Cisco's PIX family firewalls and ASA Series adaptive security appliances integrate next-generation firewall, intrusion defense, and VPN technologies in an economical, one-cabinet format. Both of these product lines have been replaced by the ASA 5500-X line of firewalls with Firepower Services. (Refer to configuration and troubleshooting support for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and earlier-generation ASA 5500 Series firewalls are extensively deployed and continue to deliver small and mid-size organizations a reliable security solution.

Cisco PIC and the original ASA 5500 firewalls deliver robust client and program policy support, mutlivector attack protection, and safe access features. The increased knowledge sharing of consolidated security features in a stand-alone package provides users implementing these aggregated solutions the benefits of enhanced security, reduced cost of ownership, and minimal management expense.

Cisco PIX firewalls and the ASA 5500 Series join IOS Firewall, the FWSM for Cisco Catalyst 6500 Series switches, and 7600 family routers as parts of Cisco's flexible, integrated firewall line. Engineered with an expandable, building-block platform, each offering is designed with a specific feature set to deliver more efficient security to different networking situations. These products can be individually installed to protect certain areas of the connectivity infrastructure, or can be combined for a layered, defense-in-depth approach based on the architecture best practices described in Cisco's SAFE framework. Completing the integrated firewall product line, Cisco has developed a complete security management catalog, ranging from Cisco security appliance and IOS Software security features and built-in device controllers, to self-contained management utilities, moving to ensure that businesses can effectively use their Cisco protection infrastructure investments.

PIX Firewall Appliances
PIX firewalls deliver reliable policy enforcement, multivector attack protection, and secure connectivity features in economical, out-of-the-box solutions. These purpose-built appliances offer a broad range of built-in security and connectivity capabilities including application-aware firewall features, Voice over IP and multimedia security, robust multi-location and remote-access IP Security (IPsec) VPN networking, fault tolerance, intelligent networking features, and versatile administration solutions. The Cisco PIX Security Appliance Series product line ranges from compact plug-and-go devices for small or at home offices to modular gigabit products with ROI for large business and service-provider environments, PIX Security Appliance Series provide high levels of security, speed, and reliability for networks of all sizes.

Cisco PIX Firewalls Support

Built around a hardened, purpose-built software platform that offers a wealth of protection services, PIX firewalls offer excellent protection and have received EAL 4 status and ICSA Firewall and IP Security qualification. Cisco PIX security appliances offer protection for a broad array of VoIP and other multimedia standards including H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol (MGCP), enabling businesses to safeguard deployments of a broad range of contemporary and upcoming Voice over IP and video applications.

Cisco PIX firewall appliances offer a variety of configuration, monitoring, and troubleshooting options, giving businesses the flexibility to use the techniques that most closely match their requirements. Administrative options include centralized, policy-based management utilities, integrated web-accessible management, and support for remote-monitoring standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a world-class web-based control platform that significantly streamlines the installation, ongoing modification, and monitoring of a specific Cisco PIX firewall without the need of any additional software beyond an ordinary web browser and Java plug-in to be installed on an administrator's computer.

IT managers can also remotely set up, track, and troubleshoot PIX firewall appliances using a command-line interface. Secure CLI interface communication is possible using several methods including Secure Shell (SSHv2) Protocol, Telnet over IPsec, and out-of-band via a console port. PIX firewalls also have robust automatic-update features, a set of secure remote-management options that make sure that firewall settings and software images are always current.

Cisco Adaptive Security Appliances Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are specially engineered devices that incorporate advanced, best-of-breed security and Virtual Private Network support plus a flexible architecture. The end product is a powerful, multifunction network protection solution better able to defend small and midsize company and larger networks and, simultaneously, reduce the overall deployment and maintenance expenses formerly required for this enhanced degree of security.

Cisco Adaptive Security Appliances 5500 Series Firewalls Support
Cisco Adaptive Security Appliances 5500 Series Firewalls build on technology behind the PIX 500 Series Security Appliance, Cisco's IPS 4200 Series sensor, and the Cisco VPN 3000 model concentrator. These technologies enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to deliver a platform that defends against a broad range of attacks. Cisco Adaptive Security Appliances Firewalls provide application security, local containment, and safe VPN connectivity throughout the entire product portfolio. This breadth of protection enables the guarding of any network segment, including the most typical attack vectors like remote sites, locally-attached internal users, and remote access Virtual Private Networks.

Cisco ASA 5500 Series firewalls provide a high-level of application protection through smart, application-aware inspection processes that examine network flows at Layers 4-7. This produces a more secure environment covering web, voice, and mobile wireless services. To protect networks from application-layer attacks and to offer organizations more control over the applications and protocols utilized in their networks, Cisco's inspection engines incorporate broad application and protocol knowledgebases and rely on protection enforcement technologies such as protocol anomaly sensing and application and protocol state tracking. Also included are attack detection and mitigation technology including application/protocol command filtering and content verification. Cisco ASA 5500 Series firewall inspection engines also provide control over instant messaging and tunneling applications, enabling businesses to police usage policies and preserve bandwidth for critical business applications.

At the same time as improving network protection, Cisco ASA 5500 Series firewalls also lower installation and operational expenses. By offering extensive Virtual Private Network and security functions, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as the the only platform for many environments, allowing product standardization. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be deployed as a consolidated threat-prevention device at the datacenter by leveraging its connectivity control, application inspection, and malicious assault mitigation technologies. The Cisco Adaptive Security Appliances (ASA) firewall can also be used as a dedicated remote access device utilizing its VPN features. Alternatively, the Cisco ASA 5500 Series firewall operates capably in the network interior for interdepartmental access control and to defend against malicious assaults internal users may inadvertently release into the environment. For small company and branch office networks, the Cisco Adaptive Security Appliances firewall acts as a total solution device providing comprehensive intrusion defense and Virtual Private Network services while fitting within the budgets and operational demands of these situations.

This adaptive one-platform, many-solution approach reduces the total number of devices that need to be deployed and managed while providing a standard operating and management environment throughout all those installations. This approach simplifies the education of configuration, tracking, troubleshooting, and protection staff. To further minimize operations costs, Cisco Adaptive Security Appliances (ASA) firewalls are also highly network conscious, allowing these devices to integrate seamlessly into the network without disrupting authorized data flow and processes.

How Progent Can Assist Your Business with Cisco Firewalls
Cisco's ASA 5500 Series firewalls and PIX security appliances provide an array of setup, tracking, and troubleshooting features which give you the ability to deploy these firewalls to align optimally with your company's needs. Progent's CCIE certified network professionals can show you how to maintain your current network infrastructure that incorporates Cisco ASA and/or PIX security appliances and that offers protection, resilience, performance, and recoverability. Progent's firewall experts can also assist your organization to upgrade to ASA 5500-X firewalls with Firepower Services.

Progent's GISA and CISSP-ISSP-certified IS security professionals can assist your business to develop a security policy appropriate for your business and can configure your security appliance to enforce your security policies. Progent's security assessment engineers can assess the strength of your existing firewall deployment and help determine the security of your entire information system environment. Progentís Technical Response Center can deliver urgent online troubleshooting for Cisco technology and can give you fast access to a Cisco CCIE network engineer.

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic: To find out more details about Progent's professional help for Cisco solutions, choose a subject: For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.

More topics of interest: