Cisco PIX security appliances and ASA 5500 Series firewalls combine next-generation firewall, intrusion defense, and Virtual Private Network (VPN) features in a cost-effective, one-cabinet package. Both product lines have been superseded by Cisco's ASA 5500-X family of firewalls with Firepower. (See integration and debugging help with Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and earlier-generation Cisco ASA 5500 model adaptive security appliances are extensively deployed and continue to offer small and mid-size organizations a reliable firewall environment.
Cisco PIC and legacy ASA 5500 firewalls deliver robust user and application policy enforcement, mutlivector attack defense, and secure access services. The increased knowledge sharing of consolidated security services in a single package provides users deploying these aggregated firewalls the benefits of advanced protection, lower TCO, and smaller management costs.
PIX firewalls and the ASA 5500 product line join Cisco IOS Firewall, the FWSM for Cisco Catalyst 6500 family switches, and Cisco 7600 family routers as parts of Cisco's flexible, integrated firewall solutions. Engineered with a scalable, building-block approach, each device is designed with a particular feature set to deliver better security to a variety of networking situations. These solutions can be individually deployed to protect certain areas of a network environment, or can be combined for a systematic, defense-in-depth strategy following the architecture leading practices outlined in the Cisco SAFE Blueprint. Rounding out the integrated firewall product line, Cisco provides a comprehensive security management catalog, ranging from Cisco security device and Cisco IOS Software security features and embedded device managers, to standalone management utilities, moving to make sure that businesses can effectively manage their Cisco protection infrastructure investments.
Cisco PIX Security Appliance Series
Cisco PIX firewall appliances offer reliable user and application policy enforcement, multivector invasion protection, and safe networking services in affordable, simple-to-configure modules. These specialized devices offer a broad range of integrated protection and networking capabilities such as process-aware firewall services, VoIP and multimedia protection, robust multi-site and remote-connectivity IP Security (IPsec) VPN connectivity, excellent resiliency, intelligent networking features, and flexible administration solutions. The PIX firewall product line ranges from small plug-and-go devices for small or home offices to modular gigabit products with investment protection for enterprise and service-provider environments, PIX firewalls deliver dependable security, performance, and availability for network environments of all sizes.
Based upon a hardened, purpose-built operating system that delivers rich security features, PIX firewall appliances offer a high level of security and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IPsec certification. PIX security appliances provide protection for a broad array of Voice over IP and other mixed-media standards including H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol (MGCP), enabling businesses to safeguard deployments of a wide array of contemporary and upcoming VoIP and mixed-media applications.
Cisco PIX firewalls feature a variety of configuration, tracking, and troubleshooting features, providing businesses the versatility to utilize the techniques that best meet their needs. Management solutions include centralized, policy-based management utilities, integrated web-based management, and compatibility with remote-tracking protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface offers a world-class web-based control solution that greatly simplifies the deployment, in-place modification, and monitoring of a single Cisco PIX security appliance without requiring any additional utility other than a standard web browser and Java plug-in to be installed on an administrator's PC.
IT managers can furthermore remotely set up, monitor, and analyze PIX firewalls via a CLI interface. Safe CLI interface communication is available through several techniques including Secure Shell Protocol, Telnet through IPsec, and out-of-band via a console port. PIX firewalls also include dependable automatic-update capabilities, a collection of secure remote-administration services that ensure security configurations and software images are kept current.
Cisco Adaptive Security Appliances Firewalls
Cisco Adaptive Security Appliances Firewalls are purpose-built devices that incorporate advanced, industry-leading security and Virtual Private Network services plus a flexible design. The result is a robust, versatile network security appliance better able to defend small and medium company and enterprise networks and, at the same time, lower the overall deployment and maintenance expenses formerly required for this high degree of protection.
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage technology developed for the PIX 500 firewall, the Cisco IPS 4200 Series Intrusion Prevention System, and the VPN 3000 family concentrator. These solutions enable the Cisco Adaptive Security Appliances 5500 Series Firewall product line to offer a platform that stops a wide range of attacks. Cisco Adaptive Security Appliances Firewalls provide program security, network containment and control, and safe Virtual Private Network functionality across Cisco's product portfolio. This breadth of protection enables the guarding of any network segment, which includes the most common attack vectors such as remote sites, LAN-connected inside users, and remote connected Virtual Private Networks.
Cisco ASA firewalls deliver a high-level of application protection through smart, application-sensitive inspection engines that analyze network flows at Layers 4-7. The result is a safer network including web, voice, and mobile wireless access. To protect networks from application-layer attacks and to give organizations greater policing of the programs and protocols used in their networks, these inspection engines integrate broad application and protocol knowledgebases and rely on protection enforcement technologies such as anomaly detection and application and protocol state tracking. Also included are assault sensing and remediation techniques including application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver control over IM and tunneling applications, allowing businesses to police usage policies and free up bandwidth for crucial business processes.
At the same time as improving network protection, Cisco ASA firewalls also lower deployment and operational expenses. By providing extensive VPN and security services, the Cisco Adaptive Security Appliances firewall can be used as the single device for a multitude of uses, enabling platform commonality. The Cisco Adaptive Security Appliances 5500 Series firewall can be deployed as a consolidated attack-prevention appliance at a central location by taking advantage of its access control, process inspection, and malicious assault mitigation capabilities. The Cisco ASA firewall can also be deployed as a specialized remote access solution using its Virtual Private Network features. Alternatively, the Cisco Adaptive Security Appliances firewall serves capably inside the network for inter-office access control and to defend against malicious assaults inside workers might inadvertently introduce into the network. In small business and satellite office environments, the Cisco Adaptive Security Appliances firewall acts as a total solution platform providing comprehensive intrusion prevention and Virtual Private Network functionality while suiting the cost structure and operational models of these deployments.
This adaptive single-device, multiple-use approach reduces the total number of appliances that must be deployed and maintained while providing a common functional and administrative system across all those installations. This architecture streamlines the training of configuration, tracking, support, and security personnel. To further minimize operations expenses, Cisco Adaptive Security Appliances 5500 Series firewalls are also exceptionally network aware, allowing them to integrate seamlessly into the network without disrupting authorized data flow and applications.
How Progent's Consultants Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco's ASA 5500 Series adaptive security appliances and PIX family firewalls provide an array of configuration, monitoring, and troubleshooting features which offer you the flexibility to deploy these security appliances to match your company's requirements. Progent's CCIE certified network experts can help you to maintain your current network infrastructure that includes Cisco ASA and/or PIX firewall technology and that provides security, resilience, performance, and recoverability. Progent can also help your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified information security engineers can help you to develop a security strategy appropriate for your situation and can set up your security appliance to support your security strategy. Progent's risk assessment professionals can assess the effectiveness of your existing firewall deployment and validate the overall security of your entire IS network. Progentís Help Desk Call Center can provide emergency remote troubleshooting for Cisco technology and offer fast access to a Cisco expert.
To find out additional details about Progent's engineering assistance for Cisco technology, pick a subject:
If you wish to ask Progent about engineering support for Cisco networking, call 1-800-993-9400 or refer to Contact Progent.