Cisco's PIX firewalls and ASA Series firewalls combine comprehensive firewall, intrusion defense, and Virtual Private Network (VPN) technologies in an affordable, single-box format. Both of these product families have been replaced by Cisco's ASA 5500-X family of firewalls with Firepower. (Refer to configuration and troubleshooting help with ASA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and earlier-generation ASA 5500 Series firewalls are extensively deployed and continue to provide small and mid-size organizations a reliable security solution.

Cisco PIC and the original ASA 5500 firewalls offer robust client and program policy support, mutlivector assault defense, and safe access features. The increased knowledge sharing of integrated security features in a stand-alone package provides users implementing these integrated firewalls the benefits of advanced security, reduced cost of ownership, and smaller management costs.

Cisco PIX security appliances and Cisco's ASA 5500 product line combine with Cisco IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 Series switches, and Cisco 7600 family routers as parts of Cisco's versatile, integrated firewall line. Based on a scalable, modular platform, each offering is designed with a particular feature set to deliver more efficient security to different network environments. These solutions can be independently installed to protect specific facets of the connectivity infrastructure, or can be grouped for a systematic, protection-in-depth strategy following the design best practices outlined in the Cisco SAFE Blueprint. Completing the modular firewall product line, Cisco provides a complete security management offering, spanning Cisco security device and Cisco IOS Software security features and embedded appliance controllers, to standalone management utilities, moving to ensure that businesses can productively manage their Cisco protection infrastructure purchases.

PIX Security Appliance Series
Cisco PIX firewalls offer robust policy enforcement, multi-source invasion defense, and secure connectivity services in economical, easy-to-deploy modules. These specialized appliances offer a wealth of integrated security and connectivity capabilities including process-aware firewall features, Voice over IP (VoIP) and multimedia protection, reliable multi-site and remote-access IPcec Virtual Private Network (VPN) networking, fault tolerance, smart networking services, and flexible administration options. The Cisco PIX Security Appliance Series family spans compact plug-and-play desktop units for small offices and home offices to modular gigabit products with investment protection for enterprise and ISP customers, PIX firewall appliances provide high levels of protection, performance, and availability for environments of all sizes.

PIX Firewalls Consulting

Built upon a tested, specialized operating system that offers a wealth of security services, PIX firewall appliances offer a high level of security and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IPsec qualification. Cisco PIX firewall appliances offer security for a broad array of Voice over IP and additional mixed-media conventions including H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, RTSP, and MGCP, enabling organizations to protect deployments of a wide array of contemporary and next-generation VoIP and multimedia applications.

PIX firewalls feature a wealth of setup, tracking, and troubleshooting options, giving businesses the versatility to utilize the techniques that most closely meet their requirements. Administrative options include centralized, policy-based administration utilities, integrated web-accessible management, and support for remote-tracking protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager system provides a world-class web-based management platform that significantly streamlines the deployment, ongoing modification, and monitoring of a single PIX firewall without requiring any extra software other than an ordinary web browser and Java plug-in to be running on an administrator's computer.

Administrators can furthermore remotely configure, monitor, and troubleshoot PIX security appliances using a CLI interface. Secure command-line interface (CLI) communication is possible using a number of methods including SSHv2 Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. PIX firewall appliances also include robust automatic-update features, a collection of protected remote-administration options that ensure security configurations and software images/ are kept up to date.

Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances Firewalls are specially engineered solutions that incorporate advanced, industry-leading protection and Virtual Private Network services plus an adaptive architecture. The result is a powerful, multifunction network protection solution better able to defend small and midsize business and larger networks and, simultaneously, lower the total deployment and maintenance costs previously required for this high level of protection.

Cisco ASA Firewalls Experts
Cisco Adaptive Security Appliances (ASA) Firewalls leverage engineering developed for the Cisco PIX 500 Series firewall, the Cisco IPS 4200 sensor, and Cisco's VPN 3000 model concentrator. These technologies converge on the Cisco ASA 5500 Series Firewall product line to offer a firewall that defends against a wide range of threats. Cisco Adaptive Security Appliances (ASA) Firewalls deliver application security, network containment, and clean VPN connectivity throughout Cisco's product portfolio. This broad scope of security enables defense of any network section, which includes the most typical threat conduits like remote sites, LAN-connected internal users, and remote connected VPNs.

Cisco Adaptive Security Appliances firewalls provide strong application security via smart, application-aware inspection processes that examine network flows at Layers 4-7. The result is a safer environment covering web, voice, and mobile wireless services. To defend networks from application-layer attacks and to offer organizations more policing of the applications and protocols used in their environments, these inspection engines integrate extensive application and protocol knowledge and employ security enforcement technologies that include anomaly sensing and application and protocol state monitoring. Also incorporated are attack detection and mitigation techniques including application and protocol command filtering and URL deobfuscation. Cisco ASA firewall inspection engines also provide control over IM and tunneling applications, enabling organizations to police usage policies and free up bandwidth for vital business applications.

While increasing security, Cisco Adaptive Security Appliances firewalls also lower deployment and operational expenses. By offering broad VPN and security functions, the Cisco Adaptive Security Appliances 5500 Series firewall can be used as the single device for many environments, enabling product standardization. The Cisco Adaptive Security Appliances 5500 Series firewall can be used as a consolidated threat-prevention appliance at a central location by leveraging its connectivity control, application inspection, and worm, virus, and other malware remediation capabilities. The Cisco Adaptive Security Appliances (ASA) firewall can also be used as a dedicated remote connectivity solution using its Virtual Private Network capabilities. As an alternative, the Cisco Adaptive Security Appliances firewall operates equally well in the network interior for inter-office connectivity control and to guard against malicious assaults internal users may unknowingly release into the environment. In small business and satellite office environments, the Cisco Adaptive Security Appliances firewall acts as an all-in-one platform providing comprehensive threat prevention and Virtual Private Network services while fitting within the budgets and performance models of these deployments.

This adaptive single-device, multiple-use approach reduces the total number of devices that need to be deployed and managed while offering a standard functional and administrative system across all those installations. This approach simplifies the education of configuration, monitoring, troubleshooting, and protection personnel. To further reduce operations expenses, Cisco Adaptive Security Appliances 5500 Series firewalls are also highly network aware, enabling these devices to insert seamlessly into the environment without interfering with legitimate data flow and applications.

How Progent's Consultants Can Help You with Cisco PIX and ASA Security Appliances
Cisco ASA 5500 Series adaptive security appliances and PIX security appliances provide an array of configuration, tracking, and analysis options which offer you the ability to configure these firewalls to align optimally with your company's requirements. Progent's CCIE certified network professionals can help you to maintain your current network infrastructure that includes Cisco ASA and/or PIX firewall technology and that provides protection, resilience, performance, and manageability. Progent's firewall experts can also assist you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.

Progent's CISA and CISM-certified information security consultants can assist your business to create a security strategy appropriate for your business and can configure your firewall to support your security strategy. Progent's security evaluation professionals can assess the strength of your existing firewall deployment and help determine the overall security of your entire IS environment. Progentís Technical Response Center (TRC) can provide urgent remote troubleshooting for Cisco technology and offer fast access to a Cisco CCIE expert.

To see additional details concerning Progent's engineering expertise for Cisco solutions, pick a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include: To contact Progent about technical support for Cisco technology, call 1-800-993-9400 or visit Contact Progent.

More topics of interest: