Cisco's PIX security appliances and Cisco ASA Series firewalls integrate comprehensive firewall, intrusion protection, and VPN technologies in an affordable, one-box package. Both product families have been replaced by Cisco's ASA 5500-X series of security appliances with Firepower Services. (See configuration and debugging expertise for ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation Cisco ASA 5500 model firewalls are widely used and continue to offer small and mid-size organizations a viable firewall environment.

PIX and the original ASA 5500 firewalls deliver powerful client and application policy enforcement, mutlivector attack defense, and secure access features. The enhanced intelligence sharing of consolidated security features in a single package offers customers deploying these aggregated firewalls the advantages of enhanced protection, lower cost of ownership, and minimal maintenance expense.

Cisco PIX firewalls and Cisco's ASA 5500 Series combine with IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 switches, and Cisco 7600 family routers as components of Cisco's versatile, self-contained firewall line. Based on an expandable, modular platform, every offering is designed with a specific array of options to deliver better protection to a variety of networking situations. These solutions can be independently installed to secure certain facets of the connectivity infrastructure, or can be grouped for a systematic, defense-in-depth approach based on the design leading practices described in the Cisco SAFE Blueprint. Completing the modular firewall product line, Cisco has developed a complete security management offering, spanning Cisco security device and IOS Software security components and embedded appliance controllers, to self-contained management programs, moving to ensure that customers can productively use their Cisco security solution purchases.

PIX Security Appliance Series
PIX Security Appliance Series deliver robust policy enforcement, multi-source invasion defense, and safe networking features in affordable, out-of-the-box modules. These specialized appliances offer a broad range of integrated security and connectivity capabilities including process-aware firewall services, Voice over IP and multimedia security, robust site-to-site and remote-connectivity IP Security VPN networking, excellent resiliency, smart networking features, and flexible management solutions. The PIX firewall Appliance family spans small plug-and-play desktop units for small offices or at home offices to stackable high-bandwidth appliances with ROI for enterprise and service-provider customers, PIX Security Appliance Series provide dependable security, speed, and reliability for networks of all sizes.

Cisco PIX Firewalls Experts

Built upon a hardened, purpose-built OS that delivers rich security features, Cisco PIX security appliances offer excellent protection and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. Cisco PIX security appliances offer security for a wide range of Voice over IP and other mixed-media conventions including H.323 Version 4, Session Initiation Protocol (SIP), SCCP, RTSP, and Media Gateway Control Protocol (MGCP), enabling businesses to protect deployments of a broad array of current and upcoming IP voice and mixed-media applications.

PIX firewalls feature a wealth of configuration, tracking, and analysis options, providing IT managers the flexibility to use the methods that best match their needs. Administrative options include common, policy-based administration tools, integrated web-based management, and compatibility with remote-monitoring protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager system provides a world-class web-accessible management solution that greatly streamlines the deployment, in-place modification, and monitoring of a specific Cisco PIX firewall appliance without requiring any additional utility beyond an ordinary web browser and Java applet to be installed on an administrator's computer.

IT managers can also remotely set up, monitor, and troubleshoot PIX firewalls via a command-line interface. Safe command-line interface (CLI) communication is available using several methods such as Secure Shell (SSHv2) Protocol, Telnet over IP Security, and out-of-band via a console port. PIX security appliances also include dependable automatic-update features, a set of protected remote-administration options that make sure that firewall configurations and software images are always current.

Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco ASA 5500 Series Firewalls are specially engineered solutions that bring together market-proven, best-of-breed protection and Virtual Private Network services with a flexible design. The end product is a robust, versatile network security appliance better suited to protect small and medium business (SMB) and larger networks and, simultaneously, reduce the total installation and operations costs formerly required for this high level of security.

Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls Experts
Cisco ASA Firewalls build on technology developed for the PIX 500 family firewall, Cisco's IPS 4200 Series sensor, and the VPN 3000 model concentrator. These technologies enable the Cisco Adaptive Security Appliances Firewall product line to deliver a firewall that defends against a broad range of threats. Cisco ASA Firewalls provide program protection, local containment, and clean Virtual Private Network functionality throughout the entire product line. This breadth of protection enables the guarding of any network area, which includes the most typical threat conduits like remote sites, LAN-connected inside users, and remote connected Virtual Private Networks.

Cisco ASA firewalls deliver a high-level of application security through smart, application-sensitive inspection engines that examine network flows at Layers 4-7. This results in a more secure environment covering web, voice, and mobile wireless services. To protect networks against application-layer assaults and to give organizations greater control over the programs and protocols utilized in their networks, these inspection engines incorporate extensive application and protocol knowledgebases and rely on security enforcement technologies that include anomaly sensing and state monitoring. Also included are assault detection and remediation technology such as application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver management of IM and tunneling applications, enabling businesses to police usage policies and conserve network bandwidth for vital business applications.

At the same time as improving network protection, Cisco ASA firewalls also decrease installation and operational costs. By offering extensive Virtual Private Network and security functions, the Cisco ASA firewall can be used as the single device for a multitude of environments, allowing platform commonality. The Cisco Adaptive Security Appliances 5500 Series firewall can be used as a converged threat-protection device at a central location by leveraging its connectivity control, process inspection, and worm, virus, and other malware mitigation technologies. The Cisco ASA 5500 Series firewall can also be deployed as a dedicated remote connectivity device utilizing its VPN capabilities. As an alternative, the Cisco Adaptive Security Appliances 5500 Series firewall operates equally well inside the network for interdepartmental connectivity management and to guard against worms, viruses, and other malicious code internal workers might unwittingly introduce into the environment. For small business and satellite office environments, the Cisco Adaptive Security Appliances 5500 Series firewall acts as an all-in-one platform providing comprehensive threat prevention and Virtual Private Network services while fitting within the cost structure and performance demands of such situations.

This versatile single-platform, many-use design minimizes the total number of appliances that need to be installed and maintained while offering a standard functional and administrative system across all those deployments. This approach streamlines the training of setup, monitoring, support, and security staff. To further reduce maintenance expenses, Cisco ASA firewalls are also highly network conscious, enabling them to insert seamlessly into the network without disrupting legitimate traffic and applications.

How Progent Can Help You with Cisco PIX and ASA Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX family security appliances incorporate a wealth of configuration, monitoring, and analysis features which offer you the flexibility to configure these security appliances to align optimally with your business needs. Progent's CCIE certified network consultants can help you to support your existing network infrastructure that incorporates Cisco ASA and/or PIX firewall technology and that offers protection, fault tolerance, performance, and recoverability. Progent can also assist you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.

Progent's CISA and CISSP-ISSP-certified IS security experts can help you to create a security policy appropriate for your environment and can set up your PIX or ASA firewall to support your security policies. Progent's security assessment engineers can assess the strength of your existing firewall deployment and validate the overall security of your entire IS network. Progentís Technical Response Center can deliver emergency online technical support for Cisco technology and offer fast access to a Cisco expert.

To see additional information concerning Progent's professional assistance for Cisco technology, choose a topic:

In order to contact Progent about professional support for Cisco networking, phone 1-800-993-9400 or visit Contact Progent.