Cisco Network Consultants

Cisco's PIX firewalls and Cisco ASA 5500 Series firewalls combine next-generation firewall, intrusion protection, and Virtual Private Network features in an economical, one-box package. Both of these product families have been superseded by the ASA 5500-X series of security appliances with Firepower Services. (Refer to configuration and troubleshooting support for ASA 5500-X firewalls with Firepower Services.) Still, both PIX and earlier-generation Cisco ASA 5500 Series adaptive security appliances are widely used and continue to provide small and mid-size organizations a reliable firewall solution.

Cisco PIC and legacy ASA 5500 firewalls deliver robust client and program policy support, mutlivector attack protection, and secure access features. The enhanced intelligence sharing of consolidated protection services in a stand-alone package provides users implementing these aggregated solutions the advantages of advanced protection, lower TCO, and smaller management expense.

Cisco PIX firewalls and Cisco's ASA 5500 product line join Cisco IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 Series switches, and Cisco 7600 family routers as parts of Cisco's versatile, integrated firewall line. Engineered with a scalable, modular platform, every offering is equipped with a particular feature set to provide more efficient protection to different networking situations. These solutions can be independently installed to secure certain facets of the connectivity environment, or can be combined for a systematic, protection-in-depth strategy based on the architecture leading practices described in Cisco's SAFE framework. Rounding out the modular firewall product line, Cisco has developed a comprehensive security management offering, spanning Cisco security device and IOS Software security features and built-in device managers, to self-contained management applications, helping to make sure that customers can productively use their Cisco protection infrastructure purchases.

Cisco PIX Firewalls
PIX firewall appliances offer reliable policy enforcement, multivector attack protection, and safe connectivity features in economical, easy-to-deploy modules. These specialized devices offer a broad range of built-in security and connectivity capabilities such as application-aware firewall services, Voice over IP (VoIP) and multimedia security, robust site-to-site and remote-connectivity IP Security Virtual Private Network (VPN) connectivity, high availability, intelligent networking services, and versatile administration options. The PIX Security Appliance Series family ranges from compact plug-and-play appliances for small offices or at home offices to stackable high-bandwidth products with investment protection for large business and service-provider environments, PIX Security Appliance Series provide dependable protection, performance, and availability for environments of any size.

Built upon a tested, purpose-built software platform that offers a wealth of protection services, PIX firewall appliances offer excellent security and have received EAL 4 status and ICSA Firewall and IP Security (IPsec) certification. Cisco PIX security appliances provide protection for a broad range of Voice over IP and additional multimedia standards such as H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping businesses to protect deployments of a wide array of contemporary and next-generation Voice over IP and mixed-media applications.

PIX firewall appliances feature a wealth of setup, tracking, and analysis options, providing IT managers the flexibility to utilize the techniques that most closely meet their requirements. Management solutions include centralized, policy-based management utilities, integrated web-accessible management, and support for remote-monitoring standards such as SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a powerful web-based management platform that greatly streamlines the deployment, in-place configuration, and monitoring of a single PIX firewall without requiring any additional software other than a standard web browser and Java plug-in to be running on a manager's computer.

Administrators can also remotely configure, track, and analyze Cisco PIX security appliances using a command-line interface. Secure command-line interface (CLI) access is possible using a number of techniques such as Secure Shell (SSHv2) Protocol, Telnet through IPsec, and out-of-band through a console port. PIX firewall appliances also have robust auto-update capabilities, a collection advanced secure remote-administration services that make sure that security settings and software images are kept current.

Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco Adaptive Security Appliances Firewalls are purpose-built solutions that bring together advanced, best-of-breed security and VPN services with an adaptive architecture. The result is a robust, multifunction network protection solution better suited to protect small and midsize business and enterprise networks and, simultaneously, lower the total deployment and operations expenses formerly associated with this enhanced degree of security.

Cisco Adaptive Security Appliances (ASA) firewalls deliver strong application security via smart, application-aware inspection processes that examine traffic at Layers 4-7. This produces a safer network including web, voice, and mobile wireless connectivity. To defend environments from application-layer assaults and to offer organizations more policing of the programs and protocols utilized in their environments, Cisco's inspection engines integrate extensive application and protocol knowledge and rely on protection enforcement technologies such as anomaly sensing and application and protocol state monitoring. Also incorporated are attack sensing and mitigation techniques including application/protocol command filtering and content verification. Cisco ASA firewall inspection engines also deliver control over instant messaging and tunneling applications, allowing businesses to police usage policies and preserve network bandwidth for crucial business applications.

