Cisco PIX family firewalls and ASA Series firewalls combine next-generation firewall, intrusion defense, and VPN features in an affordable, one-box format. Both of these product lines have been superseded by the ASA 5500-X line of security appliances with Firepower Services. (Refer to configuration and debugging help with Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation Cisco ASA 5500 model adaptive security appliances are extensively used and continue to offer small and mid-size companies a viable firewall solution.
PIX and legacy ASA 5500 firewalls offer robust user and application policy enforcement, mutlivector attack defense, and secure connectivity services. The increased intelligence sharing of consolidated protection features in a single package provides users deploying these aggregated solutions the advantages of advanced security, lower TCO, and smaller management expense.
PIX security appliances and the ASA 5500 Series join IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 switches, and 7600 Series routers as parts of Cisco's flexible, self-contained firewall solutions. Based on a scalable, modular platform, each offering is equipped with a particular array of options to provide better protection to a variety of network environments. These solutions can be individually deployed to protect certain areas of a connectivity infrastructure, or can be grouped for a layered, protection-in-depth approach based on the architecture best practices outlined in Cisco's SAFE framework. Rounding out the modular firewall solutions, Cisco provides a comprehensive security management catalog, spanning Cisco security appliance and Cisco IOS security components and embedded device managers, to standalone management applications, helping to make sure that businesses can productively use their Cisco security solution purchases.
PIX Security Appliance Series offer robust user and application policy support, multivector invasion protection, and secure networking features in economical, simple-to-configure modules. These specialized appliances offer a wealth of integrated protection and connectivity capabilities such as application-aware firewall services, VoIP and multimedia protection, reliable site-to-site and remote-access IPcec Virtual Private Network (VPN) connectivity, fault tolerance, smart networking services, and flexible management solutions. The Cisco PIX Security Appliance Series product line ranges from small plug-and-play appliances for small offices and home offices to modular gigabit products with ROI for enterprise and ISP environments, Cisco PIX firewall appliances deliver dependable security, speed, and reliability for environments of any size.
Built upon a hardened, purpose-built OS that delivers rich protection services, PIX firewall appliances offer a high level of security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security certification. Cisco PIX firewalls offer security for a broad range of VoIP and additional mixed-media conventions including H.323 Version 4, SIP, Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol, enabling organizations to safeguard installations of a wide array of current and upcoming VoIP and mixed-media applications.
PIX firewall appliances offer a variety of configuration, monitoring, and troubleshooting features, providing businesses the versatility to utilize the methods that best meet their requirements. Administrative solutions include common, policy-based management tools, integrated web-based administration, and support for remote-tracking protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager system offers a powerful web-accessible control solution that significantly simplifies the deployment, ongoing modification, and monitoring of a specific Cisco PIX firewall appliance without the need of any additional utility beyond an ordinary browser and Java plug-in to be running on a manager's computer.
Administrators can also remotely set up, monitor, and analyze PIX firewalls using a CLI interface. Safe command-line interface (CLI) access is possible using a number of techniques such as Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band via a console port. Cisco PIX security appliances also include dependable auto-update features, a set advanced secure remote-management options that ensure firewall settings and software images are kept up to date.
Cisco Adaptive Security Appliances Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are purpose-built devices that bring together advanced, best-of-breed protection and VPN support plus a flexible design. The end product is a robust, multifunction network security solution better able to protect small and medium company and enterprise networks and, at the same time, lower the overall deployment and maintenance expenses formerly associated with this enhanced degree of protection.
Cisco Adaptive Security Appliances (ASA) Firewalls build on technology developed for the PIX 500 family Security Appliance, the IPS 4200 sensor, and Cisco's VPN 3000 model concentrator. These solutions enable the Cisco Adaptive Security Appliances Firewall family to deliver a platform that stops a broad range of threats. Cisco ASA Firewalls deliver program protection, network containment, and clean VPN functionality throughout Cisco's product portfolio. This breadth of security enables defense of any network area, which includes the most common attack vectors like remote locations, LAN-connected internal users, and remote connected Virtual Private Networks.
Cisco Adaptive Security Appliances (ASA) firewalls provide robust application protection via intelligent, application-aware inspection engines that examine traffic at Layers 4-7. The result is a better protected environment including web, voice, and mobile wireless connectivity. To defend networks from application-layer assaults and to offer organizations greater policing of the applications and protocols used in their networks, these inspection engines integrate broad application and protocol knowledgebases and employ security enforcement technologies that include anomaly detection and application and protocol state tracking. Also incorporated are attack sensing and mitigation technology such as application and protocol command filtering and URL deobfuscation. Cisco ASA firewall inspection engines also deliver control over IM and tunneling applications, enabling organizations to police usage policies and preserve bandwidth for crucial business applications.
At the same time as increasing network protection, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also decrease installation and support costs. By providing extensive VPN and protection services, the Cisco ASA 5500 Series firewall can be used as the single device for a multitude of uses, allowing product commonality. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be deployed as a converged attack-protection appliance at a central location by taking advantage of its access control, process inspection, and worm, virus, and other malware mitigation technologies. The Cisco ASA firewall can also be deployed as a dedicated remote connectivity device using its Virtual Private Network features. As an alternative, the Cisco Adaptive Security Appliances firewall serves equally well in the network interior for interdepartmental access management and to defend against malware inside workers might inadvertently release into the network. In small business and branch office environments, the Cisco Adaptive Security Appliances (ASA) firewall acts as a total solution platform offering comprehensive threat prevention and VPN functionality while suiting the budgets and operational models of these situations.
This adaptive one-device, multiple-solution approach minimizes the number of devices that must be deployed and managed while offering a standard functional and management environment throughout all deployments. This architecture streamlines the training of configuration, tracking, troubleshooting, and protection staff. To further minimize maintenance costs, Cisco Adaptive Security Appliances 5500 Series firewalls are also highly network aware, allowing these devices to integrate gracefully into the network without interfering with authorized traffic and applications.
How Progent's Cisco Certified Experts Can Help Your Business with Cisco PIX and ASA Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX firewalls incorporate a wealth of configuration, monitoring, and troubleshooting features which give you the ability to configure these security appliances to align optimally with your company's needs. Progent's CCIE authorized network experts can show you how to maintain your current infrastructure that incorporates Cisco ASA or PIX firewalls and that provides protection, fault tolerance, performance, and manageability. Progent's firewall experts can also help you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-premier information security experts can help your business to create a security strategy that makes sense for your business and can set up your firewall to support your security strategy. Progent's risk assessment professionals can evaluate the effectiveness of your existing firewall deployment and validate the overall security of your entire information system network. Progentís Help Desk Call Center can provide emergency remote technical support for Cisco technology and can give you quick access to a Cisco expert.
To learn additional information about Progent's engineering expertise for Cisco solutions, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To get in touch with Progent about technical assistance for Cisco networking, call 1-800-993-9400 or go to Contact Progent.