Cisco Expert Network Consultants

Cisco PIX family firewalls and ASA Series adaptive security appliances combine comprehensive firewall, intrusion defense, and VPN features in an affordable, single-cabinet format. Both product lines have been replaced by Cisco's ASA 5500-X family of security appliances with Firepower Services. (See configuration and troubleshooting expertise for Cisco AA 5500-X firewalls with Firepower Services.) Still, both PIX and previous-generation Cisco ASA 5500 model adaptive security appliances are extensively deployed and continue to offer small and mid-size companies a viable firewall solution.

Cisco PIC and legacy ASA 5500 firewalls offer powerful user and program policy support, mutlivector assault defense, and secure connectivity services. The increased knowledge sharing of integrated protection features in a single package provides users implementing these integrated firewalls the benefits of advanced security, reduced TCO, and minimal maintenance expense.

PIX firewalls and the ASA 5500 family combine with Cisco IOS Firewall, the FWSM for Cisco Catalyst 6500 switches, and Cisco 7600 family routers as components of Cisco's flexible, self-contained firewall solutions. Engineered with a scalable, modular approach, each offering is designed with a specific feature set to deliver more efficient security to a variety of networking situations. These products can be individually installed to secure certain facets of a connectivity environment, or can be combined for a systematic, protection-in-depth strategy based on the architecture best practices outlined in the Cisco SAFE Blueprint. Rounding out the integrated firewall product line, Cisco provides a comprehensive security management catalog, ranging from Cisco security appliance and IOS Software security components and embedded appliance managers, to standalone management programs, helping to ensure that customers can productively manage their Cisco security infrastructure purchases.

Cisco PIX Security Appliance Series
PIX firewall appliances offer robust policy enforcement, multivector attack protection, and secure networking features in economical, out-of-the-box solutions. These purpose-built appliances offer a broad range of integrated protection and networking services such as process-aware firewall services, Voice over IP (VoIP) and multimedia security, reliable site-to-site and remote-access IP Security Virtual Private Network (VPN) connectivity, fault tolerance, smart networking services, and flexible management solutions. The Cisco PIX firewall family ranges from compact plug-and-go appliances for small offices or home offices to modular gigabit products with ROI for large business and service-provider environments, Cisco PIX Security Appliance Series deliver high levels of protection, performance, and reliability for networks of all sizes.

Based upon a tested, purpose-built OS that delivers a wealth of security services, PIX firewall appliances provide a high level of protection and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IPsec certification. Cisco PIX security appliances offer security for a wide array of Voice over IP and other mixed-media conventions including H.323 v. 4, SIP, SCCP, RTSP, and Media Gateway Control Protocol (MGCP), enabling businesses to safeguard installations of a broad array of current and upcoming Voice over IP and mixed-media applications.

PIX firewalls offer a wealth of configuration, tracking, and troubleshooting features, providing businesses the flexibility to use the methods that best meet their needs. Administrative options include common, policy-based administration tools, integrated web-accessible management, and compatibility with remote-tracking standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM interface offers a world-class web-based management platform that greatly simplifies the installation, ongoing configuration, and tracking of a single PIX firewall appliance without requiring any extra software other than an ordinary web browser and Java applet to be running on an administrator's PC.

Administrators can also remotely set up, monitor, and analyze Cisco PIX security appliances via a command-line interface (CLI). Secure command-line interface access is available using several methods such as Secure Shell (SSHv2) Protocol, Telnet over IPsec, and out-of-band via a console port. Cisco PIX firewalls also have dependable auto-update capabilities, a collection of protected remote-management options that make sure that firewall configurations and software images are always current.

Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are specially engineered devices that bring together advanced, industry-leading security and Virtual Private Network support with an adaptive design. The end product is a powerful, versatile network protection solution better suited to protect small and midsize business and larger networks and, simultaneously, lower the overall deployment and maintenance expenses formerly required for this enhanced level of security.

Cisco ASA firewalls deliver strong application protection via smart, application-aware inspection engines that analyze traffic at Layers 4-7. The result is a safer environment including web, voice, and mobile wireless access. To defend networks against application-layer attacks and to give organizations greater control over the applications and protocols used in their networks, Cisco's inspection engines incorporate extensive application and protocol knowledge and rely on security enforcement technologies that include anomaly sensing and state tracking. Also included are assault sensing and remediation technology such as application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver control over instant messaging and peer-to-peer file sharing, enabling organizations to police usage policies and recover network bandwidth for vital business processes.

