Cisco's PIX family security appliances and Cisco ASA 5500 Series adaptive security appliances integrate comprehensive firewall, intrusion protection, and Virtual Private Network functionality in an economical, one-cabinet package. Both of these product lines have been superseded by the ASA 5500-X line of security appliances with Firepower. (Refer to configuration and troubleshooting support for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and previous-generation ASA 5500 model firewalls are widely used and continue to deliver small and mid-size companies a viable security solution.

Cisco PIC and the original ASA 5500 firewalls offer powerful user and program policy enforcement, mutlivector assault defense, and safe access services. The enhanced intelligence sharing of consolidated protection services in a single platform offers customers implementing these aggregated firewalls the benefits of enhanced security, reduced cost of ownership, and minimal maintenance expense.

PIX firewalls and the ASA 5500 family combine with IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 family switches, and 7600 family routers as components of Cisco's flexible, self-contained firewall solutions. Based on an expandable, modular approach, every offering is designed with a particular array of options to provide better protection to a variety of network situations. These solutions can be independently deployed to protect specific facets of the network environment, or can be combined for a systematic, protection-in-depth approach based on the design leading practices outlined in the Cisco SAFE Blueprint. Rounding out the modular firewall product line, Cisco has developed a complete security management portfolio, ranging from Cisco security appliance and Cisco IOS security features and built-in appliance managers, to standalone management utilities, moving to make sure that customers can productively manage their Cisco security solution investments.

Cisco PIX Firewall Appliances
PIX firewall appliances offer reliable policy support, multi-source attack defense, and secure networking services in affordable, easy-to-deploy modules. These specialized devices offer a wealth of built-in protection and connectivity capabilities such as process-aware firewall services, VoIP and multimedia protection, reliable multi-site and remote-connectivity IPcec Virtual Private Network (VPN) connectivity, high availability, intelligent networking services, and flexible administration options. The PIX firewall family ranges from compact plug-and-go desktop units for small and home offices to stackable high-bandwidth products with ROI for large business and service-provider environments, Cisco PIX firewalls provide dependable security, performance, and reliability for network environments of any size.

PIX Security Support

Based upon a hardened, specialized operating system that delivers a wealth of protection services, PIX firewalls offer a high level of security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security (IPsec) certification. Cisco PIX firewall appliances provide security for a broad array of VoIP and other mixed-media conventions including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping businesses to protect deployments of a wide range of contemporary and upcoming Voice over IP and video applications.

Cisco PIX security appliances feature a wealth of setup, tracking, and troubleshooting features, giving IT managers the versatility to utilize the methods that best match their requirements. Management options include common, policy-based management utilities, integrated web-based management, and compatibility with remote-monitoring standards such as SNMP and syslog. The integrated ASDM system provides a powerful web-based control platform that significantly streamlines the deployment, in-place modification, and monitoring of a specific Cisco PIX firewall without requiring any extra utility other than a standard browser and Java applet to be running on an administrator's PC.

IT managers can also remotely configure, track, and analyze Cisco PIX security appliances via a command-line interface. Secure CLI interface access is possible through several methods such as SSHv2 Protocol, Telnet over IPsec, and out-of-band via a console port. PIX firewalls also have dependable auto-update features, a collection of secure remote-administration services that make sure that security configurations and software images are always current.

Cisco Adaptive Security Appliances Firewalls
Cisco Adaptive Security Appliances Firewalls are specially engineered solutions that bring together market-proven, best-of-breed security and Virtual Private Network support with a flexible design. The end product is a robust, multifunction network protection appliance better able to protect small and medium company and larger networks and, simultaneously, lower the overall installation and operations expenses previously associated with this enhanced level of security.

>Cisco ASA 5500 Series Firewalls Consulting
Cisco Adaptive Security Appliances (ASA) Firewalls build on engineering developed for Cisco's PIX 500 firewall, the Cisco IPS 4200 Series Intrusion Prevention System, and the VPN 3000 family concentrator. These technologies converge on the Cisco Adaptive Security Appliances Firewall family to deliver a platform that stops a broad range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver program security, network containment and control, and safe Virtual Private Network functionality across the entire product portfolio. This broad scope of security enables defense of any network section, including the most common threat vectors such as remote locations, LAN-connected internal users, and remote access Virtual Private Networks.

Cisco Adaptive Security Appliances (ASA) firewalls provide robust application security through intelligent, application-aware inspection engines that analyze network flows at Layers 4-7. This results in a safer environment covering web, voice, and mobile wireless access. To protect networks against application-layer attacks and to offer businesses greater control over the programs and protocols utilized in their environments, Cisco's inspection engines integrate broad application and protocol knowledge and employ protection enforcement technologies that include anomaly detection and state tracking. Also incorporated are assault detection and remediation techniques such as application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, allowing organizations to police usage policies and conserve bandwidth for vital business applications.

At the same time as improving security, Cisco Adaptive Security Appliances 5500 Series firewalls also decrease installation and operational costs. By offering extensive Virtual Private Network and security functions, the Cisco Adaptive Security Appliances (ASA) firewall can be used as the the only platform for many uses, enabling platform standardization. The Cisco Adaptive Security Appliances firewall can be used as a consolidated attack-protection device at the datacenter by leveraging its access control, application inspection, and worm, virus, and other malware remediation capabilities. The Cisco Adaptive Security Appliances (ASA) firewall can also be used as a dedicated remote access solution using its Virtual Private Network features. Alternatively, the Cisco ASA 5500 Series firewall serves capably in the network interior for interdepartmental access control and to guard against malicious assaults inside users may unwittingly release into the network. For small company and satellite office environments, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves as an all-in-one device providing comprehensive intrusion prevention and Virtual Private Network services while fitting within the budgets and operational demands of such situations.

This adaptive single-platform, many-solution design minimizes the total number of appliances that must be installed and managed while providing a standard operating and administrative environment throughout all those deployments. This architecture streamlines the education of setup, monitoring, support, and protection staff. To further reduce maintenance expenses, Cisco ASA firewalls are also exceptionally network aware, enabling these devices to integrate gracefully into the network without interfering with legitimate data flow and applications.

How Progent's Cisco Certified Experts Can Help You with Cisco PIX and ASA Security Appliances
Cisco's ASA Series firewalls and PIX family security appliances provide a wealth of setup, tracking, and troubleshooting options that offer you the flexibility to deploy these firewalls to align optimally with your business needs. Progent's CCIE authorized network professionals can help you to support your existing network infrastructure that incorporates Cisco ASA and/or PIX firewalls and that offers protection, fault tolerance, performance, and recoverability. Progent can also assist your organization to migrate to ASA 5500-X firewalls with Firepower Services.

Progent's CISA and CISM-qualified information security consultants can assist your business to create a security strategy that makes sense for your business and can configure your PIX or ASA firewall to enforce your security policies. Progent's security evaluation experts can evaluate the effectiveness of your existing firewall deployment and audit the security of your whole IT environment. Progentís Technical Response Center can deliver emergency remote technical support for Cisco products and offer fast access to a Cisco CCIE network engineer.

To learn additional details concerning Progent's professional help for Cisco solutions, choose a topic:

To get in touch with Progent about technical expertise for Cisco networking, phone 1-800-993-9400 or refer to Contact Progent.

© 2002- 2017 Progent Corporation. All rights reserved.