Cisco's PIX family firewalls and ASA 5500 Series adaptive security appliances integrate comprehensive firewall, intrusion protection, and Virtual Private Network (VPN) technologies in an economical, one-cabinet format. Both product lines have been replaced by Cisco's ASA 5500-X family of firewalls with Firepower. (Refer to integration and debugging support for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and previous-generation Cisco ASA 5500 model adaptive security appliances are widely deployed and continue to deliver small and mid-size organizations a reliable firewall environment.

PIX and legacy ASA 5500 firewalls deliver powerful client and application policy enforcement, mutlivector assault defense, and safe connectivity services. The increased knowledge sharing of consolidated security features in a stand-alone package offers customers deploying these aggregated solutions the benefits of enhanced protection, lower TCO, and smaller maintenance costs.

PIX security appliances and the ASA 5500 family combine with IOS Firewall, the FWSM for Catalyst 6500 family switches, and Cisco 7600 routers as parts of Cisco's versatile, self-contained firewall line. Engineered with an expandable, building-block approach, each device is equipped with a specific array of options to deliver better security to a variety of network environments. These products can be independently deployed to protect certain facets of the network infrastructure, or can be combined for a systematic, protection-in-depth approach following the design best practices described in Cisco's SAFE framework. Completing the integrated firewall product line, Cisco provides a comprehensive security management offering, ranging from Cisco security device and Cisco IOS security features and embedded appliance managers, to self-contained management utilities, moving to make sure that customers can productively use their Cisco security solution purchases.

Cisco PIX Security Appliance Series
PIX Security Appliance Series offer reliable user and application policy support, multi-source attack defense, and secure networking services in economical, out-of-the-box modules. These specialized appliances provide a wealth of integrated security and networking capabilities including application-aware firewall services, Voice over IP and multimedia protection, robust multi-location and remote-connectivity IP Security Virtual Private Network connectivity, high availability, smart networking features, and versatile administration options. The Cisco PIX firewall Appliance family spans compact plug-and-play devices for small offices or home offices to modular high-bandwidth products with investment protection for enterprise and service-provider environments, Cisco PIX Security Appliance Series provide high levels of security, speed, and availability for network environments of any size.

PIX Security Consulting Firm

Based around a hardened, purpose-built software platform that offers a wealth of protection features, PIX security appliances provide a high level of security and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security certification. PIX firewall appliances provide security for a broad range of Voice over IP and additional mixed-media conventions including H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), enabling organizations to protect installations of a wide array of current and upcoming IP voice and multimedia applications.

PIX firewall appliances feature a wealth of setup, tracking, and troubleshooting features, providing businesses the flexibility to use the techniques that best meet their requirements. Management solutions include common, policy-based administration tools, integrated web-accessible management, and support for remote-monitoring protocols like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system offers a powerful web-based management platform that greatly simplifies the deployment, in-place modification, and tracking of a specific Cisco PIX firewall without requiring any additional software beyond an ordinary web browser and Java applet to be installed on an administrator's computer.

IT managers can furthermore remotely set up, track, and analyze Cisco PIX firewalls using a command-line interface. Secure CLI interface access is available through a number of methods including SSHv2 Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. PIX security appliances also include dependable auto-update capabilities, a collection of secure remote-administration options that ensure firewall configurations and software images are always up to date.

Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are purpose-built solutions that bring together advanced, industry-leading protection and Virtual Private Network services plus a flexible design. The end product is a powerful, versatile network protection solution better able to protect small and midsize company and enterprise networks and, simultaneously, lower the overall installation and maintenance expenses formerly required for this high level of security.

>Cisco ASA Firewalls Help
Cisco ASA Firewalls leverage technology behind the PIX 500 family firewall, the IPS 4200 Series sensor, and the Cisco VPN 3000 Series concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) Firewall product line to deliver a firewall that defends against a broad range of attacks. Cisco ASA Firewalls deliver application security, local containment and control, and clean VPN connectivity throughout Cisco's product portfolio. This breadth of security enables defense of any network area, which includes the most typical attack conduits like remote sites, LAN-connected internal users, and remote connected Virtual Private Networks.

Cisco ASA 5500 Series firewalls deliver a high-level of application protection via intelligent, application-sensitive inspection engines that analyze traffic at Layers 4-7. This results in a more secure environment covering web, voice, and mobile wireless services. To defend networks from application-layer assaults and to give businesses greater policing of the applications and protocols utilized in their environments, these inspection engines incorporate broad application and protocol knowledge and employ protection enforcement technologies such as protocol anomaly detection and application and protocol state monitoring. Also included are assault sensing and remediation technology such as application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide management of IM and tunneling applications, enabling organizations to enforce usage policies and preserve bandwidth for vital business applications.

At the same time as increasing network security, Cisco ASA firewalls also lower deployment and support expenses. By offering extensive Virtual Private Network and security services, the Cisco ASA firewall can be a the only platform for many environments, enabling product commonality. The Cisco Adaptive Security Appliances firewall can be used as a converged threat-protection appliance at the datacenter by taking advantage of its connectivity control, process inspection, and worm, virus, and other malware mitigation capabilities. The Cisco Adaptive Security Appliances firewall can also be deployed as a specialized remote connectivity device using its VPN capabilities. Alternatively, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall operates capably in the network interior for inter-office access control and to guard against malware internal workers might inadvertently introduce into the network. In small company and satellite office environments, the Cisco ASA 5500 Series firewall acts as a total solution device providing comprehensive threat defense and VPN services while suiting the cost structure and performance demands of such deployments.

This adaptive single-device, multiple-use approach reduces the number of appliances that need to be deployed and maintained while offering a common functional and administrative environment throughout all installations. This architecture simplifies the training of configuration, tracking, troubleshooting, and security personnel. To further reduce maintenance expenses, Cisco ASA firewalls are also exceptionally network conscious, enabling these devices to integrate seamlessly into the environment without disrupting legitimate traffic and applications.

How Progent Can Assist Your Business with Cisco Firewalls
Cisco ASA Series firewalls and PIX security appliances incorporate a wealth of configuration, tracking, and analysis features that give you the flexibility to configure these security appliances to match your business requirements. Progent's CCIE certified network experts can show you how to support your existing infrastructure that incorporates Cisco ASA or PIX security appliances and that offers protection, fault tolerance, throughput, and recoverability. Progent's firewall experts can also help you to upgrade to ASA 5500-X firewalls with Firepower Services.

Progent's CISA and CISM-certified information security experts can help you to develop a security policy that makes sense for your environment and can configure your security appliance to enforce your security strategy. Progent's risk assessment experts can evaluate the effectiveness of your current firewall deployment and help determine the overall security of your whole information system environment. Progentís Technical Response Center can deliver emergency remote troubleshooting for Cisco technology and can give you quick access to a Cisco expert.

To learn more details concerning Progent's consulting help for Cisco technology, select a subject:

If you wish to ask Progent about consulting help for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.

© 2002- 2018 Progent Corporation. All rights reserved.