Cisco PIX firewalls and ASA 5500 Series adaptive security appliances integrate next-generation firewall, intrusion protection, and Virtual Private Network functionality in an affordable, one-cabinet package. Both of these product lines have been superseded by the ASA 5500-X series of firewalls with Firepower. (See configuration and debugging support for ASA 5500-X firewalls with Firepower Services.) Still, both PIX and first-generation Cisco ASA 5500 Series adaptive security appliances are extensively used and continue to deliver small and mid-size organizations a viable firewall environment.

PIX and legacy ASA 5500 firewalls offer robust user and program policy support, mutlivector assault protection, and safe access services. The increased knowledge sharing of consolidated protection services in a single platform provides customers implementing these aggregated firewalls the benefits of advanced protection, reduced cost of ownership, and minimal management expense.

PIX security appliances and the ASA 5500 family join IOS Firewall, the FWSM for Cisco Catalyst 6500 switches, and Cisco 7600 family routers as components of Cisco's flexible, integrated firewall solutions. Based on a scalable, building-block platform, each offering is equipped with a particular array of options to provide more efficient security to a variety of network environments. These products can be individually installed to secure certain areas of a network environment, or can be combined for a systematic, defense-in-depth strategy based on the design leading practices outlined in Cisco's SAFE framework. Rounding out the modular firewall solutions, Cisco has developed a comprehensive security management product portfolio, spanning Cisco security device and Cisco IOS Software security components and built-in appliance controllers, to standalone management applications, helping to ensure that businesses can productively manage their Cisco security solution purchases.

Cisco PIX Firewall Appliances
Cisco PIX Security Appliance Series deliver reliable user and application policy enforcement, multi-source invasion protection, and secure connectivity services in economical, out-of-the-box solutions. These specialized devices provide a broad range of built-in protection and networking capabilities including process-aware firewall services, Voice over IP (VoIP) and multimedia security, robust multi-site and remote-access IP Security VPN connectivity, high availability, smart networking features, and versatile management options. The PIX Security Appliance Series product line spans small plug-and-go devices for small or at home offices to modular high-bandwidth products with investment protection for large business and ISP environments, Cisco PIX firewall appliances deliver dependable security, speed, and reliability for environments of all sizes.

PIX Firewalls Consulting

Based upon a hardened, purpose-built software platform that offers rich protection features, Cisco PIX firewalls offer a high level of protection and have been awarded EAL 4 status and ICSA Firewall and IP Security (IPsec) certification. PIX firewall appliances offer security for a wide array of VoIP and other multimedia conventions including H.323 Version 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol, enabling businesses to safeguard deployments of a broad array of current and upcoming Voice over IP and video applications.

PIX firewall appliances feature a variety of configuration, monitoring, and troubleshooting options, providing IT managers the flexibility to use the techniques that most closely meet their needs. Management solutions include common, policy-based management tools, integrated web-based management, and compatibility with remote-monitoring protocols like Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager system offers a powerful web-accessible control solution that significantly streamlines the installation, ongoing modification, and tracking of a single Cisco PIX firewall appliance without the need of any extra utility beyond an ordinary web browser and Java applet to be installed on an administrator's PC.

Administrators can also remotely set up, monitor, and troubleshoot Cisco PIX security appliances via a CLI interface. Safe CLI interface access is possible through several methods including SSHv2 Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewall appliances also have dependable automatic-update capabilities, a collection of protected remote-administration options that ensure security configurations and software images are kept current.

Cisco Adaptive Security Appliances Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls are purpose-built solutions that incorporate advanced, best-of-breed protection and VPN services with a flexible design. The result is a robust, multifunction network protection appliance better suited to protect small and medium business and larger networks and, at the same time, reduce the overall installation and operations costs formerly required for this high degree of security.

Cisco Adaptive Security Appliances (ASA) Firewalls Experts
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage technology developed for Cisco's PIX 500 Series Security Appliance, the IPS 4200 Intrusion Prevention System, and Cisco's VPN 3000 Series concentrator. These technologies converge on the Cisco ASA 5500 Series Firewall family to deliver a platform that defends against a wide range of threats. Cisco Adaptive Security Appliances Firewalls deliver application protection, local containment, and clean VPN functionality throughout Cisco's product line. This broad scope of protection enables defense of any network area, including the most common attack vectors like remote locations, LAN-connected inside users, and remote access Virtual Private Networks.

Cisco Adaptive Security Appliances (ASA) firewalls deliver robust application security through intelligent, application-sensitive inspection processes that examine network flows at Layers 4-7. The result is a safer network covering web, voice, and mobile wireless connectivity. To protect networks from application-layer assaults and to give businesses more policing of the programs and protocols used in their networks, Cisco's inspection engines incorporate extensive application and protocol knowledge and employ security enforcement technologies such as anomaly sensing and application and protocol state monitoring. Also included are assault sensing and mitigation techniques such as application and protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide control over IM and tunneling applications, enabling businesses to enforce usage policies and preserve bandwidth for crucial business applications.

At the same time as increasing network protection, Cisco Adaptive Security Appliances (ASA) firewalls also decrease deployment and operational expenses. By providing extensive Virtual Private Network and security services, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as the the only platform for many uses, enabling product standardization. The Cisco ASA firewall can be deployed as a consolidated threat-prevention appliance at the datacenter by leveraging its connectivity control, process inspection, and malware remediation technologies. The Cisco Adaptive Security Appliances (ASA) firewall can also be deployed as a dedicated remote connectivity solution using its Virtual Private Network features. As another option, the Cisco Adaptive Security Appliances (ASA) firewall performs equally well in the network interior for inter-office connectivity control and to guard against malicious assaults inside workers might inadvertently release into the environment. In small company and branch office environments, the Cisco ASA firewall acts as a total solution device providing comprehensive threat defense and Virtual Private Network functionality while suiting the cost structure and performance models of such deployments.

This versatile single-platform, many-use design reduces the total number of devices that need to be deployed and managed while providing a standard operating and management system across all installations. This architecture simplifies the education of configuration, monitoring, troubleshooting, and protection staff. To further minimize operations costs, Cisco Adaptive Security Appliances firewalls are also highly network conscious, allowing them to insert seamlessly into the network without interfering with legitimate data flow and processes.

How Progent's Consultants Can Assist You with Cisco Firewalls
Cisco ASA Series adaptive security appliances and PIX security appliances incorporate a wealth of setup, monitoring, and troubleshooting features that give you the flexibility to configure these security appliances to align optimally with your business needs. Progent's CCIE authorized network professionals can assist you to maintain your current network infrastructure that includes Cisco ASA or PIX security appliances and that provides protection, fault tolerance, performance, and manageability. Progent's firewall experts can also help your organization to migrate to ASA 5500-X firewalls with Firepower Services.

Progent's GISA and CISSP-ISSP-premier IS security experts can help you to create a security strategy that makes sense for your situation and can set up your firewall to enforce your security policies. Progent's security evaluation engineers can assess the strength of your current firewall solution and validate the security of your entire IS environment. Progentís Technical Response Center can deliver urgent online troubleshooting for Cisco technology and offer fast access to a Cisco CCIE expert.

To see additional information concerning Progent's professional help for Cisco products, select a topic:

To contact Progent about technical assistance for Cisco networking, phone 1-800-993-9400 or visit Contact Progent.