Cisco PIX security appliances and ASA 5500 Series adaptive security appliances integrate next-generation firewall, intrusion defense, and VPN functionality in an affordable, single-box format. Both product families have been superseded by the ASA 5500-X series of security appliances with Firepower. (Refer to configuration and troubleshooting help with ASA 5500-X firewalls with Firepower Services.) Still, both PIX and earlier-generation Cisco ASA 5500 Series adaptive security appliances are extensively used and continue to provide small and mid-size companies a viable security solution.

Cisco PIC and the original ASA 5500 firewalls deliver powerful user and application policy enforcement, mutlivector assault protection, and safe access services. The enhanced knowledge sharing of consolidated security services in a single platform offers customers deploying these integrated firewalls the benefits of advanced protection, lower cost of ownership, and smaller management costs.

PIX firewalls and Cisco's ASA 5500 Series join IOS Firewall, the FWSM for Cisco Catalyst 6500 Series switches, and Cisco 7600 routers as components of Cisco's flexible, integrated firewall line. Based on a scalable, building-block approach, each device is designed with a particular array of options to deliver more efficient protection to different network situations. These products can be independently installed to protect specific areas of the connectivity infrastructure, or can be grouped for a systematic, defense-in-depth approach based on the design best practices outlined in the Cisco SAFE framework. Rounding out the modular firewall solutions, Cisco provides a complete security management product portfolio, spanning Cisco security device and IOS Software security features and embedded appliance controllers, to standalone management programs, moving to ensure that businesses can productively use their Cisco protection infrastructure purchases.

Cisco PIX Firewall Appliances
Cisco PIX Security Appliance Series offer robust user and application policy support, multi-source attack protection, and secure connectivity features in cost-effective, simple-to-configure modules. These specialized appliances provide a broad range of integrated protection and networking capabilities including process-aware firewall services, Voice over IP (VoIP) and multimedia protection, robust multi-site and remote-access IPcec Virtual Private Network (VPN) networking, high availability, smart networking services, and versatile administration options. The PIX Security Appliance Series product line spans small plug-and-go devices for small and home offices to stackable gigabit products with ROI for large business and service-provider customers, Cisco PIX Security Appliance Series provide high levels of protection, performance, and availability for environments of any size.

PIX Firewalls Support

Based upon a tested, purpose-built OS that offers rich protection services, Cisco PIX firewall appliances offer excellent protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. Cisco PIX firewalls provide security for a broad range of VoIP and additional mixed-media standards including H.323 Version 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping businesses to protect installations of a wide array of contemporary and next-generation Voice over IP and video applications.

PIX firewalls offer a wealth of configuration, tracking, and troubleshooting options, providing businesses the flexibility to utilize the techniques that most closely meet their requirements. Management options include common, policy-based administration tools, integrated web-accessible management, and compatibility with remote-tracking standards such as Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager interface provides a world-class web-based management solution that greatly streamlines the installation, ongoing modification, and monitoring of a single PIX security appliance without the need of any extra software beyond a standard browser and Java applet to be installed on a manager's computer.

Administrators can also remotely configure, track, and analyze PIX security appliances via a command-line interface. Secure CLI interface access is possible through several techniques such as Secure Shell (SSHv2) Protocol, Telnet over IPsec, and out-of-band through a console port. PIX firewalls also include robust automatic-update capabilities, a collection of protected remote-administration options that ensure firewall configurations and software images are kept current.

Cisco Adaptive Security Appliances Firewalls
Cisco ASA Firewalls are specially engineered solutions that incorporate market-proven, industry-leading protection and VPN services plus a flexible architecture. The result is a powerful, versatile network protection appliance better able to defend small and medium business (SMB) and enterprise networks and, at the same time, lower the total installation and operations expenses formerly required for this enhanced degree of security.

Cisco Adaptive Security Appliances (ASA) Firewalls Consulting Firm
Cisco Adaptive Security Appliances (ASA) Firewalls build on technology developed for Cisco's PIX 500 Series Security Appliance, Cisco's IPS 4200 Series sensor, and Cisco's VPN 3000 family concentrator. These technologies enable the Cisco ASA 5500 Series Firewall product line to offer a platform that stops a wide range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide application protection, network containment and control, and clean VPN functionality throughout Cisco's product line. This breadth of protection allows the guarding of any network area, including the most common attack conduits such as remote sites, LAN-attached inside users, and off-site access VPNs.

Cisco ASA 5500 Series firewalls deliver a high-level of application protection via smart, application-aware inspection processes that examine network flows at Layers 4-7. The result is a safer environment including web, voice, and mobile wireless access. To defend environments from application-layer attacks and to give businesses more control over the applications and protocols used in their environments, Cisco's inspection engines integrate broad application and protocol knowledge and employ protection enforcement technologies such as protocol anomaly sensing and application and protocol state monitoring. Also incorporated are assault detection and remediation technology such as application and protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver management of instant messaging and peer-to-peer file sharing, allowing businesses to enforce usage policies and recover bandwidth for crucial business applications.

At the same time as increasing network security, Cisco Adaptive Security Appliances firewalls also lower installation and operational expenses. By offering broad VPN and protection functions, the Cisco ASA firewall can be a single device for many environments, enabling product standardization. The Cisco Adaptive Security Appliances (ASA) firewall can be used as a converged attack-protection device at the datacenter by taking advantage of its access control, application inspection, and malicious assault remediation capabilities. The Cisco Adaptive Security Appliances 5500 Series firewall can also be deployed as a specialized remote connectivity device utilizing its VPN capabilities. Alternatively, the Cisco ASA 5500 Series firewall serves capably in the network interior for inter-office connectivity control and to defend against worms, viruses, and other malicious code inside users may inadvertently introduce into the network. In small business and satellite office networks, the Cisco ASA 5500 Series firewall acts as a total solution platform providing comprehensive intrusion defense and Virtual Private Network functionality while suiting the budgets and performance models of these situations.

This versatile single-device, multiple-solution approach minimizes the number of devices that need to be deployed and managed while providing a common functional and management system throughout all installations. This approach streamlines the training of configuration, monitoring, support, and protection personnel. To further reduce maintenance costs, Cisco Adaptive Security Appliances (ASA) firewalls are also exceptionally network conscious, enabling them to integrate gracefully into the network without interfering with authorized data flow and processes.

How Progent's Cisco Certified Experts Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco's ASA 5500 Series firewalls and PIX family firewalls provide an array of configuration, tracking, and analysis options that offer you the ability to configure these firewalls to align optimally with your business requirements. Progent's CCIE authorized network consultants can show you how to maintain your current network infrastructure that includes Cisco ASA and/or PIX security appliances and that offers protection, fault tolerance, throughput, and manageability. Progent's firewall experts can also help your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.

Progent's GISA and CISSP-ISSP-certified information security consultants can assist you to develop a security policy that makes sense for your environment and can configure your security appliance to enforce your security policies. Progent's security assessment engineers can assess the effectiveness of your existing firewall solution and validate the security of your entire IS environment. Progentís Technical Response Center (TRC) can deliver emergency online troubleshooting for Cisco technology and offer fast access to a Cisco CCIE expert.

To learn additional information about Progent's consulting assistance for Cisco solutions, pick a subject:

To contact Progent about consulting support for Cisco networking, call 1-800-993-9400 or see Contact Progent.