Cisco's PIX security appliances and Cisco ASA Series firewalls integrate next-generation firewall, intrusion protection, and VPN technologies in an affordable, one-cabinet package. Both product families have been replaced by the ASA 5500-X family of security appliances with Firepower. (See integration and debugging support for ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation ASA 5500 model adaptive security appliances are widely used and continue to provide small and mid-size organizations a reliable security solution.

Cisco PIC and legacy ASA 5500 firewalls offer robust user and application policy enforcement, mutlivector assault protection, and safe connectivity features. The increased knowledge sharing of consolidated protection services in a single platform provides customers implementing these aggregated solutions the advantages of enhanced protection, lower cost of ownership, and smaller maintenance costs.

PIX firewalls and the ASA 5500 Series combine with Cisco IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 Series switches, and 7600 Series routers as components of Cisco's flexible, integrated firewall line. Based on an expandable, modular approach, each device is designed with a particular feature set to provide better security to different networking environments. These products can be individually deployed to protect specific facets of a network environment, or can be combined for a layered, defense-in-depth strategy following the design leading practices described in the Cisco SAFE Blueprint. Rounding out the integrated firewall solutions, Cisco has developed a complete security management product portfolio, ranging from Cisco security appliance and IOS Software security features and built-in appliance managers, to standalone management programs, helping to ensure that businesses can effectively manage their Cisco security solution investments.

PIX Firewall Appliances
Cisco PIX Security Appliance Series deliver reliable user and application policy enforcement, multi-source invasion defense, and safe connectivity features in affordable, simple-to-configure modules. These purpose-built devices offer a broad range of built-in protection and connectivity services including application-aware firewall features, VoIP and multimedia protection, robust multi-site and remote-access IPcec Virtual Private Network networking, excellent resiliency, intelligent networking services, and versatile management solutions. The Cisco PIX firewall family spans small plug-and-play devices for small offices and at home offices to stackable high-bandwidth appliances with ROI for enterprise and service-provider environments, Cisco PIX firewall appliances deliver high levels of protection, speed, and availability for environments of all sizes.

Cisco PIX Security Consulting

Based upon a tested, specialized operating system that offers a wealth of security features, Cisco PIX firewalls provide a high level of protection and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. Cisco PIX security appliances provide security for a wide range of Voice over IP and additional multimedia conventions including H.323 v. 4, SIP, SCCP, RTSP, and Media Gateway Control Protocol, enabling businesses to safeguard deployments of a broad range of contemporary and next-generation Voice over IP and video applications.

PIX firewall appliances feature a wealth of configuration, monitoring, and analysis options, providing IT managers the versatility to utilize the methods that most closely match their needs. Administrative options include centralized, policy-based management tools, integrated web-accessible management, and support for remote-monitoring protocols such as Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager interface offers a powerful web-accessible control platform that greatly streamlines the deployment, in-place configuration, and monitoring of a specific PIX security appliance without the need of any extra software beyond a standard web browser and Java applet to be installed on a manager's PC.

IT managers can also remotely set up, track, and analyze PIX firewall appliances via a command-line interface. Secure command-line interface communication is possible using a number of techniques including Secure Shell Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewalls also have robust automatic-update features, a set of secure remote-management options that ensure firewall settings and software images are kept up to date.

Cisco Adaptive Security Appliances Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are purpose-built devices that bring together advanced, industry-leading protection and Virtual Private Network services plus an adaptive architecture. The end product is a powerful, multifunction network protection appliance better able to protect small and midsize business (SMB) and enterprise networks and, at the same time, lower the total deployment and operations costs previously required for this enhanced degree of security.

Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls Help
Cisco Adaptive Security Appliances 5500 Series Firewalls build on engineering behind the Cisco PIX 500 Series Security Appliance, the IPS 4200 Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These technologies enable the Cisco ASA 5500 Series Firewall family to deliver a firewall that defends against a wide range of threats. Cisco Adaptive Security Appliances Firewalls provide application security, network containment, and safe Virtual Private Network connectivity throughout the entire product line. This broad scope of protection enables defense of any network section, including the most typical attack vectors like remote sites, locally-connected inside users, and off-site access VPNs.

Cisco ASA firewalls deliver robust application security via smart, application-aware inspection engines that examine network flows at Layers 4-7. This results in a better protected environment including web, voice, and mobile wireless connectivity. To defend networks against application-layer assaults and to offer businesses greater control over the applications and protocols utilized in their networks, these inspection engines incorporate extensive application and protocol knowledge and rely on protection enforcement solutions such as protocol anomaly detection and state monitoring. Also incorporated are attack sensing and remediation technology such as application and protocol command filters and content verification. Cisco ASA 5500 Series firewall inspection engines also provide management of instant messaging and tunneling applications, allowing organizations to police usage policies and recover bandwidth for important business applications.

At the same time as increasing network security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower installation and support costs. By providing extensive VPN and security services, the Cisco ASA firewall can be a the only platform for a multitude of uses, allowing product standardization. The Cisco Adaptive Security Appliances (ASA) firewall can be used as a converged attack-protection device at the datacenter by taking advantage of its connectivity control, application inspection, and worm, virus, and other malware remediation capabilities. The Cisco ASA firewall can also be deployed as a dedicated remote access device utilizing its VPN features. As an alternative, the Cisco ASA 5500 Series firewall performs capably in the network interior for inter-office connectivity control and to defend against worms, viruses, and other malicious code internal workers may unknowingly release into the environment. For small company and branch office networks, the Cisco Adaptive Security Appliances firewall serves as a total solution platform providing comprehensive threat defense and VPN services while suiting the budgets and operational demands of such deployments.

This versatile single-device, many-solution design minimizes the number of devices that must be installed and maintained while offering a standard operating and administrative environment throughout all installations. This architecture simplifies the education of configuration, monitoring, troubleshooting, and protection personnel. To further reduce operations expenses, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also highly network conscious, allowing these devices to integrate gracefully into the environment without interfering with authorized data flow and processes.

How Progent's Consultants Can Help You with Cisco Firewalls
Cisco ASA Series firewalls and PIX firewalls incorporate a wealth of setup, tracking, and analysis options which offer you the ability to set up these firewalls to align optimally with your business requirements. Progent's CCIE certified network professionals can show you how to maintain your current infrastructure that incorporates Cisco ASA and/or PIX firewalls and that offers protection, fault tolerance, performance, and recoverability. Progent can also help you to migrate to ASA 5500-X firewalls with Firepower Services.

Progent's GISA and CISSP-ISSP-certified IS security engineers can assist your business to develop a security policy appropriate for your environment and can configure your PIX or ASA firewall to enforce your security strategy. Progent's security evaluation experts can assess the effectiveness of your existing firewall deployment and audit the security of your whole IS network. Progentís Help Desk Call Center can deliver urgent remote technical support for Cisco products and offer fast access to a Cisco network engineer.

To learn additional details about Progent's professional assistance for Cisco technology, choose a subject:

In order to contact Progent about professional help for Cisco technology, phone 1-800-993-9400 or see Contact Progent.

© 2002- 2019 Progent Corporation. All rights reserved.