Cisco PIX security appliances and ASA Series adaptive security appliances combine comprehensive firewall, intrusion defense, and Virtual Private Network (VPN) functionality in a cost-effective, one-cabinet format. Both of these product lines have been replaced by the ASA 5500-X family of security appliances with Firepower Services. (See configuration and troubleshooting help with ASA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and previous-generation ASA 5500 Series adaptive security appliances are extensively used and continue to provide small and mid-size companies a reliable security environment.
PIX and the original ASA 5500 firewalls offer robust client and program policy enforcement, mutlivector attack defense, and safe connectivity services. The enhanced knowledge sharing of integrated security features in a stand-alone platform provides users implementing these integrated solutions the advantages of enhanced security, reduced TCO, and smaller maintenance expense.
PIX security appliances and Cisco's ASA 5500 Series join IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 Series switches, and Cisco 7600 routers as parts of Cisco's versatile, self-contained firewall solutions. Engineered with a scalable, modular approach, every offering is designed with a particular array of options to deliver better protection to a variety of networking environments. These products can be independently installed to secure certain facets of a connectivity environment, or can be grouped for a layered, defense-in-depth approach following the architecture best practices outlined in the Cisco SAFE Blueprint. Completing the modular firewall solutions, Cisco provides a complete security management offering, spanning Cisco security appliance and Cisco IOS Software security components and built-in appliance controllers, to standalone management utilities, moving to ensure that customers can productively use their Cisco security infrastructure purchases.
Cisco PIX firewalls offer reliable policy support, multi-source attack protection, and safe networking services in affordable, simple-to-configure modules. These purpose-built appliances offer a wealth of integrated security and connectivity capabilities such as process-aware firewall services, Voice over IP and multimedia protection, reliable site-to-site and remote-access IPcec Virtual Private Network networking, high availability, smart networking services, and flexible administration solutions. The PIX Security Appliance Series product line ranges from compact plug-and-go desktop units for small offices or at home offices to stackable high-bandwidth products with investment protection for large business and service-provider environments, PIX firewalls provide dependable protection, speed, and availability for networks of all sizes.
Built around a hardened, specialized operating system that delivers a wealth of security features, Cisco PIX firewalls provide a high level of security and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IPsec qualification. PIX firewall appliances provide protection for a wide range of VoIP and other mixed-media standards such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol, helping organizations to protect installations of a wide range of current and next-generation VoIP and multimedia applications.
Cisco PIX firewalls offer a variety of setup, tracking, and analysis options, giving IT managers the flexibility to use the techniques that best match their needs. Management solutions include centralized, policy-based administration utilities, integrated web-based management, and compatibility with remote-tracking protocols like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a world-class web-based management platform that greatly streamlines the deployment, in-place modification, and tracking of a specific Cisco PIX firewall appliance without requiring any additional utility other than an ordinary web browser and Java applet to be installed on an administrator's computer.
Administrators can also remotely set up, monitor, and troubleshoot Cisco PIX firewall appliances using a command-line interface. Secure CLI interface access is possible through a number of techniques including Secure Shell Protocol, Telnet through IPsec, and out-of-band through a console port. Cisco PIX security appliances also include dependable auto-update capabilities, a set advanced protected remote-administration services that ensure security settings and software images are always up to date.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls are purpose-built solutions that incorporate advanced, best-of-breed protection and Virtual Private Network support with an adaptive architecture. The end product is a robust, multifunction network security appliance better suited to defend small and midsize business and larger networks and, simultaneously, reduce the overall deployment and maintenance expenses formerly associated with this high level of protection.
Cisco ASA Firewalls leverage engineering developed for the PIX 500 Series firewall, the IPS 4200 sensor, and the VPN 3000 family concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to offer a platform that stops a wide range of attacks. Cisco Adaptive Security Appliances Firewalls deliver program protection, network containment, and clean Virtual Private Network functionality throughout the entire product line. This breadth of protection enables defense of any network area, including the most typical threat conduits like remote locations, locally-connected internal users, and remote access VPNs.
Cisco Adaptive Security Appliances firewalls provide robust application security through smart, application-sensitive inspection processes that analyze network flows at Layers 4-7. This produces a better protected environment including web, voice, and mobile wireless access. To protect environments from application-layer assaults and to offer businesses more policing of the applications and protocols used in their networks, Cisco's inspection engines integrate broad application and protocol knowledge and employ protection enforcement technologies that include protocol anomaly detection and state tracking. Also included are attack detection and mitigation techniques such as application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver control over IM and tunneling applications, enabling organizations to police usage policies and free up network bandwidth for important business processes.
At the same time as increasing security, Cisco Adaptive Security Appliances firewalls also decrease installation and operational costs. By offering broad VPN and security services, the Cisco ASA 5500 Series firewall can be a the only platform for a multitude of environments, enabling platform standardization. The Cisco Adaptive Security Appliances (ASA) firewall can be used as a converged threat-protection appliance at a central location by taking advantage of its access control, application inspection, and worm, virus, and other malware remediation capabilities. The Cisco Adaptive Security Appliances 5500 Series firewall can also be deployed as a dedicated remote connectivity device utilizing its VPN capabilities. As another option, the Cisco Adaptive Security Appliances firewall serves equally well in the network interior for inter-office connectivity control and to defend against malicious assaults internal users might unknowingly release into the environment. For small business and branch office networks, the Cisco Adaptive Security Appliances firewall acts as an all-in-one device providing comprehensive intrusion defense and VPN services while fitting within the cost structure and performance demands of such deployments.
This adaptive one-device, many-use design reduces the number of devices that need to be deployed and maintained while providing a standard operating and management environment across all installations. This approach streamlines the education of configuration, monitoring, support, and security personnel. To further reduce maintenance costs, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also highly network aware, allowing them to insert seamlessly into the environment without disrupting legitimate data flow and applications.
How Progent's Cisco Certified Experts Can Help You with Cisco PIX and ASA Security Appliances
Cisco's ASA 5500 Series firewalls and PIX family security appliances provide an array of setup, tracking, and analysis options that offer you the flexibility to set up these security appliances to match your company's requirements. Progent's CCIE certified network consultants can show you how to maintain your existing network infrastructure that includes Cisco ASA or PIX security appliances and that provides security, resilience, performance, and manageability. Progent can also help you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified information security engineers can help you to develop a security strategy appropriate for your situation and can configure your firewall to support your security strategy. Progent's security assessment experts can assess the effectiveness of your existing firewall deployment and audit the security of your entire IS environment. Progentís Technical Response Center (TRC) can provide urgent remote troubleshooting for Cisco technology and can give you quick access to a Cisco CCIE expert.
To learn more information concerning Progent's consulting help for Cisco solutions, pick a subject:
To contact Progent about technical expertise for Cisco networking, call 1-800-993-9400 or visit Contact Progent.