Cisco's PIX family security appliances and ASA Series firewalls combine comprehensive firewall, intrusion defense, and Virtual Private Network (VPN) functionality in a cost-effective, single-cabinet format. Both of these product families have been superseded by the ASA 5500-X line of firewalls with Firepower Services. (See integration and troubleshooting expertise for Cisco AA 5500-X firewalls with Firepower Services.) Still, both PIX and earlier-generation ASA 5500 Series adaptive security appliances are extensively deployed and continue to offer small and mid-size organizations a reliable security environment.

PIX and legacy ASA 5500 firewalls deliver powerful user and application policy support, mutlivector attack protection, and secure connectivity features. The enhanced knowledge sharing of integrated security services in a stand-alone platform offers users implementing these integrated firewalls the benefits of enhanced protection, reduced cost of ownership, and minimal management expense.

Cisco PIX security appliances and the ASA 5500 product line combine with Cisco IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 family switches, and 7600 routers as components of Cisco's flexible, integrated firewall solutions. Engineered with a scalable, modular platform, each device is designed with a specific array of options to deliver more efficient protection to different networking situations. These solutions can be individually installed to protect certain areas of the connectivity environment, or can be combined for a systematic, defense-in-depth approach following the design best practices outlined in Cisco's SAFE Blueprint. Rounding out the modular firewall product line, Cisco has developed a complete security management product portfolio, spanning Cisco security device and Cisco IOS security components and embedded appliance managers, to self-contained management utilities, helping to make sure that customers can productively use their Cisco protection solution purchases.

Cisco PIX Firewalls
PIX Security Appliance Series offer reliable policy support, multi-source attack defense, and safe connectivity services in economical, easy-to-deploy solutions. These purpose-built appliances provide a wealth of built-in protection and networking capabilities such as process-aware firewall services, VoIP and multimedia security, robust multi-location and remote-connectivity IP Security Virtual Private Network (VPN) networking, fault tolerance, intelligent networking features, and versatile administration options. The PIX Security Appliance Series product line spans compact plug-and-go devices for small offices or at home offices to modular high-bandwidth appliances with ROI for large business and ISP environments, Cisco PIX firewalls deliver high levels of protection, performance, and reliability for network environments of any size.

PIX Firewalls Help

Based around a hardened, specialized software platform that delivers a wealth of protection features, Cisco PIX firewalls offer a high level of security and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IPsec qualification. Cisco PIX security appliances offer protection for a broad range of Voice over IP and additional multimedia conventions such as H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol, helping businesses to safeguard deployments of a broad array of contemporary and next-generation VoIP and video applications.

PIX firewall appliances offer a variety of configuration, tracking, and analysis features, giving businesses the versatility to use the methods that most closely match their needs. Management solutions include centralized, policy-based management tools, integrated web-based management, and compatibility with remote-monitoring protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM system offers a world-class web-based management solution that significantly simplifies the deployment, in-place configuration, and monitoring of a specific PIX firewall without requiring any extra utility beyond an ordinary web browser and Java applet to be installed on a manager's PC.

IT managers can furthermore remotely configure, monitor, and troubleshoot Cisco PIX security appliances using a CLI interface. Safe CLI interface access is possible using a number of techniques such as SSHv2 Protocol, Telnet through IP Security, and out-of-band through a console port. Cisco PIX firewalls also include robust automatic-update capabilities, a collection advanced protected remote-management services that ensure security configurations and software images are kept up to date.

Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls are specially engineered devices that bring together advanced, industry-leading security and Virtual Private Network services with a flexible design. The result is a powerful, multifunction network protection solution better able to protect small and medium company and enterprise networks and, at the same time, lower the total installation and maintenance expenses previously associated with this high level of security.

Cisco ASA Firewalls Professional Services
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on engineering developed for the PIX 500 family Security Appliance, Cisco's IPS 4200 sensor, and the Cisco VPN 3000 family concentrator. These solutions converge on the Cisco Adaptive Security Appliances 5500 Series Firewall product line to deliver a firewall that stops a broad range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver application security, network containment and control, and clean VPN functionality throughout Cisco's product line. This breadth of security enables defense of any network area, including the most typical attack vectors like remote sites, LAN-attached internal users, and remote connected VPNs.

Cisco ASA firewalls provide robust application protection via smart, application-sensitive inspection engines that examine traffic at Layers 4-7. This produces a safer environment including web, voice, and mobile wireless connectivity. To protect networks against application-layer attacks and to give businesses more policing of the programs and protocols utilized in their environments, these inspection engines integrate extensive application and protocol knowledgebases and employ security enforcement solutions such as anomaly sensing and application and protocol state tracking. Also included are attack sensing and remediation techniques including application/protocol command filtering and content verification. Cisco Adaptive Security Appliances firewall inspection engines also provide management of instant messaging and tunneling applications, allowing organizations to police usage policies and conserve bandwidth for important business processes.

At the same time as improving network protection, Cisco ASA 5500 Series firewalls also lower installation and operational expenses. By providing broad VPN and security functions, the Cisco Adaptive Security Appliances (ASA) firewall can be a single device for a multitude of uses, enabling platform commonality. The Cisco Adaptive Security Appliances firewall can be used as a consolidated threat-protection appliance at the datacenter by taking advantage of its connectivity control, process inspection, and malicious assault mitigation technologies. The Cisco Adaptive Security Appliances 5500 Series firewall can also be deployed as a specialized remote connectivity solution utilizing its Virtual Private Network features. As another option, the Cisco Adaptive Security Appliances 5500 Series firewall performs equally well inside the network for inter-office access management and to guard against worms, viruses, and other malicious code inside workers may unwittingly release into the network. For small business and branch office networks, the Cisco Adaptive Security Appliances 5500 Series firewall serves as an all-in-one platform providing complete threat defense and VPN functionality while fitting within the cost structure and operational models of these deployments.

This adaptive one-device, multiple-solution design minimizes the total number of appliances that need to be installed and maintained while providing a standard functional and administrative system throughout all deployments. This architecture simplifies the training of configuration, monitoring, troubleshooting, and protection personnel. To further minimize maintenance costs, Cisco ASA firewalls are also highly network conscious, enabling them to insert gracefully into the network without interfering with authorized traffic and processes.

How Progent's Cisco Certified Experts Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco ASA Series firewalls and PIX family security appliances provide an array of configuration, tracking, and analysis options that give you the ability to set up these firewalls to align optimally with your business needs. Progent's CCIE authorized network professionals can assist you to maintain your current network infrastructure that incorporates Cisco ASA or PIX firewalls and that offers protection, resilience, throughput, and manageability. Progent's firewall experts can also assist your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.

Progent's CISA and CISSP-ISSP-premier information security engineers can assist your business to develop a security strategy that makes sense for your situation and can set up your PIX or ASA firewall to support your security policies. Progent's risk assessment consultants can assess the effectiveness of your existing firewall solution and help determine the overall security of your entire information system network. Progentís Help Desk Call Center can provide emergency remote troubleshooting for Cisco technology and can give you quick access to a Cisco network engineer.

To find out additional information about Progent's professional assistance for Cisco products, select a subject:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include: To get in touch with Progent about technical expertise for Cisco networking, call 1-800-993-9400 or go to Contact Progent.

More topics of interest: