Cisco Network Consultants

Cisco's PIX firewalls and Cisco ASA 5500 Series adaptive security appliances combine comprehensive firewall, intrusion defense, and Virtual Private Network (VPN) features in an economical, one-cabinet package. Both product lines have been replaced by the ASA 5500-X family of security appliances with Firepower. (Refer to configuration and troubleshooting support for ASA 5500-X firewalls with Firepower Services.) Still, PIX and first-generation ASA 5500 Series adaptive security appliances are widely used and continue to deliver small and mid-size companies a viable security environment.

Cisco PIC and the original ASA 5500 firewalls offer robust user and program policy enforcement, mutlivector assault protection, and secure access features. The enhanced intelligence sharing of integrated security services in a stand-alone platform provides users implementing these integrated solutions the advantages of enhanced security, reduced cost of ownership, and smaller maintenance expense.

PIX security appliances and the ASA 5500 Series join IOS Firewall, the FWSM for Catalyst 6500 switches, and Cisco 7600 family routers as parts of Cisco's flexible, integrated firewall line. Engineered with an expandable, building-block platform, each offering is designed with a particular feature set to deliver more efficient security to a variety of network environments. These solutions can be individually deployed to protect certain facets of a network environment, or can be combined for a layered, protection-in-depth approach following the design best practices described in Cisco's SAFE framework. Rounding out the modular firewall solutions, Cisco provides a complete security management product portfolio, ranging from Cisco security appliance and IOS security features and embedded appliance managers, to self-contained management programs, moving to make sure that customers can effectively use their Cisco protection solution investments.

PIX Security Appliance Series
PIX firewalls deliver robust policy support, multi-source invasion protection, and secure networking services in cost-effective, out-of-the-box solutions. These specialized appliances provide a broad range of integrated protection and networking capabilities such as process-aware firewall features, VoIP and multimedia protection, robust multi-site and remote-connectivity IPcec VPN connectivity, fault tolerance, smart networking services, and flexible administration solutions. The PIX firewall Appliance family spans compact plug-and-go devices for small or at home offices to stackable gigabit appliances with ROI for enterprise and service-provider customers, PIX firewalls deliver high levels of security, performance, and reliability for environments of any size.

Based upon a tested, specialized software platform that offers rich security services, Cisco PIX security appliances provide a high level of security and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security qualification. Cisco PIX firewall appliances provide protection for a broad range of Voice over IP and other mixed-media conventions such as H.323 v. 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, enabling businesses to protect installations of a broad range of current and next-generation VoIP and mixed-media applications.

Cisco PIX firewall appliances offer a wealth of configuration, tracking, and analysis options, providing businesses the versatility to use the methods that best match their needs. Administrative solutions include common, policy-based administration tools, integrated web-based management, and compatibility with remote-tracking standards like Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM system provides a world-class web-accessible control platform that significantly streamlines the installation, ongoing configuration, and tracking of a specific Cisco PIX firewall appliance without requiring any additional utility other than a standard browser and Java applet to be installed on an administrator's PC.

Administrators can furthermore remotely configure, monitor, and analyze Cisco PIX security appliances via a command-line interface (CLI). Secure command-line interface access is possible through a number of methods including Secure Shell Protocol, Telnet through IP Security, and out-of-band through a console port. PIX firewall appliances also include dependable automatic-update features, a set of secure remote-management options that make sure that security settings and software images are kept current.

Cisco Adaptive Security Appliances (ASA) Firewalls
Cisco ASA 5500 Series Firewalls are purpose-built solutions that incorporate market-proven, best-of-breed protection and Virtual Private Network support plus a flexible design. The end product is a powerful, versatile network protection appliance better suited to protect small and medium company and larger networks and, simultaneously, reduce the overall installation and maintenance costs formerly associated with this high level of protection.

Cisco ASA 5500 Series firewalls deliver strong application protection through intelligent, application-aware inspection processes that examine traffic at Layers 4-7. This results in a better protected environment covering web, voice, and mobile wireless access. To protect networks from application-layer attacks and to offer businesses greater policing of the programs and protocols utilized in their environments, Cisco's inspection engines incorporate extensive application and protocol knowledgebases and employ security enforcement solutions such as anomaly sensing and state tracking. Also incorporated are attack sensing and remediation technology including application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide management of IM and peer-to-peer file sharing, allowing organizations to enforce usage policies and free up network bandwidth for important business processes.

While improving security, Cisco Adaptive Security Appliances firewalls also decrease installation and support expenses. By providing extensive Virtual Private Network and security functions, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be a single device for a multitude of environments, allowing platform commonality. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be deployed as a converged threat-protection device at a central location by leveraging its connectivity control, process inspection, and worm, virus, and other malware mitigation capabilities. The Cisco Adaptive Security Appliances firewall can also be used as a dedicated remote access device using its Virtual Private Network capabilities. As another option, the Cisco Adaptive Security Appliances (ASA) firewall performs equally well inside the network for interdepartmental access control and to guard against malware inside workers might inadvertently release into the network. In small business and satellite office networks, the Cisco Adaptive Security Appliances firewall acts as a total solution device offering comprehensive intrusion prevention and VPN functionality while fitting within the budgets and operational demands of such deployments.

This versatile one-platform, multiple-use design reduces the number of devices that need to be deployed and maintained while offering a standard operating and administrative system throughout all those installations. This architecture simplifies the training of configuration, monitoring, troubleshooting, and security personnel. To further reduce maintenance expenses, Cisco Adaptive Security Appliances 5500 Series firewalls are also exceptionally network conscious, allowing these devices to insert gracefully into the network without interfering with authorized traffic and processes.

How Progent's Cisco Certified Experts Can Help You with Cisco Firewalls
Cisco ASA Series firewalls and PIX family firewalls provide a wealth of setup, monitoring, and troubleshooting features that give you the ability to configure these security appliances to align optimally with your company's requirements. Progent's CCIE certified network professionals can assist you to maintain your current network infrastructure that incorporates Cisco ASA and/or PIX firewalls and that offers protection, resilience, throughput, and manageability. Progent can also help your organization to migrate to ASA 5500-X firewalls with Firepower Services.

Progent's GISA and CISM-certified information security engineers can assist your business to create a security strategy appropriate for your business and can set up your security appliance to support your security strategy. Progent's security evaluation professionals can assess the strength of your existing firewall deployment and help determine the overall security of your entire IT network. Progent's Help Desk Call Center can provide emergency online troubleshooting for Cisco technology and can give you fast access to a Cisco CCIE expert.

To find out additional information concerning Progent's professional support for Cisco technology, select a topic:

• Introduction to Cisco Engineering Services
• Timely Online Access to a Cisco Certified Internetwork Expert (CCIE) Network Engineer
• Cisco Firepower NGFW Series Firewalls: Configuration and Troubleshooting Expertise
• Cisco ASA 5500-X Series Firewall with Firepower Services: Setup and Management Expertise
• ASA 5500 Firewall Consulting Help
• Cisco Routers Consulting Services
• Cisco Wireless Deployment Help
• Cisco Aironet Wireless APs Deployment Support
• Cisco Small Business 100, 300 and 500 WiFi APs Engineering Expertise
• Catalyst Wi-Fi 6/6E Wireless APs Solution Design, Configuration and Troubleshooting Services
• Cisco Wireless Controllers Support Services
• Meraki Access Points Design Services
• Cisco Unified Communications Manager (CUCM or Unified CM) and Cisco CallManager Integration and Technical Support
• Cisco VoIP Phones and IP Video Phones Consulting Services and Cisco Wireless VoIP Phone Integration
• Cisco Jabber Deployment Expertise
• Catalyst Switches Engineering Expertise
• Cisco Nexus Switches Support and Troubleshooting Services
• Meraki Switches Deployment Services
• Cisco VPN and Network Security Consulting Expertise
• SIP and CUBE Integration Solutions: SIP Trunks and Cisco CUBE Integration Consulting
• Cisco Duo MFA Two-factor Authentication Services for Remote Workers
• Infrastructure Design for Cisco-powered Datacenters and Colocation Centers
• Data Center Optimization Services for Internet Service Providers
• Unified Cloud-based and Hybrid Network Management Strategies for Cisco-based Environments