Cisco PIX firewalls and ASA Series firewalls integrate next-generation firewall, intrusion protection, and Virtual Private Network (VPN) technologies in an affordable, single-box package. Both of these product lines have been replaced by the ASA 5500-X series of firewalls with Firepower Services. (See configuration and debugging help with ASA 5500-X firewalls with Firepower Services.) Still, both PIX and first-generation Cisco ASA 5500 Series adaptive security appliances are widely used and continue to provide small and mid-size organizations a viable firewall solution.

Cisco PIC and legacy ASA 5500 firewalls offer powerful user and application policy support, mutlivector assault defense, and secure connectivity features. The enhanced intelligence sharing of integrated security services in a single package provides users implementing these aggregated firewalls the benefits of enhanced protection, reduced TCO, and smaller maintenance costs.

PIX firewalls and Cisco's ASA 5500 family join Cisco IOS Firewall, the Firewall Services Module (FWSM) for Cisco Catalyst 6500 family switches, and Cisco 7600 routers as components of Cisco's flexible, self-contained firewall line. Engineered with a scalable, building-block approach, each offering is equipped with a particular feature set to deliver better protection to different networking environments. These products can be individually installed to secure specific areas of the connectivity environment, or can be combined for a systematic, protection-in-depth strategy based on the design leading practices outlined in Cisco's SAFE Blueprint. Completing the integrated firewall product line, Cisco provides a comprehensive security management offering, spanning Cisco security appliance and IOS Software security components and built-in appliance managers, to standalone management applications, helping to make sure that businesses can effectively use their Cisco protection solution investments.

PIX Firewall Appliances
PIX firewall appliances offer reliable user and application policy support, multivector attack defense, and secure connectivity features in cost-effective, simple-to-configure modules. These purpose-built appliances provide a wealth of built-in security and connectivity services such as application-aware firewall features, Voice over IP and multimedia security, robust multi-site and remote-connectivity IP Security (IPsec) VPN networking, high availability, intelligent networking features, and versatile administration options. The PIX Security Appliance Series family spans compact plug-and-play desktop units for small offices and home offices to stackable high-bandwidth products with investment protection for large business and service-provider customers, PIX firewall appliances deliver high levels of security, speed, and reliability for network environments of any size.

Cisco PIX Security Experts

Based around a tested, specialized OS that delivers a wealth of protection features, Cisco PIX firewall appliances offer a high level of protection and have been awarded EAL 4 status and ICSA Firewall and IP Security certification. PIX firewall appliances provide security for a broad range of VoIP and additional multimedia conventions such as H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, RTSP, and MGCP, helping organizations to safeguard deployments of a broad array of current and upcoming Voice over IP and multimedia applications.

Cisco PIX security appliances feature a variety of setup, monitoring, and troubleshooting options, providing IT managers the versatility to utilize the techniques that best match their needs. Administrative options include centralized, policy-based administration tools, integrated web-accessible administration, and support for remote-monitoring protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface provides a world-class web-accessible management platform that greatly streamlines the installation, ongoing modification, and monitoring of a single PIX firewall without the need of any additional utility other than an ordinary browser and Java applet to be installed on an administrator's computer.

IT managers can also remotely set up, monitor, and troubleshoot Cisco PIX firewall appliances using a command-line interface (CLI). Secure command-line interface (CLI) access is possible using a number of methods such as SSHv2 Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. PIX security appliances also include robust automatic-update capabilities, a set of secure remote-management options that ensure firewall configurations and software images are kept current.

Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are specially engineered devices that bring together advanced, best-of-breed security and Virtual Private Network support with an adaptive design. The end product is a powerful, multifunction network protection solution better able to defend small and midsize business (SMB) and larger networks and, simultaneously, lower the overall installation and operations costs previously required for this enhanced degree of security.

>Cisco ASA Firewalls Consultants
Cisco ASA 5500 Series Firewalls build on engineering developed for the Cisco PIX 500 family Security Appliance, the Cisco IPS 4200 sensor, and the Cisco VPN 3000 family concentrator. These technologies enable the Cisco ASA 5500 Series Firewall family to offer a platform that defends against a wide range of threats. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver application protection, network containment, and clean VPN connectivity throughout the entire product portfolio. This breadth of security enables defense of any network segment, which includes the most typical threat vectors like remote locations, LAN-attached internal users, and off-site connected Virtual Private Networks.

Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide a high-level of application protection through smart, application-aware inspection processes that analyze network flows at Layers 4-7. This results in a more secure network covering web, voice, and mobile wireless services. To protect environments against application-layer assaults and to offer organizations greater policing of the applications and protocols used in their environments, these inspection engines integrate broad application and protocol knowledge and employ protection enforcement solutions that include anomaly detection and application and protocol state monitoring. Also included are assault sensing and mitigation technology such as application/protocol command filters and content verification. Cisco Adaptive Security Appliances firewall inspection engines also deliver management of instant messaging and tunneling applications, allowing organizations to enforce usage policies and free up bandwidth for crucial business processes.

While improving network security, Cisco Adaptive Security Appliances (ASA) firewalls also lower deployment and support costs. By offering broad VPN and protection functions, the Cisco Adaptive Security Appliances (ASA) firewall can be used as the the only platform for a multitude of environments, allowing platform standardization. The Cisco ASA 5500 Series firewall can be deployed as a consolidated threat-protection appliance at the datacenter by taking advantage of its access control, process inspection, and malware remediation technologies. The Cisco Adaptive Security Appliances (ASA) firewall can also be deployed as a dedicated remote connectivity device using its VPN capabilities. As another option, the Cisco Adaptive Security Appliances (ASA) firewall serves equally well inside the network for inter-office connectivity control and to guard against worms, viruses, and other malicious code inside users may inadvertently introduce into the network. In small business and branch office networks, the Cisco Adaptive Security Appliances firewall serves as a total solution device providing comprehensive threat defense and VPN services while fitting within the cost structure and operational models of such situations.

This versatile one-platform, many-solution design minimizes the total number of devices that must be installed and maintained while offering a common functional and administrative system across all those deployments. This approach streamlines the education of configuration, tracking, troubleshooting, and security personnel. To further reduce maintenance expenses, Cisco Adaptive Security Appliances firewalls are also highly network conscious, allowing them to integrate seamlessly into the network without interfering with authorized data flow and applications.

How Progent's Consultants Can Assist You with Cisco Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX family security appliances provide an array of setup, tracking, and troubleshooting features that give you the flexibility to set up these firewalls to match your company's needs. Progent's CCIE authorized network professionals can show you how to maintain your current network infrastructure that includes Cisco ASA and/or PIX firewalls and that provides protection, fault tolerance, throughput, and recoverability. Progent's firewall experts can also assist you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.

Progent's GISA and CISM-certified information security professionals can help you to develop a security strategy appropriate for your business and can set up your firewall to enforce your security policies. Progent's risk evaluation consultants can evaluate the strength of your current firewall solution and validate the overall security of your whole IS environment. Progentís Technical Response Center (TRC) can provide urgent remote troubleshooting for Cisco technology and offer quick access to a Cisco network engineer.

To see additional information concerning Progent's consulting assistance for Cisco products, choose a subject:

If you wish to get in touch with Progent about technical support for Cisco products, call 1-800-993-9400 or refer to Contact Progent.

© 2002- 2017 Progent Corporation. All rights reserved.