At the same time as improving network protection, Cisco Adaptive Security Appliances 5500 Series firewalls also decrease deployment and support costs. By providing broad Virtual Private Network and security services, the Cisco ASA firewall can be used as the single device for many uses, enabling platform standardization. The Cisco ASA 5500 Series firewall can be deployed as a consolidated threat-prevention device at a central location by leveraging its connectivity control, process inspection, and worm, virus, and other malware mitigation capabilities. The Cisco ASA 5500 Series firewall can also be deployed as a specialized remote access solution using its VPN features. Alternatively, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall operates capably inside the network for interdepartmental connectivity control and to guard against worms, viruses, and other malicious code inside workers might unwittingly release into the network. For small company and satellite office networks, the Cisco Adaptive Security Appliances firewall acts as a total solution device offering comprehensive threat prevention and Virtual Private Network services while fitting within the cost structure and performance demands of such situations.

This versatile one-platform, multiple-solution approach reduces the number of appliances that must be deployed and managed while offering a common functional and administrative system throughout all those installations. This approach streamlines the training of configuration, tracking, support, and protection staff. To further minimize operations expenses, Cisco Adaptive Security Appliances 5500 Series firewalls are also highly network conscious, enabling them to insert gracefully into the network without disrupting legitimate data flow and applications.

How Progent's Cisco Certified Experts Can Help Your Business with Cisco Firewalls
Cisco ASA 5500 Series firewalls and PIX firewalls provide an array of configuration, tracking, and troubleshooting options that offer you the ability to deploy these firewalls to match your business needs. Progent's CCIE authorized network professionals can show you how to maintain your current network infrastructure that includes Cisco ASA and/or PIX firewalls and that provides security, fault tolerance, throughput, and manageability. Progent's firewall experts can also help you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.

Progent's GISA and CISSP-ISSP-certified information security engineers can help your business to develop a security strategy appropriate for your situation and can set up your PIX or ASA firewall to support your security policies. Progent's risk assessment engineers can evaluate the effectiveness of your existing firewall deployment and help determine the security of your whole IS network. Progent's Technical Response Center can provide urgent online troubleshooting for Cisco products and offer fast access to a Cisco network engineer.

To find out more details about Progent's professional assistance for Cisco technology, choose a topic:

• Introduction to Cisco Support
• Fast and Affordable Online Assistance from a CCIE Network Engineer
• Cisco Firepower NGFW Series Firewalls: Configuration and Management Expertise
• ASA 5500-X Firewalls with Firepower: Configuration and Management Services
• Cisco ASA 5500 Firewall Management Support
• Cisco Routers Configuration and Troubleshooting Services
• Cisco Wireless Engineering Expertise
• Aironet APs Design Help
• Cisco Small Business Wireless APs Engineering Expertise
• Catalyst 802.11ax Wi-Fi 6/6E Wireless APs Planning, Configuration and Troubleshooting Expertise
• Cisco WiFi Controllers Support Services
• Meraki APs Consulting Services
• Cisco Unified Communications Manager (CUCM or Unified CM) and CallManager Configuration and Technical Support
• Cisco VoIP Phones and IP Video Phones Consulting and Wireless VoIP Phone Solutions
• Cisco Jabber Deployment Expertise
• Cisco Catalyst Switches Deployment Expertise
• Nexus Switches Support and Troubleshooting Services
• Meraki MS Switches Support and Troubleshooting Expertise
• Cisco VPN and Security Engineering Services
• SIP and CUBE Integration Solutions: SIP PSTN Trunks and Cisco CUBE Integration Expertise
• Cisco Duo MFA Two-factor Authentication Services for Telecommuters
• Infrastructure Design for Cisco-based Datacenters
• Infrastructure Design Expertise for Service Providers
• Centralized Cloud-based and Hybrid Management Technologies for Cisco-powered Infrastructure