Cisco PIX firewalls and ASA Series firewalls combine comprehensive firewall, intrusion defense, and Virtual Private Network (VPN) features in an economical, single-cabinet package. Both of these product lines have been superseded by Cisco's ASA 5500-X line of firewalls with Firepower. (See configuration and troubleshooting expertise for ASA 5500-X firewalls with Firepower Services.) Still, both PIX and first-generation ASA 5500 Series adaptive security appliances are widely used and continue to offer small and mid-size companies a viable firewall solution.

PIX and legacy ASA 5500 firewalls offer robust client and program policy enforcement, mutlivector attack protection, and safe access features. The enhanced intelligence sharing of integrated security features in a single package provides users implementing these aggregated firewalls the advantages of advanced security, reduced cost of ownership, and minimal management expense.

Cisco PIX firewalls and the ASA 5500 family combine with IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 Series switches, and Cisco 7600 Series routers as components of Cisco's versatile, self-contained firewall solutions. Based on a scalable, modular platform, each offering is equipped with a particular array of options to deliver more efficient protection to different network environments. These products can be independently deployed to protect certain facets of a connectivity infrastructure, or can be grouped for a layered, defense-in-depth strategy based on the architecture leading practices described in Cisco's SAFE Blueprint. Completing the integrated firewall solutions, Cisco has developed a complete security management portfolio, ranging from Cisco security appliance and IOS security components and embedded appliance controllers, to self-contained management utilities, moving to ensure that customers can effectively manage their Cisco security solution purchases.

Cisco PIX Security Appliance Series
PIX firewalls offer robust user and application policy enforcement, multi-source attack defense, and safe networking services in cost-effective, simple-to-configure solutions. These purpose-built appliances offer a broad range of built-in security and connectivity services including application-aware firewall services, Voice over IP (VoIP) and multimedia protection, robust site-to-site and remote-connectivity IPcec VPN networking, fault tolerance, intelligent networking features, and flexible management options. The Cisco PIX firewall product line spans compact plug-and-go desktop units for small and at home offices to stackable high-bandwidth products with investment protection for enterprise and ISP customers, Cisco PIX firewall appliances deliver dependable security, speed, and reliability for networks of all sizes.

PIX Security Experts

Built around a tested, purpose-built OS that delivers a wealth of security services, Cisco PIX firewall appliances provide a high level of security and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IPsec certification. PIX firewall appliances provide protection for a broad array of VoIP and other mixed-media conventions including H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), RTSP, and MGCP, enabling organizations to safeguard deployments of a broad range of contemporary and upcoming Voice over IP and multimedia applications.

Cisco PIX firewalls feature a wealth of configuration, tracking, and analysis features, providing IT managers the versatility to use the techniques that best meet their requirements. Management solutions include centralized, policy-based administration tools, integrated web-accessible management, and compatibility with remote-tracking protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface provides a world-class web-accessible control platform that significantly simplifies the installation, in-place configuration, and tracking of a single Cisco PIX firewall without requiring any additional utility other than a standard web browser and Java plug-in to be installed on an administrator's computer.

Administrators can also remotely set up, track, and analyze PIX firewall appliances via a CLI interface. Safe CLI interface access is available through several techniques such as Secure Shell Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. PIX security appliances also have robust automatic-update features, a collection advanced protected remote-administration options that make sure that security settings and software images are kept up to date.

Cisco ASA Firewalls
Cisco Adaptive Security Appliances Firewalls are specially engineered devices that bring together market-proven, industry-leading protection and VPN services plus a flexible architecture. The result is a robust, multifunction network protection solution better suited to protect small and midsize business (SMB) and enterprise networks and, at the same time, lower the overall deployment and operations expenses formerly required for this enhanced level of protection.

Cisco ASA 5500 Series Firewalls Consultants
Cisco ASA 5500 Series Firewalls build on engineering behind the Cisco PIX 500 family Security Appliance, the IPS 4200 Series Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These solutions converge on the Cisco ASA 5500 Series Firewall family to deliver a platform that stops a broad range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver program security, network containment and control, and clean Virtual Private Network connectivity across Cisco's product portfolio. This breadth of security allows defense of any network segment, which includes the most common attack conduits like remote sites, locally-attached inside users, and remote connected Virtual Private Networks.

Cisco Adaptive Security Appliances firewalls deliver robust application security via intelligent, application-sensitive inspection engines that examine traffic at Layers 4-7. This produces a better protected environment covering web, voice, and mobile wireless access. To protect networks from application-layer attacks and to give organizations greater policing of the programs and protocols used in their environments, Cisco's inspection engines integrate extensive application and protocol knowledgebases and rely on security enforcement solutions such as protocol anomaly sensing and state tracking. Also included are assault detection and mitigation techniques including application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also provide management of instant messaging and tunneling applications, allowing organizations to enforce usage policies and preserve network bandwidth for critical business processes.

While increasing network protection, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower deployment and operational expenses. By providing broad VPN and protection services, the Cisco Adaptive Security Appliances 5500 Series firewall can be a the only platform for a multitude of environments, enabling product standardization. The Cisco ASA firewall can be deployed as a converged attack-prevention appliance at the datacenter by leveraging its access control, process inspection, and malware mitigation capabilities. The Cisco Adaptive Security Appliances firewall can also be used as a dedicated remote access device using its Virtual Private Network features. As another option, the Cisco Adaptive Security Appliances firewall serves capably in the network interior for inter-office connectivity control and to defend against malicious assaults internal workers may unknowingly introduce into the environment. In small business and branch office environments, the Cisco Adaptive Security Appliances firewall serves as a total solution platform providing comprehensive threat defense and Virtual Private Network services while fitting within the budgets and performance models of such situations.

This adaptive single-device, multiple-solution approach reduces the total number of appliances that need to be installed and managed while offering a standard functional and management environment across all those deployments. This approach streamlines the training of setup, tracking, support, and security personnel. To further minimize maintenance costs, Cisco Adaptive Security Appliances 5500 Series firewalls are also exceptionally network aware, allowing these devices to insert gracefully into the network without disrupting authorized traffic and applications.

How Progent's Consultants Can Help Your Business with Cisco Firewalls
Cisco's ASA Series firewalls and PIX firewalls incorporate a wealth of setup, tracking, and analysis features which offer you the flexibility to set up these firewalls to match your company's requirements. Progent's CCIE authorized network consultants can show you how to support your current network infrastructure that incorporates Cisco ASA and/or PIX firewalls and that offers security, resilience, performance, and manageability. Progent's firewall experts can also help you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.

Progent's GISA and CISM-certified information security professionals can assist you to develop a security strategy that makes sense for your environment and can set up your security appliance to support your security strategy. Progent's risk assessment experts can assess the effectiveness of your current firewall solution and help determine the security of your whole IS environment. Progentís Help Desk support team can provide urgent remote technical support for Cisco products and can give you fast access to a Cisco CCIE expert.

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic: To see additional information about Progent's professional help for Cisco networking products, pick a subject: For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.

More topics of interest: