Cisco PIX firewalls and ASA 5500 Series adaptive security appliances integrate next-generation firewall, intrusion protection, and VPN features in a cost-effective, single-box format. Both of these product lines have been superseded by the ASA 5500-X family of security appliances with Firepower Services. (Refer to configuration and debugging expertise for ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation ASA 5500 Series firewalls are widely deployed and continue to provide small and mid-size companies a reliable firewall environment.

Cisco PIC and legacy ASA 5500 firewalls deliver powerful user and application policy enforcement, mutlivector assault defense, and secure access services. The enhanced knowledge sharing of integrated protection features in a stand-alone platform offers users implementing these aggregated firewalls the advantages of advanced security, lower TCO, and smaller management expense.

PIX security appliances and the ASA 5500 family join Cisco IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 Series switches, and Cisco 7600 Series routers as components of Cisco's flexible, integrated firewall line. Based on an expandable, building-block approach, each offering is equipped with a particular feature set to deliver more efficient protection to different network environments. These solutions can be independently installed to secure specific areas of the connectivity infrastructure, or can be combined for a layered, protection-in-depth strategy following the architecture leading practices outlined in Cisco's SAFE framework. Rounding out the modular firewall product line, Cisco provides a comprehensive security management offering, ranging from Cisco security device and IOS Software security components and built-in device managers, to self-contained management applications, moving to ensure that businesses can productively manage their Cisco security infrastructure purchases.

PIX Firewalls
Cisco PIX Security Appliance Series deliver reliable user and application policy enforcement, multivector invasion defense, and secure connectivity features in economical, out-of-the-box modules. These specialized appliances offer a broad range of built-in security and connectivity capabilities including process-aware firewall features, Voice over IP (VoIP) and multimedia security, reliable multi-site and remote-access IP Security (IPsec) Virtual Private Network (VPN) networking, high availability, intelligent networking features, and flexible management options. The PIX Security Appliance Series product line ranges from compact plug-and-go desktop units for small offices and home offices to stackable gigabit products with ROI for enterprise and service-provider environments, PIX firewalls provide dependable protection, performance, and availability for networks of all sizes.

PIX Security Support

Based around a hardened, purpose-built operating system that delivers rich security services, PIX firewall appliances offer excellent protection and have received EAL 4 status and ICSA Firewall and IP Security certification. Cisco PIX firewall appliances provide protection for a broad array of Voice over IP and additional multimedia standards such as H.323 Version 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping businesses to protect deployments of a wide array of current and upcoming Voice over IP and video applications.

PIX firewall appliances offer a wealth of configuration, monitoring, and troubleshooting options, giving IT managers the flexibility to utilize the techniques that most closely meet their needs. Management options include centralized, policy-based management utilities, integrated web-based management, and support for remote-monitoring protocols such as SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a world-class web-based management platform that significantly streamlines the deployment, ongoing modification, and monitoring of a single Cisco PIX firewall appliance without the need of any additional software beyond a standard web browser and Java plug-in to be running on an administrator's computer.

Administrators can also remotely set up, track, and troubleshoot Cisco PIX firewall appliances using a CLI interface. Safe CLI interface communication is available through a number of methods including Secure Shell (SSHv2) Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. Cisco PIX security appliances also have dependable automatic-update capabilities, a set advanced secure remote-management options that make sure that firewall configurations and software images are always up to date.

Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are specially engineered devices that bring together market-proven, industry-leading protection and Virtual Private Network support with an adaptive architecture. The end product is a robust, multifunction network security appliance better suited to protect small and medium business and larger networks and, simultaneously, lower the overall installation and maintenance expenses formerly required for this enhanced degree of protection.

Cisco Adaptive Security Appliances (ASA) Firewalls Consultants
Cisco Adaptive Security Appliances Firewalls leverage engineering behind the PIX 500 Series Security Appliance, the Cisco IPS 4200 Series Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These technologies converge on the Cisco ASA Firewall family to offer a firewall that stops a wide range of attacks. Cisco Adaptive Security Appliances Firewalls deliver program protection, local containment, and clean VPN connectivity throughout Cisco's product portfolio. This breadth of security enables the guarding of any network section, which includes the most typical threat conduits such as remote locations, LAN-connected internal users, and off-site access VPNs.

Cisco ASA 5500 Series firewalls deliver strong application protection via intelligent, application-sensitive inspection engines that analyze traffic at Layers 4-7. This produces a safer network including web, voice, and mobile wireless access. To defend networks against application-layer attacks and to offer businesses greater policing of the programs and protocols utilized in their networks, Cisco's inspection engines integrate extensive application and protocol knowledge and employ security enforcement technologies that include anomaly detection and state monitoring. Also included are assault sensing and remediation technology including application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also provide control over IM and tunneling applications, allowing businesses to police usage policies and recover network bandwidth for vital business processes.

At the same time as improving network protection, Cisco Adaptive Security Appliances firewalls also decrease deployment and support costs. By offering extensive Virtual Private Network and protection services, the Cisco Adaptive Security Appliances 5500 Series firewall can be used as the the only platform for a multitude of uses, enabling product commonality. The Cisco ASA firewall can be deployed as a consolidated threat-protection appliance at the datacenter by taking advantage of its access control, process inspection, and malware remediation technologies. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can also be used as a dedicated remote connectivity solution utilizing its VPN capabilities. As an alternative, the Cisco ASA 5500 Series firewall performs equally well in the network interior for interdepartmental connectivity management and to guard against worms, viruses, and other malicious code inside workers may unwittingly release into the network. For small company and branch office environments, the Cisco ASA firewall acts as an all-in-one device offering comprehensive intrusion defense and Virtual Private Network functionality while fitting within the budgets and performance models of such deployments.

This adaptive single-device, many-solution design reduces the total number of appliances that must be deployed and managed while offering a common operating and management system across all those installations. This approach simplifies the education of setup, tracking, troubleshooting, and security personnel. To further minimize operations expenses, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also exceptionally network aware, allowing these devices to integrate seamlessly into the network without interfering with legitimate traffic and processes.

How Progent Can Assist You with Cisco Firewalls
Cisco ASA 5500 Series firewalls and PIX family firewalls incorporate a wealth of configuration, tracking, and analysis features that give you the flexibility to deploy these firewalls to align optimally with your company's requirements. Progent's CCIE certified network professionals can assist you to support your current network infrastructure that includes Cisco ASA and/or PIX firewall technology and that provides security, resilience, performance, and manageability. Progent can also help you to upgrade to ASA 5500-X firewalls with Firepower Services.

Progent's CISA and CISM-certified IS security professionals can assist your business to create a security policy that makes sense for your situation and can set up your firewall to support your security policies. Progent's risk assessment engineers can evaluate the strength of your current firewall solution and help determine the security of your whole IT network. Progentís Technical Response Center (TRC) can provide urgent online troubleshooting for Cisco technology and can give you fast access to a Cisco CCIE expert.

For more details about Progent's consulting help for Cisco products, pick a topic:

To contact Progent about technical assistance for Cisco networking, phone 1-800-993-9400 or go to Contact Progent.

© 2002- 2019 Progent Corporation. All rights reserved.