Cisco's PIX security appliances and Cisco ASA Series adaptive security appliances integrate comprehensive firewall, intrusion defense, and Virtual Private Network (VPN) technologies in an affordable, one-cabinet package. Both of these product lines have been superseded by the ASA 5500-X series of firewalls with Firepower Services. (See integration and troubleshooting support for ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and previous-generation Cisco ASA 5500 Series firewalls are widely deployed and continue to provide small and mid-size companies a viable security solution.
PIX and legacy ASA 5500 firewalls deliver powerful user and application policy support, mutlivector attack protection, and safe connectivity features. The increased knowledge sharing of integrated security features in a single package offers customers implementing these integrated solutions the advantages of advanced protection, lower TCO, and minimal management costs.
PIX security appliances and the ASA 5500 product line join Cisco IOS Firewall, the FWSM for Cisco Catalyst 6500 family switches, and Cisco 7600 Series routers as components of Cisco's flexible, self-contained firewall line. Engineered with an expandable, modular approach, every offering is designed with a specific array of options to deliver more efficient protection to different networking environments. These solutions can be individually deployed to protect specific areas of a connectivity environment, or can be grouped for a layered, defense-in-depth strategy following the architecture best practices outlined in the Cisco SAFE framework. Rounding out the integrated firewall product line, Cisco provides a complete security management product portfolio, spanning Cisco security device and Cisco IOS Software security features and embedded device controllers, to self-contained management utilities, helping to ensure that businesses can effectively use their Cisco protection solution purchases.
Cisco PIX Security Appliance Series
Cisco PIX Security Appliance Series offer robust user and application policy support, multivector invasion defense, and safe networking features in cost-effective, out-of-the-box solutions. These purpose-built appliances provide a wealth of integrated protection and connectivity capabilities including application-aware firewall services, Voice over IP (VoIP) and multimedia security, robust multi-site and remote-access IP Security Virtual Private Network (VPN) connectivity, fault tolerance, intelligent networking services, and flexible management options. The Cisco PIX firewall Appliance family ranges from small plug-and-go devices for small offices or home offices to stackable gigabit products with investment protection for enterprise and ISP customers, Cisco PIX firewall appliances provide dependable security, speed, and reliability for environments of any size.
Based upon a tested, purpose-built OS that delivers rich protection features, PIX firewalls provide excellent security and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. Cisco PIX firewalls provide protection for a wide array of Voice over IP and other mixed-media standards including H.323 Version 4, SIP, Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol (MGCP), enabling organizations to protect deployments of a wide array of contemporary and next-generation Voice over IP and multimedia applications.
PIX firewalls feature a wealth of setup, tracking, and troubleshooting features, giving businesses the flexibility to use the methods that most closely match their requirements. Administrative solutions include centralized, policy-based administration tools, integrated web-based administration, and support for remote-tracking standards like Simple Network Management Protocol and syslog. The integrated ASDM interface provides a world-class web-accessible control platform that significantly simplifies the deployment, ongoing configuration, and monitoring of a specific PIX security appliance without the need of any extra software beyond an ordinary web browser and Java applet to be installed on a manager's computer.
IT managers can furthermore remotely set up, monitor, and troubleshoot PIX firewall appliances via a command-line interface (CLI). Safe CLI interface communication is available through several techniques such as SSHv2 Protocol, Telnet over IPsec, and out-of-band via a console port. PIX security appliances also have dependable automatic-update capabilities, a set of protected remote-administration options that make sure that security settings and software images are kept current.
Cisco Adaptive Security Appliances Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls are purpose-built devices that incorporate market-proven, industry-leading protection and VPN support plus an adaptive design. The result is a powerful, multifunction network protection solution better able to defend small and midsize business and larger networks and, at the same time, lower the total installation and operations expenses formerly associated with this high level of protection.
Cisco ASA 5500 Series Firewalls build on technology developed for the Cisco PIX 500 Series firewall, the IPS 4200 family sensor, and the VPN 3000 Series concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to offer a firewall that defends against a wide range of attacks. Cisco Adaptive Security Appliances Firewalls deliver application protection, network containment and control, and clean Virtual Private Network functionality across Cisco's product portfolio. This broad scope of security enables defense of any network area, which includes the most typical attack conduits such as remote sites, locally-attached internal users, and remote access VPNs.
Cisco ASA 5500 Series firewalls provide robust application security through intelligent, application-aware inspection processes that analyze traffic at Layers 4-7. The result is a better protected network including web, voice, and mobile wireless access. To defend networks against application-layer attacks and to give businesses more control over the applications and protocols used in their environments, these inspection engines integrate broad application and protocol knowledge and employ security enforcement solutions that include anomaly sensing and state tracking. Also incorporated are attack sensing and remediation techniques including application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, allowing businesses to enforce usage policies and free up bandwidth for critical business applications.
While improving network protection, Cisco ASA firewalls also lower deployment and operational expenses. By providing broad VPN and security functions, the Cisco ASA 5500 Series firewall can be used as the the only platform for many uses, enabling platform commonality. The Cisco ASA 5500 Series firewall can be deployed as a converged threat-protection device at the datacenter by taking advantage of its access control, application inspection, and malware mitigation capabilities. The Cisco ASA 5500 Series firewall can also be deployed as a specialized remote connectivity device using its Virtual Private Network capabilities. As an alternative, the Cisco Adaptive Security Appliances (ASA) firewall serves equally well in the network interior for interdepartmental access management and to defend against malware inside workers may unwittingly introduce into the environment. In small company and satellite office networks, the Cisco ASA firewall serves as an all-in-one platform providing complete threat prevention and VPN services while fitting within the budgets and performance demands of these deployments.
This versatile one-device, multiple-use design minimizes the total number of devices that need to be installed and managed while providing a common operating and management environment throughout all deployments. This architecture streamlines the training of configuration, tracking, support, and security personnel. To further reduce maintenance expenses, Cisco Adaptive Security Appliances 5500 Series firewalls are also highly network aware, enabling them to insert seamlessly into the network without interfering with authorized traffic and processes.
How Progent Can Help You with Cisco PIX and ASA Security Appliances
Cisco ASA Series firewalls and PIX security appliances incorporate a wealth of setup, monitoring, and troubleshooting options which offer you the ability to deploy these firewalls to align optimally with your company's requirements. Progent's CCIE authorized network experts can show you how to maintain your current network infrastructure that incorporates Cisco ASA and/or PIX security appliances and that provides protection, fault tolerance, throughput, and manageability. Progent's firewall experts can also help you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified information security experts can assist your business to develop a security policy appropriate for your environment and can configure your PIX or ASA firewall to support your security strategy. Progent's security assessment engineers can assess the strength of your current firewall solution and validate the security of your whole IT network. Progentís Help Desk Call Center can deliver urgent remote troubleshooting for Cisco technology and can give you quick access to a Cisco CCIE expert.
For additional information about Progent's professional support for Cisco solutions, choose a subject:
To ask Progent about consulting help for Cisco technology, call 1-800-993-9400 or visit Contact Progent.