Cisco PIX firewalls and ASA 5500 Series adaptive security appliances combine next-generation firewall, intrusion defense, and Virtual Private Network (VPN) features in a cost-effective, one-cabinet package. Both of these product lines have been replaced by Cisco's ASA 5500-X line of security appliances with Firepower. (See integration and debugging expertise for ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and earlier-generation ASA 5500 model adaptive security appliances are widely used and continue to offer small and mid-size organizations a viable security solution.
PIX and legacy ASA 5500 firewalls deliver powerful client and application policy support, mutlivector attack protection, and safe access services. The enhanced knowledge sharing of integrated security services in a single platform offers customers implementing these integrated firewalls the benefits of advanced protection, lower TCO, and smaller maintenance costs.
PIX security appliances and Cisco's ASA 5500 product line join IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 family switches, and 7600 Series routers as parts of Cisco's versatile, integrated firewall solutions. Engineered with a scalable, building-block approach, each device is equipped with a particular array of options to deliver more efficient protection to different network situations. These products can be individually installed to secure specific areas of a connectivity infrastructure, or can be grouped for a layered, protection-in-depth approach following the design best practices outlined in Cisco's SAFE framework. Completing the integrated firewall product line, Cisco has developed a comprehensive security management product portfolio, ranging from Cisco security appliance and IOS security components and embedded device managers, to standalone management applications, helping to make sure that customers can effectively manage their Cisco protection infrastructure investments.
PIX Firewall Appliances
PIX Security Appliance Series offer reliable policy enforcement, multi-source attack protection, and safe networking services in cost-effective, easy-to-deploy solutions. These purpose-built appliances provide a wealth of integrated protection and networking capabilities including process-aware firewall features, Voice over IP (VoIP) and multimedia protection, reliable multi-location and remote-connectivity IP Security Virtual Private Network networking, excellent resiliency, intelligent networking services, and flexible management options. The PIX firewall Appliance family ranges from small plug-and-play appliances for small and home offices to modular gigabit appliances with investment protection for enterprise and service-provider customers, Cisco PIX firewall appliances deliver high levels of security, speed, and availability for environments of all sizes.
Based around a hardened, specialized operating system that offers rich protection features, PIX firewalls offer a high level of protection and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IPsec certification. Cisco PIX firewall appliances provide protection for a broad range of VoIP and other multimedia conventions including H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), enabling organizations to safeguard installations of a wide range of contemporary and next-generation IP voice and multimedia applications.
Cisco PIX firewall appliances offer a wealth of setup, monitoring, and troubleshooting features, giving businesses the flexibility to use the techniques that best match their requirements. Management options include centralized, policy-based management tools, integrated web-based management, and support for remote-monitoring standards like Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a world-class web-based management solution that greatly simplifies the installation, in-place modification, and tracking of a specific Cisco PIX firewall without the need of any additional software beyond a standard browser and Java applet to be installed on an administrator's PC.
IT managers can furthermore remotely configure, monitor, and troubleshoot Cisco PIX firewalls via a command-line interface. Secure command-line interface (CLI) access is available through several techniques including Secure Shell (SSHv2) Protocol, Telnet over IPsec, and out-of-band through a console port. PIX firewall appliances also have dependable automatic-update capabilities, a collection of protected remote-management services that make sure that firewall settings and software images are kept current.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are purpose-built devices that incorporate market-proven, best-of-breed protection and Virtual Private Network support with an adaptive design. The result is a robust, multifunction network protection solution better suited to defend small and medium business (SMB) and enterprise networks and, at the same time, lower the overall deployment and operations costs previously required for this enhanced degree of security.
Cisco ASA 5500 Series Firewalls build on engineering behind the PIX 500 Series firewall, Cisco's IPS 4200 Intrusion Prevention System, and Cisco's VPN 3000 Series concentrator. These solutions enable the Cisco Adaptive Security Appliances Firewall family to offer a platform that defends against a broad range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver program security, network containment, and safe Virtual Private Network functionality throughout the entire product portfolio. This broad scope of protection enables the guarding of any network section, including the most typical attack vectors such as remote locations, locally-connected internal users, and off-site access VPNs.
Cisco Adaptive Security Appliances 5500 Series firewalls provide a high-level of application protection through intelligent, application-sensitive inspection engines that examine network flows at Layers 4-7. This results in a more secure network covering web, voice, and mobile wireless services. To defend environments against application-layer attacks and to give businesses more control over the applications and protocols used in their networks, these inspection engines integrate broad application and protocol knowledgebases and employ protection enforcement technologies such as protocol anomaly sensing and application and protocol state monitoring. Also included are attack detection and mitigation techniques including application and protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver control over IM and peer-to-peer file sharing, enabling businesses to enforce usage policies and free up network bandwidth for important business applications.
At the same time as improving network security, Cisco ASA 5500 Series firewalls also lower installation and operational expenses. By offering extensive VPN and security services, the Cisco Adaptive Security Appliances firewall can be a single device for many uses, enabling product standardization. The Cisco Adaptive Security Appliances (ASA) firewall can be deployed as a consolidated attack-protection appliance at the datacenter by taking advantage of its connectivity control, application inspection, and malware mitigation technologies. The Cisco Adaptive Security Appliances firewall can also be used as a dedicated remote access device utilizing its Virtual Private Network capabilities. As another option, the Cisco ASA 5500 Series firewall serves equally well inside the network for inter-office connectivity control and to guard against malicious assaults inside users may unknowingly introduce into the environment. In small business and satellite office networks, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall acts as an all-in-one device providing complete intrusion prevention and VPN functionality while fitting within the budgets and operational demands of these situations.
This adaptive one-device, multiple-solution approach minimizes the total number of devices that need to be installed and managed while providing a common functional and management environment across all installations. This approach streamlines the training of setup, monitoring, troubleshooting, and security staff. To further minimize maintenance costs, Cisco ASA 5500 Series firewalls are also highly network conscious, allowing these devices to insert seamlessly into the network without interfering with legitimate traffic and applications.
How Progent Can Assist Your Business with Cisco PIX and ASA Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX security appliances provide a wealth of configuration, tracking, and analysis options that give you the ability to configure these security appliances to align optimally with your company's requirements. Progent's CCIE authorized network professionals can show you how to support your current network infrastructure that incorporates Cisco ASA or PIX firewall technology and that offers protection, fault tolerance, performance, and recoverability. Progent's firewall experts can also help you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-premier IS security professionals can assist you to develop a security strategy appropriate for your situation and can set up your firewall to support your security strategy. Progent's risk assessment experts can assess the strength of your current firewall deployment and help determine the security of your whole information system environment. Progentís Help Desk support team can deliver urgent online troubleshooting for Cisco technology and offer quick access to a Cisco network engineer.
To find out more details concerning Progent's professional support for Cisco networking products, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To contact Progent about engineering assistance for Cisco products, phone 1-800-993-9400 or see Contact Progent.