Cisco PIX family security appliances and ASA Series adaptive security appliances integrate next-generation firewall, intrusion defense, and Virtual Private Network (VPN) functionality in an affordable, one-box package. Both product families have been replaced by Cisco's ASA 5500-X family of security appliances with Firepower. (Refer to integration and debugging expertise for Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and previous-generation ASA 5500 model adaptive security appliances are widely used and continue to deliver small and mid-size organizations a reliable security solution.

PIX and the original ASA 5500 firewalls deliver powerful user and application policy enforcement, mutlivector assault protection, and safe connectivity features. The enhanced knowledge sharing of consolidated protection services in a single package offers users deploying these integrated firewalls the advantages of advanced security, lower TCO, and smaller maintenance costs.

PIX security appliances and the ASA 5500 Series join IOS Firewall, the FWSM for Catalyst 6500 Series switches, and 7600 Series routers as components of Cisco's flexible, integrated firewall solutions. Based on an expandable, modular platform, every device is equipped with a specific feature set to provide better protection to a variety of network environments. These solutions can be individually installed to protect certain facets of a network environment, or can be combined for a systematic, defense-in-depth approach based on the architecture best practices outlined in the Cisco SAFE Blueprint. Rounding out the integrated firewall solutions, Cisco has developed a comprehensive security management catalog, spanning Cisco security appliance and Cisco IOS Software security features and embedded device managers, to standalone management utilities, moving to ensure that businesses can effectively manage their Cisco protection infrastructure purchases.

Cisco PIX Firewall Appliances
Cisco PIX firewalls offer robust policy enforcement, multi-source attack protection, and secure connectivity features in economical, simple-to-configure modules. These purpose-built appliances provide a wealth of built-in security and connectivity capabilities including application-aware firewall features, Voice over IP (VoIP) and multimedia security, robust site-to-site and remote-access IP Security Virtual Private Network networking, high availability, smart networking features, and versatile administration options. The PIX Security Appliance Series family ranges from compact plug-and-go appliances for small offices or home offices to modular gigabit products with ROI for enterprise and service-provider environments, PIX firewall appliances provide dependable security, performance, and availability for environments of all sizes.

Cisco PIX Security Support

Built upon a tested, specialized software platform that offers a wealth of security features, PIX firewall appliances offer a high level of security and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec certification. PIX firewalls provide protection for a wide range of VoIP and additional multimedia conventions such as H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), enabling organizations to safeguard deployments of a wide array of current and next-generation Voice over IP and mixed-media applications.

PIX firewalls feature a wealth of setup, monitoring, and troubleshooting features, providing businesses the flexibility to use the techniques that most closely match their requirements. Management options include common, policy-based administration utilities, integrated web-accessible management, and support for remote-tracking protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM system offers a powerful web-accessible management solution that greatly streamlines the deployment, ongoing modification, and monitoring of a single PIX firewall appliance without requiring any extra utility other than a standard web browser and Java plug-in to be installed on an administrator's computer.

IT managers can also remotely configure, track, and troubleshoot Cisco PIX firewalls using a command-line interface (CLI). Secure command-line interface communication is possible through several methods including Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band via a console port. PIX firewall appliances also include robust auto-update features, a collection advanced secure remote-management services that make sure that security configurations and software images are kept current.

Cisco Adaptive Security Appliances Firewalls
Cisco ASA 5500 Series Firewalls are purpose-built devices that bring together advanced, best-of-breed security and VPN support plus an adaptive architecture. The result is a robust, versatile network security solution better able to protect small and midsize business and larger networks and, at the same time, reduce the overall installation and operations expenses previously required for this high degree of protection.

>Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls Consultants
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on engineering behind Cisco's PIX 500 Series Security Appliance, the Cisco IPS 4200 Series Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These solutions converge on the Cisco ASA 5500 Series Firewall product line to offer a firewall that defends against a broad range of threats. Cisco Adaptive Security Appliances (ASA) Firewalls provide application security, network containment, and clean Virtual Private Network functionality across Cisco's product portfolio. This breadth of protection allows defense of any network area, including the most common threat vectors such as remote sites, locally-attached internal users, and remote access Virtual Private Networks.

Cisco Adaptive Security Appliances firewalls provide strong application protection through intelligent, application-sensitive inspection processes that analyze network flows at Layers 4-7. This results in a safer environment covering web, voice, and mobile wireless services. To protect networks from application-layer assaults and to give organizations greater control over the programs and protocols utilized in their networks, Cisco's inspection engines incorporate broad application and protocol knowledgebases and employ security enforcement technologies that include protocol anomaly detection and state monitoring. Also included are attack detection and mitigation technology such as application/protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver management of IM and tunneling applications, enabling organizations to enforce usage policies and preserve network bandwidth for crucial business processes.

While increasing security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower deployment and operational costs. By providing extensive Virtual Private Network and protection functions, the Cisco Adaptive Security Appliances (ASA) firewall can be used as the the only platform for many environments, allowing product commonality. The Cisco Adaptive Security Appliances firewall can be used as a converged threat-prevention device at a central location by taking advantage of its connectivity control, process inspection, and worm, virus, and other malware remediation capabilities. The Cisco Adaptive Security Appliances (ASA) firewall can also be used as a specialized remote access device utilizing its VPN features. As an alternative, the Cisco Adaptive Security Appliances 5500 Series firewall serves equally well inside the network for interdepartmental connectivity control and to guard against worms, viruses, and other malicious code inside workers may unknowingly release into the network. In small company and branch office environments, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves as a total solution device offering comprehensive threat defense and VPN services while suiting the cost structure and performance demands of such deployments.

This adaptive one-platform, many-solution design reduces the number of devices that need to be installed and managed while offering a standard functional and management system throughout all those deployments. This architecture simplifies the education of setup, tracking, support, and security personnel. To further minimize maintenance expenses, Cisco ASA firewalls are also highly network conscious, enabling them to integrate seamlessly into the network without disrupting authorized data flow and applications.

How Progent's Consultants Can Help You with Cisco PIX and ASA Security Appliances
Cisco's ASA 5500 Series firewalls and PIX security appliances provide a wealth of configuration, monitoring, and analysis features that offer you the flexibility to deploy these firewalls to align optimally with your company's requirements. Progent's CCIE authorized network experts can assist you to support your existing infrastructure that includes Cisco ASA and/or PIX firewalls and that offers protection, fault tolerance, throughput, and recoverability. Progent's firewall experts can also assist your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.

Progent's GISA and CISM-certified IS security experts can help you to develop a security policy appropriate for your situation and can configure your PIX or ASA firewall to support your security strategy. Progent's risk evaluation engineers can evaluate the strength of your current firewall deployment and help determine the overall security of your whole IT environment. Progentís Technical Response Center can provide urgent remote technical support for Cisco technology and offer fast access to a Cisco CCIE expert.

For additional details concerning Progent's consulting expertise for Cisco products, choose a subject:

If you wish to contact Progent about consulting support for Cisco networking, phone 1-800-993-9400 or refer to Contact Progent.

© 2002- 2018 Progent Corporation. All rights reserved.