Cisco PIX family firewalls and Cisco ASA 5500 Series firewalls integrate comprehensive firewall, intrusion defense, and VPN functionality in an affordable, one-cabinet format. Both product lines have been replaced by the ASA 5500-X series of firewalls with Firepower Services. (See configuration and debugging support for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation ASA 5500 model firewalls are widely used and continue to provide small and mid-size companies a reliable security environment.

Cisco PIC and legacy ASA 5500 firewalls offer robust client and application policy support, mutlivector assault defense, and safe connectivity services. The increased intelligence sharing of integrated security features in a single platform offers users implementing these integrated firewalls the benefits of enhanced security, lower cost of ownership, and smaller maintenance costs.

Cisco PIX security appliances and the ASA 5500 Series combine with IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 switches, and 7600 Series routers as components of Cisco's flexible, self-contained firewall line. Based on a scalable, modular approach, every offering is designed with a particular feature set to provide better security to a variety of network situations. These products can be independently installed to protect certain facets of a connectivity infrastructure, or can be combined for a layered, protection-in-depth approach following the design leading practices outlined in Cisco's SAFE framework. Rounding out the modular firewall solutions, Cisco provides a comprehensive security management offering, spanning Cisco security device and IOS Software security components and embedded appliance controllers, to self-contained management utilities, helping to make sure that businesses can productively use their Cisco security infrastructure investments.

PIX Security Appliance Series
PIX Security Appliance Series offer reliable policy support, multivector invasion protection, and safe connectivity services in cost-effective, out-of-the-box modules. These purpose-built appliances provide a broad range of built-in security and connectivity services such as process-aware firewall services, Voice over IP and multimedia protection, reliable site-to-site and remote-connectivity IP Security (IPsec) VPN networking, excellent resiliency, intelligent networking services, and versatile management solutions. The PIX Security Appliance Series product line spans compact plug-and-go appliances for small and home offices to modular high-bandwidth appliances with investment protection for enterprise and ISP environments, PIX Security Appliance Series deliver high levels of protection, speed, and reliability for networks of any size.

Cisco PIX Security Consulting

Based upon a hardened, purpose-built OS that delivers rich protection features, Cisco PIX firewalls provide a high level of protection and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security qualification. Cisco PIX security appliances offer security for a broad array of Voice over IP and other multimedia conventions including H.323 v. 4, SIP, Cisco Skinny Client Control Protocol, RTSP, and MGCP, helping organizations to safeguard installations of a broad range of contemporary and next-generation IP voice and mixed-media applications.

PIX firewalls feature a variety of configuration, tracking, and troubleshooting options, providing businesses the flexibility to utilize the techniques that best match their needs. Management options include centralized, policy-based management tools, integrated web-accessible administration, and compatibility with remote-monitoring protocols like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system offers a powerful web-accessible management platform that greatly simplifies the deployment, in-place configuration, and tracking of a single Cisco PIX security appliance without requiring any extra utility other than a standard web browser and Java plug-in to be running on a manager's computer.

Administrators can furthermore remotely configure, monitor, and analyze PIX firewalls via a command-line interface. Secure command-line interface (CLI) communication is possible using several techniques including Secure Shell (SSHv2) Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewall appliances also include robust automatic-update capabilities, a set advanced protected remote-management options that make sure that security settings and software images are always up to date.

Cisco Adaptive Security Appliances Firewalls
Cisco Adaptive Security Appliances Firewalls are purpose-built solutions that incorporate advanced, best-of-breed security and Virtual Private Network services with a flexible architecture. The result is a powerful, multifunction network security solution better suited to protect small and midsize business (SMB) and enterprise networks and, simultaneously, lower the total deployment and maintenance expenses formerly associated with this high degree of protection.

Cisco Adaptive Security Appliances (ASA) Firewalls Help
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls leverage technology developed for the Cisco PIX 500 Series firewall, Cisco's IPS 4200 sensor, and Cisco's VPN 3000 family concentrator. These solutions enable the Cisco ASA 5500 Series Firewall family to deliver a firewall that defends against a broad range of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls provide program security, local containment and control, and safe Virtual Private Network connectivity throughout the entire product line. This breadth of protection allows the guarding of any network section, which includes the most typical attack conduits such as remote sites, locally-attached inside users, and remote access Virtual Private Networks.

Cisco Adaptive Security Appliances (ASA) firewalls deliver robust application security through intelligent, application-sensitive inspection processes that examine network flows at Layers 4-7. This results in a safer network covering web, voice, and mobile wireless services. To protect networks from application-layer assaults and to offer businesses more policing of the applications and protocols used in their environments, these inspection engines integrate extensive application and protocol knowledge and employ security enforcement solutions such as protocol anomaly detection and state monitoring. Also incorporated are assault detection and remediation techniques such as application/protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, allowing businesses to police usage policies and recover bandwidth for vital business applications.

At the same time as improving network security, Cisco Adaptive Security Appliances (ASA) firewalls also decrease deployment and support expenses. By offering extensive Virtual Private Network and security services, the Cisco Adaptive Security Appliances firewall can be used as the single device for a multitude of uses, allowing platform standardization. The Cisco Adaptive Security Appliances (ASA) firewall can be deployed as a converged threat-protection device at the datacenter by leveraging its connectivity control, application inspection, and malicious assault mitigation capabilities. The Cisco ASA firewall can also be deployed as a dedicated remote access device using its Virtual Private Network features. As an alternative, the Cisco Adaptive Security Appliances 5500 Series firewall serves capably in the network interior for inter-office connectivity management and to guard against malicious assaults inside users might unknowingly release into the environment. In small company and branch office networks, the Cisco ASA firewall serves as an all-in-one device providing complete threat prevention and VPN services while fitting within the budgets and operational demands of such situations.

This versatile single-platform, many-solution approach reduces the total number of appliances that need to be deployed and maintained while offering a standard functional and administrative system across all those deployments. This approach simplifies the training of setup, monitoring, troubleshooting, and protection personnel. To further minimize operations costs, Cisco ASA firewalls are also highly network conscious, enabling them to integrate gracefully into the environment without interfering with authorized data flow and applications.

How Progent's Cisco Certified Experts Can Assist You with Cisco PIX and ASA Security Appliances
Cisco ASA Series adaptive security appliances and PIX security appliances provide an array of setup, monitoring, and analysis options that give you the flexibility to configure these security appliances to match your business needs. Progent's CCIE authorized network professionals can show you how to support your current network infrastructure that incorporates Cisco ASA and/or PIX security appliances and that offers protection, resilience, throughput, and manageability. Progent's firewall experts can also assist your organization to migrate to Cisco ASA 5500-X firewalls with Firepower Services.

Progent's GISA and CISM-premier information security experts can help your business to develop a security strategy that makes sense for your business and can set up your security appliance to support your security policies. Progent's security evaluation experts can evaluate the strength of your existing firewall solution and audit the security of your entire IS network. Progentís Help Desk support team can deliver urgent remote technical support for Cisco products and can give you quick access to a Cisco expert.

To learn additional information about Progent's consulting support for Cisco networking products, select a subject:

If you wish to ask Progent about professional support for Cisco products, phone 1-800-993-9400 or go to Contact Progent.