Cisco PIX family firewalls and ASA Series firewalls combine next-generation firewall, intrusion protection, and Virtual Private Network (VPN) technologies in an economical, single-box package. Both of these product families have been replaced by the ASA 5500-X family of firewalls with Firepower. (See configuration and troubleshooting help with Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and previous-generation Cisco ASA 5500 model adaptive security appliances are widely deployed and continue to provide small and mid-size organizations a reliable security environment.

PIX and the original ASA 5500 firewalls deliver powerful client and program policy enforcement, mutlivector assault defense, and secure connectivity services. The enhanced intelligence sharing of consolidated protection features in a stand-alone package provides users implementing these aggregated firewalls the advantages of enhanced security, reduced TCO, and smaller maintenance costs.

PIX security appliances and the ASA 5500 family combine with IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 family switches, and Cisco 7600 Series routers as components of Cisco's flexible, integrated firewall solutions. Engineered with a scalable, building-block platform, each offering is designed with a particular feature set to deliver better protection to a variety of networking environments. These products can be individually deployed to protect specific facets of a connectivity environment, or can be grouped for a layered, defense-in-depth strategy following the design best practices described in Cisco's SAFE Blueprint. Rounding out the modular firewall solutions, Cisco has developed a complete security management portfolio, ranging from Cisco security appliance and Cisco IOS Software security features and embedded device controllers, to standalone management utilities, helping to ensure that customers can productively use their Cisco security infrastructure purchases.

PIX Firewalls
Cisco PIX Security Appliance Series deliver reliable policy support, multi-source invasion protection, and safe networking services in cost-effective, easy-to-deploy solutions. These specialized appliances offer a wealth of integrated protection and connectivity services such as process-aware firewall features, Voice over IP and multimedia security, reliable multi-location and remote-access IPcec Virtual Private Network networking, high availability, intelligent networking services, and flexible management solutions. The Cisco PIX firewall product line spans compact plug-and-go devices for small and home offices to stackable gigabit products with investment protection for enterprise and ISP environments, Cisco PIX Security Appliance Series deliver high levels of security, performance, and reliability for environments of any size.

PIX Security Experts

Based around a hardened, specialized OS that delivers a wealth of protection features, Cisco PIX firewall appliances provide excellent protection and have earned EAL 4 status and ICSA Labs Firewall and IPsec certification. PIX firewalls provide protection for a broad array of Voice over IP and other multimedia standards including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and MGCP, enabling organizations to safeguard deployments of a broad range of contemporary and next-generation VoIP and video applications.

PIX firewall appliances feature a wealth of setup, monitoring, and analysis options, giving businesses the versatility to use the methods that best meet their requirements. Management solutions include centralized, policy-based administration utilities, integrated web-based management, and compatibility with remote-tracking standards like SNMP and syslog. The integrated Adaptive Security Device Manager system provides a powerful web-accessible management platform that greatly streamlines the installation, ongoing modification, and tracking of a single Cisco PIX security appliance without the need of any additional utility other than an ordinary web browser and Java applet to be installed on a manager's PC.

Administrators can also remotely set up, track, and analyze PIX security appliances using a command-line interface (CLI). Safe command-line interface access is possible using a number of methods including Secure Shell Protocol, Telnet over IPsec, and out-of-band through a console port. Cisco PIX firewall appliances also include dependable automatic-update features, a set of secure remote-administration services that make sure that firewall settings and software images are always up to date.

Cisco Adaptive Security Appliances Firewalls
Cisco ASA 5500 Series Firewalls are specially engineered devices that incorporate market-proven, best-of-breed security and Virtual Private Network services with a flexible design. The result is a robust, versatile network security solution better suited to protect small and medium business and enterprise networks and, at the same time, lower the overall installation and maintenance expenses previously required for this high level of security.

>Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls Experts
Cisco ASA Firewalls build on engineering behind the Cisco PIX 500 family firewall, the IPS 4200 sensor, and the VPN 3000 model concentrator. These technologies converge on the Cisco Adaptive Security Appliances Firewall family to offer a platform that defends against a broad range of attacks. Cisco ASA Firewalls deliver application protection, local containment and control, and safe Virtual Private Network functionality across the entire product portfolio. This broad scope of protection allows defense of any network area, including the most common threat vectors such as remote locations, LAN-connected internal users, and off-site access VPNs.

Cisco Adaptive Security Appliances firewalls provide robust application protection through intelligent, application-sensitive inspection engines that analyze traffic at Layers 4-7. The result is a better protected environment including web, voice, and mobile wireless access. To protect environments against application-layer assaults and to give organizations greater policing of the applications and protocols utilized in their environments, Cisco's inspection engines integrate broad application and protocol knowledgebases and employ protection enforcement solutions such as anomaly detection and application and protocol state monitoring. Also included are assault sensing and mitigation technology such as application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver management of IM and peer-to-peer file sharing, allowing organizations to police usage policies and recover bandwidth for vital business applications.

While improving security, Cisco Adaptive Security Appliances 5500 Series firewalls also lower deployment and support costs. By offering broad VPN and security functions, the Cisco Adaptive Security Appliances firewall can be a the only platform for many environments, allowing product standardization. The Cisco Adaptive Security Appliances 5500 Series firewall can be deployed as a converged threat-protection appliance at a central location by taking advantage of its connectivity control, process inspection, and malicious assault mitigation technologies. The Cisco ASA 5500 Series firewall can also be used as a dedicated remote access solution utilizing its VPN features. Alternatively, the Cisco Adaptive Security Appliances 5500 Series firewall performs equally well inside the network for interdepartmental access management and to guard against malware inside users might inadvertently release into the environment. For small company and satellite office networks, the Cisco ASA 5500 Series firewall acts as an all-in-one device offering complete threat defense and Virtual Private Network functionality while suiting the budgets and performance models of these situations.

This adaptive one-device, multiple-use design reduces the total number of devices that must be deployed and maintained while offering a common functional and management system across all those deployments. This architecture simplifies the training of configuration, tracking, support, and protection staff. To further reduce operations costs, Cisco Adaptive Security Appliances (ASA) firewalls are also highly network conscious, allowing these devices to insert gracefully into the network without disrupting authorized traffic and processes.

How Progent's Consultants Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco's ASA 5500 Series firewalls and PIX firewalls incorporate a wealth of configuration, monitoring, and troubleshooting options which offer you the flexibility to configure these security appliances to match your business requirements. Progent's CCIE authorized network consultants can help you to support your current network infrastructure that incorporates Cisco ASA or PIX firewalls and that provides protection, fault tolerance, throughput, and recoverability. Progent can also help your organization to upgrade to ASA 5500-X firewalls with Firepower Services.

Progent's GISA and CISSP-ISSP-qualified information security professionals can assist you to create a security policy that makes sense for your situation and can set up your security appliance to enforce your security strategy. Progent's risk evaluation consultants can assess the effectiveness of your current firewall deployment and help determine the overall security of your whole IT environment. Progentís Help Desk Call Center can deliver emergency remote technical support for Cisco technology and can give you quick access to a Cisco CCIE network engineer.

To see more information about Progent's engineering expertise for Cisco networking products, pick a topic:

If you wish to contact Progent about professional expertise for Cisco technology, phone 1-800-993-9400 or refer to Contact Progent.

© 2002- 2017 Progent Corporation. All rights reserved.