While improving network protection, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower deployment and support expenses. By offering extensive VPN and security functions, the Cisco Adaptive Security Appliances 5500 Series firewall can be a single device for a multitude of uses, allowing product standardization. The Cisco ASA 5500 Series firewall can be deployed as a consolidated threat-prevention appliance at a central location by taking advantage of its connectivity control, process inspection, and malicious assault remediation capabilities. The Cisco ASA 5500 Series firewall can also be deployed as a specialized remote connectivity solution using its VPN features. As an alternative, the Cisco ASA firewall performs capably in the network interior for interdepartmental access management and to guard against worms, viruses, and other malicious code internal workers might unwittingly introduce into the network. For small company and branch office environments, the Cisco ASA 5500 Series firewall serves as an all-in-one platform providing complete intrusion prevention and VPN functionality while fitting within the cost structure and operational models of such deployments.

This adaptive one-device, many-solution design minimizes the number of appliances that must be deployed and managed while offering a common operating and administrative environment throughout all those deployments. This approach simplifies the training of setup, monitoring, support, and protection staff. To further minimize maintenance costs, Cisco ASA firewalls are also highly network conscious, enabling these devices to insert seamlessly into the environment without interfering with authorized traffic and processes.

How Progent's Cisco Certified Experts Can Help You with Cisco Firewalls
Cisco ASA Series firewalls and PIX family firewalls incorporate an array of setup, tracking, and troubleshooting options that offer you the flexibility to deploy these firewalls to match your company's requirements. Progent's CCIE certified network professionals can assist you to maintain your current infrastructure that includes Cisco ASA or PIX firewalls and that offers security, resilience, throughput, and manageability. Progent's firewall experts can also assist your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.

Progent's CISA and CISM-certified IS security consultants can assist you to develop a security policy appropriate for your situation and can configure your firewall to support your security strategy. Progent's risk assessment professionals can evaluate the strength of your current firewall deployment and help determine the overall security of your entire information system network. Progent's Help Desk Call Center can deliver urgent remote troubleshooting for Cisco technology and offer fast access to a Cisco expert.

For more information about Progent's professional help for Cisco products, select a subject:

• Introduction to Progent's Cisco Expertise
• Timely Remote Help from a Cisco Certified Internetwork Expert (CCIE) Engineer
• Cisco Firepower Firewalls: Configuration and Management Expertise
• ASA 5500-X Series Firewall with Cisco Firepower Services: Consulting and Management Support
• Cisco ASA 5500 Series Firewall Engineering Expertise
• Cisco Routers Configuration and Troubleshooting Expertise
• Cisco Wireless Network Design Services
• Cisco Aironet Wireless APs Design Services
• Cisco Small Business WiFi APs Deployment Help
• Catalyst Wi-Fi 6/6E APs Planning, Configuration and Troubleshooting Support
• Cisco WiFi Controllers Consulting
• Meraki APs Consulting Services
• Cisco Unified Communications Manager (CUCM or Unified CM) and Cisco CallManager Integration and Troubleshooting
• Cisco VoIP Phones and IP Video Phones Expertise and Wireless IP Phone Configuration
• Cisco Jabber Consulting and Support Expertise
• Cisco Catalyst Switches Deployment Expertise
• Cisco Nexus Switches Consulting and Support Services
• Meraki Switches Configuration and Maintenance Expertise
• Cisco Security and VPN Engineering Help
• SIP and CUBE Infrastructure Solutions: SIP PSTN Trunks and CUBE Integration Consulting
• Cisco Duo MFA Two-factor Authentication Services for Teleworkers
• Design Solutions for Cisco-based Datacenters
• Network Optimization Consulting for ISPs
• Centralized Cloud-based and Hybrid Network Management Techniques for Cisco Environments

• Check Point Software Consulting
• WatchGuard Consulting
• Juniper Networks NetScreen and SSG Firewall Consulting
• SonicWall Consulting
• Symantec Raptor Consulting