Cisco's PIX security appliances and ASA Series firewalls integrate comprehensive firewall, intrusion defense, and VPN features in a cost-effective, single-cabinet package. Both of these product lines have been replaced by Cisco's ASA 5500-X family of security appliances with Firepower Services. (See configuration and troubleshooting expertise for ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation Cisco ASA 5500 Series adaptive security appliances are extensively used and continue to offer small and mid-size organizations a viable firewall environment.

PIX and the original ASA 5500 firewalls deliver powerful client and program policy enforcement, mutlivector attack defense, and secure access features. The increased intelligence sharing of consolidated security services in a single package offers users implementing these aggregated firewalls the benefits of enhanced protection, lower TCO, and minimal maintenance costs.

PIX firewalls and the ASA 5500 product line join Cisco IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 switches, and 7600 family routers as components of Cisco's flexible, integrated firewall solutions. Based on a scalable, modular platform, each device is equipped with a particular array of options to provide better protection to a variety of networking environments. These solutions can be individually installed to secure certain facets of a connectivity infrastructure, or can be combined for a layered, protection-in-depth strategy following the design best practices outlined in the Cisco SAFE Blueprint. Completing the modular firewall solutions, Cisco provides a comprehensive security management catalog, ranging from Cisco security device and Cisco IOS security components and embedded device managers, to self-contained management applications, helping to ensure that businesses can effectively use their Cisco security solution investments.

Cisco PIX Firewall Appliances
Cisco PIX Security Appliance Series deliver robust user and application policy support, multi-source attack protection, and secure networking features in affordable, out-of-the-box modules. These purpose-built appliances offer a broad range of built-in protection and connectivity services such as process-aware firewall features, VoIP and multimedia security, robust multi-location and remote-connectivity IPcec Virtual Private Network networking, excellent resiliency, smart networking services, and flexible administration solutions. The PIX firewall Appliance family ranges from compact plug-and-play appliances for small offices or at home offices to modular gigabit appliances with ROI for large business and service-provider environments, PIX Security Appliance Series provide dependable protection, performance, and reliability for environments of all sizes.

PIX Firewalls Support

Based around a hardened, purpose-built operating system that delivers a wealth of security services, Cisco PIX security appliances offer excellent protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security qualification. Cisco PIX firewall appliances offer protection for a wide array of Voice over IP and other multimedia conventions including H.323 Version 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping organizations to protect deployments of a broad array of current and upcoming IP voice and mixed-media applications.

Cisco PIX firewall appliances offer a variety of configuration, monitoring, and analysis features, providing businesses the versatility to use the techniques that best meet their requirements. Administrative solutions include common, policy-based management tools, integrated web-accessible management, and support for remote-tracking standards like Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface offers a powerful web-accessible control platform that significantly simplifies the deployment, ongoing configuration, and tracking of a single PIX security appliance without requiring any additional software beyond an ordinary browser and Java plug-in to be installed on an administrator's computer.

IT managers can also remotely configure, monitor, and analyze Cisco PIX firewalls using a CLI interface. Secure CLI interface access is available through a number of methods such as Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. PIX firewalls also include dependable auto-update capabilities, a set of secure remote-administration services that make sure that security settings and software images are always up to date.

Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco ASA Firewalls are purpose-built devices that bring together market-proven, industry-leading protection and VPN support with an adaptive architecture. The result is a powerful, versatile network protection appliance better able to defend small and midsize company and enterprise networks and, simultaneously, reduce the overall installation and operations expenses formerly required for this high level of protection.

>Cisco Adaptive Security Appliances Firewalls Consultants
Cisco Adaptive Security Appliances Firewalls leverage technology developed for the PIX 500 family Security Appliance, the Cisco IPS 4200 Series sensor, and Cisco's VPN 3000 model concentrator. These technologies converge on the Cisco Adaptive Security Appliances 5500 Series Firewall family to offer a platform that defends against a wide range of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver application protection, network containment, and clean Virtual Private Network functionality across Cisco's product line. This broad scope of protection allows the guarding of any network section, which includes the most common threat vectors such as remote sites, LAN-attached inside users, and off-site access VPNs.

Cisco ASA 5500 Series firewalls provide strong application protection via intelligent, application-aware inspection processes that examine traffic at Layers 4-7. This results in a more secure environment covering web, voice, and mobile wireless services. To defend environments from application-layer assaults and to offer businesses greater policing of the applications and protocols used in their environments, Cisco's inspection engines integrate broad application and protocol knowledgebases and employ security enforcement technologies that include anomaly detection and application and protocol state monitoring. Also included are assault detection and remediation techniques such as application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide control over instant messaging and tunneling applications, enabling organizations to enforce usage policies and recover network bandwidth for crucial business processes.

At the same time as improving security, Cisco Adaptive Security Appliances 5500 Series firewalls also lower deployment and operational expenses. By offering broad VPN and security services, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as the the only platform for a multitude of environments, enabling product commonality. The Cisco ASA 5500 Series firewall can be used as a converged attack-protection device at the datacenter by leveraging its connectivity control, application inspection, and worm, virus, and other malware mitigation capabilities. The Cisco Adaptive Security Appliances firewall can also be deployed as a dedicated remote connectivity solution utilizing its Virtual Private Network features. As another option, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves capably inside the network for inter-office connectivity control and to guard against malicious assaults inside users might inadvertently introduce into the network. In small business and branch office networks, the Cisco ASA firewall serves as a total solution device offering comprehensive intrusion defense and Virtual Private Network functionality while fitting within the cost structure and operational demands of such deployments.

This adaptive single-device, many-use design minimizes the total number of devices that need to be deployed and managed while providing a common functional and management environment throughout all those deployments. This approach simplifies the education of configuration, tracking, support, and protection staff. To further minimize maintenance costs, Cisco Adaptive Security Appliances 5500 Series firewalls are also highly network aware, enabling them to insert seamlessly into the environment without disrupting authorized data flow and processes.

How Progent's Consultants Can Help Your Business with Cisco PIX and ASA Firewalls
Cisco ASA Series firewalls and PIX family security appliances incorporate an array of configuration, tracking, and troubleshooting features which offer you the ability to set up these firewalls to match your company's requirements. Progent's CCIE certified network professionals can help you to support your current infrastructure that incorporates Cisco ASA and/or PIX firewall technology and that offers protection, fault tolerance, performance, and manageability. Progent can also assist you to migrate to ASA 5500-X firewalls with Firepower Services.

Progent's CISA and CISM-certified information security consultants can help you to create a security strategy appropriate for your business and can set up your firewall to support your security strategy. Progent's risk evaluation consultants can evaluate the strength of your existing firewall solution and audit the overall security of your entire IT environment. Progentís Technical Response Center (TRC) can provide emergency remote troubleshooting for Cisco products and can give you fast access to a Cisco CCIE network engineer.

For additional details about Progent's consulting assistance for Cisco technology, choose a topic:

To ask Progent about consulting expertise for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.

© 2002- 2017 Progent Corporation. All rights reserved.