Cisco PIX family security appliances and Cisco ASA Series adaptive security appliances combine next-generation firewall, intrusion defense, and VPN technologies in an economical, one-box format. Both product families have been replaced by Cisco's ASA 5500-X series of firewalls with Firepower Services. (See configuration and debugging help with ASA 5500-X firewalls with Firepower Services.) Still, PIX and first-generation ASA 5500 Series adaptive security appliances are widely used and continue to offer small and mid-size organizations a reliable firewall environment.
PIX and legacy ASA 5500 firewalls offer powerful user and program policy enforcement, mutlivector attack defense, and safe connectivity features. The enhanced knowledge sharing of consolidated security services in a stand-alone package provides users deploying these aggregated solutions the benefits of enhanced security, lower cost of ownership, and smaller maintenance expense.
Cisco PIX security appliances and the ASA 5500 Series join IOS Firewall, the Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series switches, and 7600 Series routers as parts of Cisco's flexible, integrated firewall solutions. Engineered with a scalable, building-block approach, each device is designed with a particular feature set to provide better protection to a variety of networking situations. These solutions can be individually installed to secure specific areas of the network infrastructure, or can be combined for a systematic, defense-in-depth strategy based on the design leading practices described in the Cisco SAFE framework. Completing the integrated firewall product line, Cisco has developed a complete security management catalog, ranging from Cisco security device and Cisco IOS Software security features and embedded appliance managers, to standalone management applications, helping to make sure that businesses can effectively use their Cisco security solution investments.
Cisco PIX Firewalls
Cisco PIX Security Appliance Series offer reliable user and application policy support, multivector invasion protection, and safe networking features in economical, easy-to-deploy solutions. These purpose-built appliances provide a broad range of built-in protection and connectivity services such as application-aware firewall services, VoIP and multimedia protection, robust multi-site and remote-access IPcec Virtual Private Network networking, high availability, smart networking features, and flexible administration solutions. The Cisco PIX firewall Appliance product line spans compact plug-and-go appliances for small or home offices to stackable gigabit appliances with investment protection for large business and ISP customers, Cisco PIX firewalls deliver high levels of protection, speed, and availability for network environments of all sizes.
Based upon a tested, specialized software platform that offers rich protection services, PIX firewall appliances provide a high level of protection and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IPsec certification. Cisco PIX firewall appliances offer protection for a wide range of VoIP and additional mixed-media conventions such as H.323 v. 4, SIP, Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol (MGCP), helping businesses to safeguard installations of a broad range of current and next-generation VoIP and video applications.
Cisco PIX security appliances offer a variety of configuration, tracking, and troubleshooting options, providing IT managers the versatility to utilize the techniques that best meet their requirements. Administrative options include common, policy-based management utilities, integrated web-based management, and compatibility with remote-monitoring standards such as Simple Network Management Protocol and syslog. The integrated ASDM system offers a powerful web-accessible control platform that greatly streamlines the deployment, in-place modification, and monitoring of a single Cisco PIX firewall without the need of any extra software other than a standard web browser and Java applet to be running on a manager's PC.
IT managers can furthermore remotely configure, track, and troubleshoot Cisco PIX firewall appliances using a command-line interface (CLI). Safe command-line interface access is available using a number of methods such as Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. PIX firewalls also include robust automatic-update capabilities, a set advanced secure remote-management services that make sure that firewall settings and software images are always current.
Cisco ASA 5500 Series Firewalls
Cisco ASA 5500 Series Firewalls are specially engineered solutions that bring together market-proven, industry-leading protection and Virtual Private Network services with an adaptive design. The end product is a robust, multifunction network protection solution better suited to defend small and medium business (SMB) and enterprise networks and, simultaneously, lower the total installation and maintenance expenses previously required for this enhanced degree of protection.
Cisco Adaptive Security Appliances (ASA) Firewalls build on engineering developed for the PIX 500 family Security Appliance, the Cisco IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These technologies converge on the Cisco ASA 5500 Series Firewall product line to offer a firewall that stops a wide range of threats. Cisco ASA 5500 Series Firewalls deliver program security, local containment, and safe VPN functionality throughout Cisco's product portfolio. This broad scope of security allows the guarding of any network segment, including the most common threat vectors such as remote locations, locally-connected inside users, and off-site access VPNs.
Cisco Adaptive Security Appliances firewalls provide robust application security via smart, application-sensitive inspection engines that examine traffic at Layers 4-7. This results in a more secure environment including web, voice, and mobile wireless connectivity. To defend networks against application-layer assaults and to offer organizations greater policing of the programs and protocols used in their networks, these inspection engines incorporate broad application and protocol knowledge and employ security enforcement solutions such as protocol anomaly detection and state tracking. Also incorporated are attack detection and mitigation technology including application and protocol command filters and content verification. Cisco ASA 5500 Series firewall inspection engines also provide control over instant messaging and tunneling applications, allowing businesses to police usage policies and free up network bandwidth for critical business applications.
While improving security, Cisco ASA 5500 Series firewalls also decrease installation and support expenses. By offering extensive VPN and security services, the Cisco ASA firewall can be a the only platform for many uses, allowing product standardization. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as a converged attack-protection device at the datacenter by taking advantage of its access control, process inspection, and malware remediation capabilities. The Cisco Adaptive Security Appliances firewall can also be deployed as a dedicated remote access solution utilizing its VPN capabilities. As an alternative, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves equally well in the network interior for interdepartmental access control and to defend against malicious assaults internal users might unwittingly release into the network. For small company and satellite office networks, the Cisco ASA 5500 Series firewall acts as a total solution device offering comprehensive threat prevention and VPN functionality while suiting the cost structure and operational models of such situations.
This versatile one-device, many-use approach reduces the number of devices that must be deployed and maintained while providing a standard operating and management environment throughout all installations. This approach simplifies the training of setup, tracking, support, and protection personnel. To further reduce operations expenses, Cisco Adaptive Security Appliances firewalls are also exceptionally network aware, allowing them to integrate gracefully into the network without interfering with legitimate data flow and applications.
How Progent's Cisco Certified Experts Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco ASA Series firewalls and PIX family security appliances provide an array of setup, tracking, and analysis features which offer you the flexibility to configure these security appliances to align optimally with your company's requirements. Progent's CCIE certified network experts can help you to maintain your existing infrastructure that includes Cisco ASA and/or PIX firewalls and that provides protection, resilience, throughput, and recoverability. Progent's firewall experts can also help your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-qualified IS security engineers can help your business to create a security policy that makes sense for your business and can configure your PIX or ASA firewall to enforce your security strategy. Progent's security assessment experts can evaluate the strength of your existing firewall solution and audit the overall security of your whole IT environment. Progentís Technical Response Center can provide urgent remote troubleshooting for Cisco products and can give you quick access to a Cisco CCIE expert.
To learn additional information about Progent's professional help for Cisco networking products, choose a subject:
In order to get in touch with Progent about technical expertise for Cisco networking, call 1-800-993-9400 or visit Contact Progent.