Cisco's PIX firewalls and Cisco ASA Series firewalls combine comprehensive firewall, intrusion defense, and Virtual Private Network functionality in an affordable, one-box format. Both of these product lines have been superseded by the ASA 5500-X family of security appliances with Firepower. (Refer to integration and debugging expertise for ASA 5500-X firewalls with Firepower Services.) Still, both PIX and previous-generation Cisco ASA 5500 Series firewalls are extensively deployed and continue to offer small and mid-size organizations a reliable firewall environment.
Cisco PIC and the original ASA 5500 firewalls offer powerful user and application policy support, mutlivector attack protection, and safe access services. The enhanced intelligence sharing of consolidated security services in a single platform offers customers implementing these aggregated firewalls the advantages of advanced protection, reduced TCO, and minimal management expense.
Cisco PIX security appliances and the ASA 5500 Series join Cisco IOS Firewall, the FWSM for Catalyst 6500 switches, and 7600 routers as parts of Cisco's flexible, self-contained firewall product. Engineered with an expandable, building-block platform, each offering is equipped with a specific feature set to provide more efficient security to different network environments. These solutions can be independently deployed to protect certain facets of the network environment, or can be grouped for a layered, protection-in-depth strategy following the architecture best practices described in the Cisco SAFE Blueprint. Rounding out the modular firewall product line, Cisco provides a complete security management portfolio, ranging from Cisco security appliance and Cisco IOS Software security features and embedded device managers, to standalone management programs, moving to ensure that customers can productively manage their Cisco security solution purchases.
Cisco PIX Firewall Appliances
PIX Security Appliance Series deliver robust policy enforcement, multi-source attack protection, and secure connectivity services in economical, simple-to-configure solutions. These specialized appliances provide a broad range of built-in protection and connectivity capabilities including process-aware firewall features, Voice over IP and multimedia security, robust multi-site and remote-connectivity IPcec VPN networking, fault tolerance, smart networking services, and flexible administration options. The PIX Security Appliance Series family spans compact plug-and-play devices for small and at home offices to stackable gigabit products with ROI for enterprise and ISP customers, PIX firewall appliances deliver high levels of protection, speed, and availability for networks of all sizes.
Built upon a hardened, specialized software platform that delivers rich protection features, PIX firewall appliances provide excellent security and have earned EAL 4 status and ICSA Firewall and IPsec qualification. PIX firewalls provide protection for a broad array of Voice over IP and additional multimedia conventions such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), enabling organizations to safeguard deployments of a wide range of current and upcoming VoIP and mixed-media applications.
Cisco PIX firewalls feature a wealth of setup, monitoring, and analysis options, giving businesses the flexibility to use the methods that best meet their requirements. Administrative solutions include common, policy-based administration utilities, integrated web-accessible administration, and compatibility with remote-tracking protocols like SNMP and syslog. The integrated ASDM interface provides a world-class web-based management platform that greatly simplifies the installation, ongoing modification, and tracking of a specific PIX firewall without the need of any extra utility beyond an ordinary browser and Java applet to be installed on a manager's computer.
Administrators can furthermore remotely configure, track, and analyze PIX security appliances using a command-line interface (CLI). Secure command-line interface (CLI) communication is possible using a number of techniques including Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band via a console port. Cisco PIX security appliances also include robust auto-update capabilities, a set of protected remote-management options that ensure firewall settings and software images are always current.
Cisco Adaptive Security Appliances Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are specially engineered devices that incorporate advanced, best-of-breed protection and Virtual Private Network services with an adaptive architecture. The result is a robust, versatile network security solution better suited to defend small and midsize business and enterprise networks and, simultaneously, reduce the total installation and operations expenses previously required for this enhanced level of security.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls leverage engineering behind Cisco's PIX 500 Security Appliance, the Cisco IPS 4200 Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These technologies enable the Cisco Adaptive Security Appliances 5500 Series Firewall family to offer a platform that stops a wide range of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls deliver application security, network containment and control, and safe VPN functionality throughout Cisco's product line. This breadth of protection allows defense of any network section, including the most typical attack vectors such as remote locations, locally-attached inside users, and off-site connected VPNs.
Cisco Adaptive Security Appliances (ASA) firewalls deliver robust application security through smart, application-sensitive inspection engines that analyze traffic at Layers 4-7. The result is a safer environment including web, voice, and mobile wireless services. To protect networks against application-layer attacks and to give organizations more control over the applications and protocols used in their networks, these inspection engines incorporate broad application and protocol knowledgebases and rely on security enforcement solutions that include anomaly sensing and application and protocol state tracking. Also incorporated are attack sensing and remediation technology such as application and protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver management of IM and tunneling applications, enabling organizations to enforce usage policies and conserve bandwidth for vital business applications.
While improving security, Cisco ASA firewalls also lower deployment and support costs. By offering extensive VPN and protection services, the Cisco ASA firewall can be a single device for a multitude of uses, allowing platform commonality. The Cisco ASA firewall can be used as a converged threat-prevention appliance at a central location by taking advantage of its connectivity control, application inspection, and malware mitigation capabilities. The Cisco ASA firewall can also be used as a dedicated remote connectivity device using its VPN capabilities. Alternatively, the Cisco ASA 5500 Series firewall operates equally well inside the network for interdepartmental access management and to defend against worms, viruses, and other malicious code internal users might unknowingly release into the network. In small company and branch office environments, the Cisco Adaptive Security Appliances firewall serves as a total solution platform providing comprehensive intrusion prevention and Virtual Private Network services while fitting within the budgets and operational models of such situations.
This versatile single-platform, many-use approach minimizes the total number of devices that need to be deployed and managed while providing a common operating and management environment across all those installations. This approach simplifies the education of setup, tracking, support, and protection personnel. To further reduce maintenance expenses, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also highly network aware, allowing them to insert gracefully into the environment without disrupting authorized data flow and processes.
How Progent's Consultants Can Help You with Cisco PIX and ASA Firewalls
Cisco ASA Series adaptive security appliances and PIX family security appliances incorporate an array of setup, monitoring, and analysis options that offer you the ability to configure these security appliances to align optimally with your company's requirements. Progent's CCIE certified network experts can show you how to maintain your existing network infrastructure that includes Cisco ASA and/or PIX firewalls and that offers security, resilience, performance, and recoverability. Progent can also assist your organization to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-premier IS security professionals can help you to develop a security policy appropriate for your business and can configure your security appliance to support your security policies. Progent's security evaluation consultants can assess the strength of your current firewall deployment and help determine the security of your whole IT environment. Progentís Help Desk Call Center can deliver emergency online technical support for Cisco products and can give you quick access to a Cisco CCIE network engineer.
To find out more details about Progent's professional help for Cisco networking products, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to contact Progent about consulting support for Cisco networking, phone 1-800-993-9400 or go to Contact Progent.