Cisco PIX family firewalls and Cisco ASA Series firewalls combine comprehensive firewall, intrusion protection, and Virtual Private Network functionality in an affordable, one-cabinet format. Both of these product families have been replaced by the ASA 5500-X series of firewalls with Firepower. (See integration and debugging support for ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation Cisco ASA 5500 model firewalls are widely deployed and continue to offer small and mid-size companies a viable firewall environment.

PIX and the original ASA 5500 firewalls deliver powerful user and program policy enforcement, mutlivector attack protection, and secure access services. The enhanced intelligence sharing of consolidated protection services in a single package provides users implementing these integrated firewalls the benefits of enhanced security, lower TCO, and smaller management expense.

PIX firewalls and the ASA 5500 Series join IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 switches, and 7600 Series routers as components of Cisco's versatile, self-contained firewall product. Based on a scalable, building-block approach, each offering is equipped with a specific feature set to provide more efficient protection to different network situations. These solutions can be individually installed to protect specific areas of a connectivity infrastructure, or can be combined for a layered, defense-in-depth strategy based on the design best practices outlined in Cisco's SAFE framework. Rounding out the modular firewall solutions, Cisco provides a complete security management catalog, ranging from Cisco security appliance and Cisco IOS security features and embedded device managers, to standalone management programs, helping to make sure that businesses can productively use their Cisco protection solution purchases.

PIX Firewall Appliances
PIX firewall appliances deliver robust policy support, multivector invasion defense, and safe networking features in cost-effective, simple-to-configure solutions. These purpose-built appliances provide a broad range of integrated security and connectivity capabilities such as process-aware firewall features, VoIP and multimedia security, reliable multi-site and remote-access IP Security Virtual Private Network (VPN) networking, fault tolerance, intelligent networking services, and flexible administration options. The PIX Security Appliance Series family ranges from compact plug-and-play desktop units for small and at home offices to modular high-bandwidth products with ROI for enterprise and ISP customers, Cisco PIX firewalls provide high levels of security, speed, and availability for environments of all sizes.

PIX Security Support

Based around a tested, purpose-built software platform that offers rich security services, Cisco PIX firewall appliances offer a high level of security and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IPsec qualification. Cisco PIX firewall appliances provide protection for a broad array of Voice over IP and additional mixed-media conventions including H.323 v. 4, SIP, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), enabling businesses to protect installations of a broad range of current and upcoming VoIP and mixed-media applications.

PIX firewall appliances feature a wealth of configuration, monitoring, and analysis options, giving IT managers the versatility to use the techniques that best match their requirements. Administrative solutions include common, policy-based management tools, integrated web-based management, and support for remote-tracking standards like Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface provides a world-class web-based control platform that significantly streamlines the deployment, in-place configuration, and tracking of a specific PIX security appliance without the need of any additional software beyond a standard browser and Java plug-in to be running on an administrator's PC.

IT managers can also remotely configure, monitor, and analyze Cisco PIX firewalls using a CLI interface. Safe command-line interface access is possible through several methods including SSHv2 Protocol, Telnet over IP Security, and out-of-band via a console port. Cisco PIX firewall appliances also have dependable auto-update features, a set of secure remote-administration services that ensure security settings and software images are always current.

Cisco ASA Firewalls
Cisco ASA 5500 Series Firewalls are purpose-built solutions that bring together advanced, best-of-breed protection and VPN services with a flexible design. The end product is a powerful, multifunction network protection appliance better suited to defend small and medium business (SMB) and larger networks and, at the same time, reduce the total deployment and operations costs previously required for this enhanced degree of protection.

>Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls Consulting Firm
Cisco ASA 5500 Series Firewalls build on engineering behind the PIX 500 family Security Appliance, Cisco's IPS 4200 family sensor, and Cisco's VPN 3000 Series concentrator. These solutions enable the Cisco ASA 5500 Series Firewall product line to deliver a firewall that stops a broad range of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver application security, network containment, and clean Virtual Private Network connectivity throughout Cisco's product line. This broad scope of protection enables defense of any network segment, including the most common attack conduits like remote locations, LAN-connected inside users, and remote access VPNs.

Cisco ASA 5500 Series firewalls provide robust application protection through smart, application-aware inspection engines that examine network flows at Layers 4-7. The result is a more secure environment covering web, voice, and mobile wireless access. To protect environments from application-layer attacks and to offer organizations greater policing of the applications and protocols utilized in their environments, these inspection engines integrate broad application and protocol knowledgebases and rely on protection enforcement technologies that include protocol anomaly sensing and application and protocol state tracking. Also included are assault sensing and mitigation technology such as application and protocol command filters and content verification. Cisco Adaptive Security Appliances firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, allowing businesses to police usage policies and preserve bandwidth for important business processes.

While improving network protection, Cisco Adaptive Security Appliances firewalls also decrease installation and operational costs. By offering broad VPN and security services, the Cisco ASA firewall can be used as the the only platform for many environments, allowing product standardization. The Cisco Adaptive Security Appliances (ASA) firewall can be deployed as a converged attack-protection device at the datacenter by taking advantage of its connectivity control, application inspection, and malicious assault mitigation capabilities. The Cisco Adaptive Security Appliances firewall can also be used as a dedicated remote access device utilizing its VPN features. Alternatively, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall performs capably inside the network for interdepartmental connectivity control and to defend against worms, viruses, and other malicious code inside users might unknowingly release into the network. For small business and satellite office networks, the Cisco Adaptive Security Appliances 5500 Series firewall acts as a total solution device offering complete threat prevention and Virtual Private Network services while fitting within the cost structure and operational models of such situations.

This versatile single-platform, multiple-solution approach minimizes the number of devices that need to be deployed and maintained while offering a common functional and administrative system throughout all those deployments. This architecture streamlines the training of setup, monitoring, support, and security staff. To further reduce operations costs, Cisco ASA firewalls are also exceptionally network conscious, allowing them to insert gracefully into the environment without disrupting legitimate traffic and applications.

How Progent's Consultants Can Assist Your Business with Cisco PIX and ASA Firewalls
Cisco's ASA Series firewalls and PIX firewalls incorporate an array of setup, monitoring, and analysis features that offer you the flexibility to set up these security appliances to match your business needs. Progent's CCIE authorized network professionals can show you how to maintain your existing network infrastructure that incorporates Cisco ASA or PIX firewalls and that provides protection, fault tolerance, performance, and recoverability. Progent's firewall experts can also help your organization to migrate to ASA 5500-X firewalls with Firepower Services.

Progent's CISA and CISSP-ISSP-qualified IS security engineers can help you to create a security policy appropriate for your environment and can configure your firewall to support your security policies. Progent's security evaluation professionals can assess the effectiveness of your existing firewall solution and validate the security of your entire IT environment. Progentís Help Desk Call Center can deliver urgent remote technical support for Cisco technology and offer fast access to a Cisco network engineer.

To learn additional information concerning Progent's professional support for Cisco products, choose a topic:

In order to contact Progent about consulting help for Cisco networking, call 1-800-993-9400 or see Contact Progent.

© 2002- 2018 Progent Corporation. All rights reserved.