Cisco PIX firewalls and Cisco ASA Series firewalls integrate comprehensive firewall, intrusion protection, and Virtual Private Network (VPN) functionality in an affordable, one-box format. Both of these product lines have been superseded by the ASA 5500-X line of firewalls with Firepower. (Refer to configuration and troubleshooting expertise for ASA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and earlier-generation Cisco ASA 5500 model firewalls are widely deployed and continue to provide small and mid-size companies a viable firewall solution.
PIX and legacy ASA 5500 firewalls offer robust user and application policy support, mutlivector attack defense, and safe connectivity services. The increased intelligence sharing of integrated protection features in a stand-alone package offers customers implementing these integrated firewalls the advantages of advanced security, lower cost of ownership, and smaller management expense.
Cisco PIX firewalls and the ASA 5500 product line combine with Cisco IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 Series switches, and Cisco 7600 family routers as parts of Cisco's versatile, integrated firewall solutions. Engineered with an expandable, building-block approach, every offering is equipped with a particular feature set to deliver more efficient security to different networking situations. These products can be individually deployed to secure specific facets of a network infrastructure, or can be combined for a systematic, protection-in-depth strategy based on the architecture best practices outlined in Cisco's SAFE framework. Rounding out the modular firewall solutions, Cisco has developed a complete security management catalog, ranging from Cisco security appliance and Cisco IOS security components and built-in appliance controllers, to standalone management programs, helping to ensure that customers can productively manage their Cisco protection solution purchases.
Cisco PIX Firewalls
Cisco PIX Security Appliance Series deliver robust user and application policy enforcement, multi-source attack defense, and secure networking features in cost-effective, easy-to-deploy solutions. These purpose-built devices provide a broad range of built-in security and connectivity capabilities including process-aware firewall features, Voice over IP (VoIP) and multimedia protection, robust multi-site and remote-connectivity IP Security Virtual Private Network networking, fault tolerance, intelligent networking features, and flexible administration options. The Cisco PIX firewall product line spans compact plug-and-go desktop units for small offices or at home offices to modular gigabit appliances with investment protection for large business and ISP environments, Cisco PIX firewall appliances provide dependable security, performance, and reliability for environments of all sizes.
Based upon a hardened, purpose-built OS that offers rich protection features, Cisco PIX firewall appliances provide a high level of security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security certification. PIX security appliances provide security for a wide array of Voice over IP and additional mixed-media conventions such as H.323 Version 4, Session Initiation Protocol, SCCP, RTSP, and MGCP, helping organizations to protect deployments of a broad array of contemporary and upcoming IP voice and video applications.
Cisco PIX firewall appliances feature a wealth of configuration, tracking, and troubleshooting features, giving businesses the flexibility to utilize the techniques that most closely meet their needs. Administrative options include common, policy-based administration utilities, integrated web-accessible administration, and support for remote-tracking protocols like Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system offers a powerful web-based control solution that greatly streamlines the deployment, ongoing modification, and tracking of a specific Cisco PIX firewall without the need of any extra utility other than an ordinary web browser and Java applet to be installed on a manager's computer.
IT managers can also remotely configure, monitor, and analyze PIX firewalls using a command-line interface (CLI). Secure command-line interface (CLI) communication is possible through several techniques including SSHv2 Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. PIX security appliances also have robust auto-update capabilities, a collection of protected remote-administration services that make sure that firewall configurations and software images are always up to date.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco Adaptive Security Appliances Firewalls are specially engineered devices that bring together market-proven, industry-leading protection and Virtual Private Network services plus an adaptive architecture. The result is a robust, versatile network protection appliance better able to protect small and medium business (SMB) and enterprise networks and, at the same time, reduce the total deployment and maintenance expenses formerly required for this high level of security.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls leverage technology behind the Cisco PIX 500 family firewall, the Cisco IPS 4200 family Intrusion Prevention System, and the VPN 3000 Series concentrator. These solutions converge on the Cisco Adaptive Security Appliances 5500 Series Firewall product line to offer a firewall that defends against a wide range of threats. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver application protection, network containment, and clean Virtual Private Network connectivity across Cisco's product line. This broad scope of protection allows the guarding of any network segment, including the most common attack conduits like remote sites, locally-attached inside users, and remote connected VPNs.
Cisco ASA 5500 Series firewalls provide strong application protection through intelligent, application-sensitive inspection engines that analyze traffic at Layers 4-7. This produces a safer environment including web, voice, and mobile wireless access. To protect networks against application-layer attacks and to give organizations more policing of the applications and protocols used in their networks, Cisco's inspection engines integrate broad application and protocol knowledge and rely on protection enforcement technologies such as anomaly sensing and application and protocol state tracking. Also included are attack detection and mitigation technology including application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also deliver control over IM and peer-to-peer file sharing, enabling organizations to police usage policies and conserve network bandwidth for important business applications.
While increasing security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower deployment and support costs. By providing broad Virtual Private Network and security services, the Cisco Adaptive Security Appliances firewall can be used as the single device for many uses, enabling product commonality. The Cisco ASA 5500 Series firewall can be used as a consolidated attack-prevention device at a central location by taking advantage of its connectivity control, application inspection, and worm, virus, and other malware mitigation capabilities. The Cisco Adaptive Security Appliances firewall can also be deployed as a specialized remote access solution using its Virtual Private Network capabilities. As an alternative, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall performs equally well inside the network for interdepartmental connectivity management and to guard against malicious assaults inside workers might unknowingly introduce into the network. For small business and branch office networks, the Cisco ASA firewall acts as a total solution device offering comprehensive threat defense and Virtual Private Network services while suiting the budgets and operational models of these situations.
This versatile single-device, multiple-solution approach reduces the number of appliances that must be installed and maintained while providing a common operating and administrative environment across all those deployments. This approach simplifies the education of configuration, monitoring, troubleshooting, and security personnel. To further minimize maintenance costs, Cisco Adaptive Security Appliances firewalls are also exceptionally network aware, enabling them to integrate seamlessly into the network without disrupting authorized data flow and applications.
How Progent's Consultants Can Help You with Cisco Firewalls
Cisco ASA 5500 Series adaptive security appliances and PIX family firewalls provide an array of configuration, tracking, and analysis features that give you the flexibility to set up these security appliances to align optimally with your business requirements. Progent's CCIE certified network consultants can show you how to maintain your existing network infrastructure that includes Cisco ASA and/or PIX firewall technology and that offers security, resilience, throughput, and manageability. Progent can also help your organization to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-premier IS security professionals can assist your business to develop a security policy that makes sense for your environment and can configure your firewall to support your security policies. Progent's security evaluation consultants can evaluate the strength of your existing firewall deployment and help determine the overall security of your whole IT network. Progentís Technical Response Center can deliver urgent online troubleshooting for Cisco technology and can give you quick access to a Cisco network engineer.
For more details about Progent's professional support for Cisco technology, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to ask Progent about consulting support for Cisco products, phone 1-800-993-9400 or visit Contact Progent.