporate broad application and protocol knowledge and rely on protection enforcement technologies such as anomaly detection and state monitoring. Also incorporated are attack sensing and mitigation techniques including application and protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver management of instant messaging and tunneling applications, allowing businesses to police usage policies and recover network bandwidth for critical business applications.

At the same time as increasing network protection, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also decrease installation and support costs. By providing broad VPN and protection services, the Cisco Adaptive Security Appliances firewall can be a single device for a multitude of environments, enabling product commonality. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as a converged threat-prevention device at a central location by taking advantage of its access control, application inspection, and worm, virus, and other malware remediation technologies. The Cisco Adaptive Security Appliances firewall can also be used as a specialized remote connectivity solution utilizing its Virtual Private Network capabilities. Alternatively, the Cisco ASA 5500 Series firewall operates equally well inside the network for inter-office access management and to guard against malicious assaults internal workers may unwittingly introduce into the network. In small business and satellite office networks, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves as a total solution platform providing complete threat prevention and Virtual Private Network functionality while suiting the budgets and performance models of these situations.

This versatile one-device, many-use design reduces the total number of devices that need to be deployed and maintained while providing a common functional and management environment throughout all those installations. This architecture streamlines the education of setup, tracking, troubleshooting, and security staff. To further reduce operations expenses, Cisco Adaptive Security Appliances 5500 Series firewalls are also highly network aware, enabling these devices to insert seamlessly into the network without disrupting legitimate traffic and processes.

How Progent's Consultants Can Help You with Cisco PIX and ASA Security Appliances
Cisco ASA 5500 Series firewalls and PIX security appliances incorporate a wealth of setup, monitoring, and analysis features which offer you the flexibility to set up these security appliances to align optimally with your business requirements. Progent's CCIE certified network professionals can show you how to maintain your existing infrastructure that incorporates Cisco ASA or PIX firewall technology and that offers security, fault tolerance, throughput, and recoverability. Progent can also help your organization to upgrade to ASA 5500-X firewalls with Firepower Services.

Progent's GISA and CISM-qualified information security experts can assist you to create a security strategy that makes sense for your environment and can configure your PIX or ASA firewall to enforce your security policies. Progent's risk assessment professionals can assess the strength of your existing firewall deployment and validate the overall security of your whole IT network. Progentís Help Desk support team can provide urgent remote technical support for Cisco products and can give you quick access to a Cisco CCIE network engineer.

To find out additional information concerning Progent's consulting expertise for Cisco networking products, select a subject:

If you wish to contact Progent about engineering expertise for Cisco networking, call 1-800-993-9400 or refer to Contact Progent.
















© 2002- 2018 Progent Corporation. All rights reserved.