Cisco's PIX firewalls and ASA Series firewalls integrate comprehensive firewall, intrusion protection, and Virtual Private Network (VPN) functionality in an affordable, one-box package. Both of these product families have been replaced by Cisco's ASA 5500-X family of firewalls with Firepower Services. (See configuration and troubleshooting expertise for ASA 5500-X firewalls with Firepower Services.) Still, both PIX and previous-generation Cisco ASA 5500 Series firewalls are widely deployed and continue to offer small and mid-size companies a viable firewall solution.

PIX and the original ASA 5500 firewalls deliver robust user and program policy support, mutlivector assault defense, and secure access features. The enhanced knowledge sharing of integrated protection features in a stand-alone platform provides users deploying these integrated solutions the advantages of advanced protection, reduced cost of ownership, and minimal management expense.

PIX security appliances and Cisco's ASA 5500 Series combine with IOS Firewall, the Firewall Services Module (FWSM) for Cisco Catalyst 6500 family switches, and 7600 family routers as parts of Cisco's versatile, self-contained firewall product. Based on an expandable, modular platform, every device is equipped with a specific feature set to deliver better security to a variety of networking environments. These solutions can be independently installed to protect certain areas of the connectivity environment, or can be combined for a layered, defense-in-depth approach following the design best practices described in Cisco's SAFE Blueprint. Rounding out the modular firewall product line, Cisco provides a comprehensive security management catalog, spanning Cisco security device and IOS Software security features and embedded device managers, to standalone management applications, moving to ensure that customers can effectively manage their Cisco security infrastructure investments.

PIX Security Appliance Series
Cisco PIX firewall appliances deliver robust policy enforcement, multivector attack defense, and secure networking services in economical, simple-to-configure solutions. These specialized appliances provide a broad range of built-in protection and connectivity services including application-aware firewall services, VoIP and multimedia security, reliable multi-location and remote-access IP Security (IPsec) VPN networking, excellent resiliency, intelligent networking services, and flexible administration solutions. The PIX firewall Appliance family spans small plug-and-play desktop units for small offices and home offices to modular gigabit appliances with investment protection for large business and ISP environments, PIX firewall appliances deliver high levels of protection, speed, and availability for networks of all sizes.

Cisco PIX Firewalls Support

Based upon a hardened, purpose-built software platform that offers rich security services, PIX security appliances provide excellent security and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec certification. Cisco PIX security appliances provide security for a broad range of VoIP and other multimedia standards including H.323 v. 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping organizations to safeguard deployments of a broad range of contemporary and upcoming Voice over IP and multimedia applications.

Cisco PIX firewalls offer a variety of setup, tracking, and analysis options, providing IT managers the versatility to use the methods that best meet their needs. Management options include common, policy-based management tools, integrated web-based management, and compatibility with remote-tracking standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM interface offers a powerful web-accessible management solution that greatly simplifies the deployment, in-place modification, and monitoring of a single Cisco PIX security appliance without the need of any extra software other than an ordinary browser and Java applet to be installed on an administrator's computer.

IT managers can furthermore remotely set up, track, and analyze Cisco PIX firewall appliances via a command-line interface (CLI). Secure command-line interface access is possible using a number of techniques such as Secure Shell Protocol, Telnet over IPsec, and out-of-band through a console port. Cisco PIX security appliances also have dependable auto-update features, a collection of secure remote-administration services that ensure firewall settings and software images are kept current.

Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco ASA Firewalls are specially engineered solutions that incorporate advanced, industry-leading protection and VPN services plus a flexible design. The result is a robust, multifunction network security solution better suited to defend small and medium business (SMB) and enterprise networks and, simultaneously, reduce the overall installation and maintenance costs formerly associated with this enhanced level of security.

Cisco Adaptive Security Appliances Firewalls Professional Services
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage technology behind the PIX 500 Series firewall, the Cisco IPS 4200 Series Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These solutions converge on the Cisco Adaptive Security Appliances 5500 Series Firewall product line to offer a firewall that defends against a wide range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver program protection, local containment and control, and safe Virtual Private Network connectivity throughout the entire product line. This breadth of protection enables the guarding of any network segment, which includes the most common threat conduits like remote sites, LAN-attached internal users, and off-site connected VPNs.

Cisco Adaptive Security Appliances firewalls deliver a high-level of application security via smart, application-sensitive inspection engines that analyze traffic at Layers 4-7. The result is a safer network covering web, voice, and mobile wireless connectivity. To protect environments against application-layer attacks and to give organizations greater control over the applications and protocols used in their environments, Cisco's inspection engines incorporate broad application and protocol knowledge and employ security enforcement solutions that include protocol anomaly sensing and application and protocol state tracking. Also incorporated are assault sensing and mitigation techniques such as application/protocol command filters and content verification. Cisco ASA firewall inspection engines also provide management of instant messaging and tunneling applications, allowing businesses to police usage policies and conserve network bandwidth for crucial business processes.

While increasing security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also decrease installation and operational costs. By offering broad VPN and protection functions, the Cisco ASA 5500 Series firewall can be a single device for a multitude of environments, allowing product commonality. The Cisco Adaptive Security Appliances (ASA) firewall can be deployed as a converged attack-protection appliance at the datacenter by leveraging its access control, application inspection, and malicious assault remediation technologies. The Cisco Adaptive Security Appliances (ASA) firewall can also be used as a specialized remote connectivity device utilizing its VPN features. As an alternative, the Cisco ASA firewall operates equally well in the network interior for interdepartmental access management and to guard against worms, viruses, and other malicious code inside users may unknowingly introduce into the network. For small company and satellite office networks, the Cisco Adaptive Security Appliances (ASA) firewall serves as an all-in-one platform providing comprehensive threat prevention and Virtual Private Network services while fitting within the budgets and operational demands of such situations.

This versatile one-device, multiple-use approach reduces the number of appliances that need to be deployed and maintained while providing a standard functional and management system across all deployments. This architecture simplifies the education of configuration, tracking, support, and security staff. To further minimize operations costs, Cisco Adaptive Security Appliances firewalls are also highly network conscious, allowing these devices to insert gracefully into the environment without interfering with legitimate traffic and applications.

How Progent's Cisco Certified Experts Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco's ASA 5500 Series firewalls and PIX family firewalls provide a wealth of configuration, tracking, and troubleshooting options which offer you the flexibility to set up these firewalls to match your company's requirements. Progent's CCIE authorized network consultants can assist you to maintain your existing infrastructure that includes Cisco ASA or PIX firewalls and that offers protection, fault tolerance, throughput, and manageability. Progent can also help you to upgrade to ASA 5500-X firewalls with Firepower Services.

Progent's GISA and CISSP-ISSP-premier information security consultants can help you to create a security strategy that makes sense for your situation and can set up your PIX or ASA firewall to support your security strategy. Progent's security evaluation experts can evaluate the effectiveness of your current firewall deployment and validate the overall security of your whole IS environment. Progentís Technical Response Center (TRC) can provide urgent online troubleshooting for Cisco products and offer quick access to a Cisco CCIE network engineer.

To learn more details concerning Progent's consulting expertise for Cisco technology, choose a subject:

If you wish to ask Progent about engineering help for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.