Cisco's PIX security appliances and ASA 5500 Series firewalls combine next-generation firewall, intrusion defense, and VPN features in a cost-effective, single-box format. Both of these product families have been replaced by Cisco's ASA 5500-X family of security appliances with Firepower. (See integration and troubleshooting expertise for Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and previous-generation Cisco ASA 5500 Series firewalls are extensively used and continue to offer small and mid-size organizations a reliable firewall environment.

Cisco PIC and legacy ASA 5500 firewalls deliver powerful client and program policy support, mutlivector assault protection, and secure connectivity features. The enhanced intelligence sharing of integrated protection features in a single package provides users deploying these aggregated firewalls the benefits of advanced protection, reduced TCO, and smaller management costs.

PIX firewalls and Cisco's ASA 5500 Series join Cisco IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 family switches, and 7600 family routers as components of Cisco's versatile, self-contained firewall product. Engineered with a scalable, modular platform, every device is equipped with a specific feature set to provide better protection to a variety of networking environments. These solutions can be individually installed to protect certain areas of a network infrastructure, or can be combined for a layered, protection-in-depth approach based on the architecture leading practices outlined in the Cisco SAFE framework. Completing the modular firewall solutions, Cisco provides a complete security management catalog, ranging from Cisco security appliance and IOS Software security components and embedded appliance controllers, to standalone management utilities, moving to ensure that businesses can productively manage their Cisco protection infrastructure investments.

Cisco PIX Firewall Appliances
Cisco PIX firewall appliances offer robust user and application policy enforcement, multivector invasion protection, and secure connectivity services in economical, out-of-the-box modules. These purpose-built appliances provide a broad range of integrated protection and connectivity services such as process-aware firewall services, VoIP and multimedia protection, reliable multi-site and remote-connectivity IPcec VPN connectivity, high availability, intelligent networking features, and versatile management solutions. The Cisco PIX firewall family spans compact plug-and-play desktop units for small offices or at home offices to stackable gigabit products with ROI for large business and service-provider environments, PIX firewall appliances deliver high levels of security, speed, and reliability for networks of any size.

PIX Security Support

Based upon a hardened, purpose-built OS that delivers rich security features, Cisco PIX firewalls provide a high level of protection and have received EAL 4 status and ICSA Labs Firewall and IPsec qualification. Cisco PIX security appliances offer protection for a wide array of Voice over IP and additional multimedia standards including H.323 Version 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, helping businesses to protect deployments of a broad array of contemporary and next-generation Voice over IP and multimedia applications.

PIX firewall appliances feature a wealth of setup, tracking, and troubleshooting features, providing businesses the flexibility to utilize the techniques that most closely match their needs. Administrative options include centralized, policy-based administration utilities, integrated web-based management, and compatibility with remote-tracking standards such as SNMP and syslog. The integrated ASDM system offers a world-class web-accessible control solution that significantly streamlines the installation, in-place configuration, and tracking of a single PIX firewall appliance without requiring any additional software beyond a standard web browser and Java applet to be running on an administrator's computer.

Administrators can also remotely configure, track, and analyze PIX firewall appliances using a command-line interface. Secure command-line interface (CLI) access is possible through a number of techniques including Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. PIX firewall appliances also include dependable automatic-update features, a collection of protected remote-administration options that make sure that firewall settings and software images are always up to date.

Cisco ASA Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are purpose-built solutions that incorporate advanced, industry-leading security and Virtual Private Network support with a flexible design. The result is a powerful, versatile network protection appliance better suited to protect small and midsize company and enterprise networks and, at the same time, reduce the overall installation and maintenance expenses previously required for this enhanced degree of security.

Cisco ASA Firewalls Consulting
Cisco ASA Firewalls build on engineering behind Cisco's PIX 500 Security Appliance, Cisco's IPS 4200 sensor, and Cisco's VPN 3000 family concentrator. These solutions converge on the Cisco ASA 5500 Series Firewall family to deliver a platform that defends against a broad range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide program security, local containment and control, and clean Virtual Private Network functionality throughout Cisco's product line. This breadth of security enables the guarding of any network section, including the most typical attack vectors like remote locations, locally-connected inside users, and off-site access Virtual Private Networks.

Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver a high-level of application protection through smart, application-sensitive inspection engines that analyze network flows at Layers 4-7. This results in a more secure environment covering web, voice, and mobile wireless connectivity. To defend environments against application-layer assaults and to offer organizations more policing of the programs and protocols utilized in their environments, these inspection engines integrate broad application and protocol knowledge and employ security enforcement solutions that include anomaly detection and state monitoring. Also incorporated are attack detection and remediation technology including application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver management of instant messaging and tunneling applications, allowing businesses to police usage policies and preserve network bandwidth for crucial business applications.

While improving security, Cisco Adaptive Security Appliances firewalls also lower installation and operational costs. By providing extensive Virtual Private Network and security services, the Cisco Adaptive Security Appliances 5500 Series firewall can be used as the single device for a multitude of environments, enabling platform commonality. The Cisco Adaptive Security Appliances firewall can be used as a converged attack-protection device at a central location by leveraging its connectivity control, application inspection, and worm, virus, and other malware remediation capabilities. The Cisco Adaptive Security Appliances 5500 Series firewall can also be used as a specialized remote connectivity device using its Virtual Private Network capabilities. Alternatively, the Cisco Adaptive Security Appliances 5500 Series firewall operates equally well inside the network for interdepartmental access control and to defend against worms, viruses, and other malicious code inside workers may unwittingly introduce into the environment. In small company and satellite office networks, the Cisco Adaptive Security Appliances firewall acts as a total solution device offering complete threat defense and Virtual Private Network functionality while suiting the budgets and operational models of these situations.

This adaptive one-platform, multiple-use design reduces the number of devices that need to be installed and maintained while offering a common functional and administrative environment throughout all installations. This approach simplifies the training of setup, monitoring, troubleshooting, and security personnel. To further minimize operations expenses, Cisco ASA 5500 Series firewalls are also exceptionally network aware, enabling them to integrate gracefully into the environment without disrupting authorized traffic and processes.

How Progent's Cisco Certified Experts Can Help You with Cisco Firewalls
Cisco's ASA Series adaptive security appliances and PIX security appliances incorporate an array of configuration, monitoring, and troubleshooting options which give you the flexibility to set up these firewalls to match your business requirements. Progent's CCIE authorized network professionals can assist you to maintain your existing network infrastructure that includes Cisco ASA and/or PIX security appliances and that offers protection, fault tolerance, throughput, and manageability. Progent's firewall experts can also assist you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.

Progent's CISA and CISSP-ISSP-certified information security consultants can assist you to create a security strategy that makes sense for your situation and can set up your PIX or ASA firewall to support your security policies. Progent's risk evaluation professionals can assess the strength of your existing firewall deployment and validate the overall security of your whole IS environment. Progentís Technical Response Center can provide emergency remote technical support for Cisco products and offer fast access to a Cisco expert.

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic: To learn additional information concerning Progent's consulting support for Cisco networking products, choose a topic: For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.

More topics of interest: