Cisco's PIX family security appliances and Cisco ASA 5500 Series adaptive security appliances combine next-generation firewall, intrusion protection, and Virtual Private Network functionality in an economical, single-box package. Both product families have been replaced by the ASA 5500-X series of security appliances with Firepower. (Refer to integration and troubleshooting expertise for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and first-generation Cisco ASA 5500 Series firewalls are extensively deployed and continue to offer small and mid-size companies a viable firewall environment.
PIX and the original ASA 5500 firewalls deliver powerful client and application policy support, mutlivector attack protection, and safe access features. The enhanced intelligence sharing of consolidated security features in a stand-alone package provides customers deploying these integrated solutions the benefits of enhanced protection, lower cost of ownership, and smaller maintenance costs.
PIX firewalls and Cisco's ASA 5500 Series join IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 Series switches, and 7600 routers as parts of Cisco's versatile, self-contained firewall product. Based on an expandable, building-block approach, each offering is equipped with a particular array of options to deliver better protection to a variety of network situations. These products can be independently deployed to protect specific facets of the network infrastructure, or can be combined for a layered, defense-in-depth strategy following the architecture best practices described in the Cisco SAFE framework. Rounding out the modular firewall product line, Cisco has developed a complete security management offering, spanning Cisco security appliance and IOS security components and embedded appliance controllers, to standalone management utilities, helping to ensure that customers can productively use their Cisco protection solution purchases.
Cisco PIX Security Appliance Series
PIX firewalls offer reliable user and application policy support, multivector attack protection, and safe networking services in economical, out-of-the-box modules. These specialized devices offer a broad range of built-in protection and connectivity services including process-aware firewall services, Voice over IP (VoIP) and multimedia security, robust multi-location and remote-access IPcec VPN networking, high availability, smart networking features, and versatile administration options. The PIX firewall Appliance family ranges from compact plug-and-play appliances for small offices or home offices to modular gigabit products with investment protection for large business and ISP customers, Cisco PIX Security Appliance Series deliver high levels of security, speed, and reliability for environments of all sizes.
Based around a tested, purpose-built OS that delivers a wealth of security services, Cisco PIX firewall appliances provide excellent protection and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec certification. Cisco PIX security appliances provide protection for a broad array of VoIP and additional mixed-media conventions such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol, enabling organizations to protect installations of a wide range of current and upcoming IP voice and mixed-media applications.
PIX security appliances offer a wealth of setup, monitoring, and analysis options, providing IT managers the flexibility to use the techniques that best meet their requirements. Management solutions include common, policy-based management tools, integrated web-based administration, and support for remote-tracking protocols like SNMP and syslog. The integrated Adaptive Security Device Manager system offers a world-class web-accessible control solution that greatly streamlines the installation, ongoing modification, and monitoring of a specific Cisco PIX firewall without the need of any extra utility other than a standard web browser and Java plug-in to be installed on an administrator's PC.
Administrators can also remotely configure, monitor, and troubleshoot PIX security appliances via a CLI interface. Safe CLI interface access is possible using a number of methods such as Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewalls also include robust auto-update capabilities, a set of secure remote-management services that ensure security settings and software images are kept up to date.
Cisco ASA Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are purpose-built solutions that incorporate advanced, industry-leading protection and Virtual Private Network services with an adaptive architecture. The end product is a robust, versatile network security solution better suited to defend small and midsize business and larger networks and, at the same time, lower the overall installation and operations expenses formerly associated with this high level of protection.
Cisco Adaptive Security Appliances (ASA) Firewalls leverage engineering developed for Cisco's PIX 500 family firewall, Cisco's IPS 4200 Intrusion Prevention System, and the VPN 3000 model concentrator. These technologies enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to offer a firewall that stops a broad range of attacks. Cisco ASA 5500 Series Firewalls provide application security, network containment and control, and clean Virtual Private Network functionality throughout Cisco's product portfolio. This broad scope of protection enables defense of any network segment, which includes the most typical threat vectors like remote locations, LAN-attached inside users, and off-site connected VPNs.
Cisco Adaptive Security Appliances firewalls deliver robust application security through intelligent, application-sensitive inspection engines that examine traffic at Layers 4-7. This produces a more secure network including web, voice, and mobile wireless services. To protect networks from application-layer assaults and to offer organizations greater control over the applications and protocols utilized in their networks, Cisco's inspection engines integrate extensive application and protocol knowledgebases and employ security enforcement solutions that include protocol anomaly sensing and state tracking. Also included are attack sensing and mitigation techniques such as application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide control over IM and tunneling applications, enabling organizations to enforce usage policies and recover bandwidth for important business processes.
While increasing network security, Cisco ASA firewalls also lower installation and operational expenses. By offering broad Virtual Private Network and security services, the Cisco ASA 5500 Series firewall can be a the only platform for many uses, allowing product standardization. The Cisco Adaptive Security Appliances firewall can be deployed as a consolidated threat-protection appliance at the datacenter by leveraging its connectivity control, process inspection, and malware remediation capabilities. The Cisco Adaptive Security Appliances 5500 Series firewall can also be used as a specialized remote access solution utilizing its Virtual Private Network features. As an alternative, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves capably in the network interior for inter-office access control and to guard against malware internal users may inadvertently introduce into the environment. In small business and satellite office networks, the Cisco Adaptive Security Appliances firewall serves as a total solution device offering comprehensive intrusion defense and VPN services while suiting the cost structure and performance demands of such deployments.
This adaptive single-platform, many-use design reduces the total number of devices that must be deployed and managed while offering a standard functional and administrative environment throughout all deployments. This architecture simplifies the education of setup, tracking, troubleshooting, and protection personnel. To further reduce maintenance costs, Cisco ASA firewalls are also highly network aware, enabling these devices to integrate seamlessly into the environment without disrupting authorized data flow and processes.
How Progent Can Help Your Business with Cisco Firewalls
Cisco ASA Series firewalls and PIX firewalls provide an array of configuration, monitoring, and analysis features which give you the ability to set up these security appliances to match your business needs. Progent's CCIE certified network professionals can show you how to maintain your existing network infrastructure that incorporates Cisco ASA or PIX security appliances and that provides security, resilience, throughput, and manageability. Progent's firewall experts can also help you to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-certified IS security professionals can assist your business to create a security policy that makes sense for your environment and can configure your PIX or ASA firewall to enforce your security strategy. Progent's risk evaluation consultants can assess the strength of your current firewall solution and validate the security of your whole IT environment. Progentís Technical Response Center (TRC) can provide urgent online technical support for Cisco technology and offer quick access to a Cisco network engineer.
To find out more details about Progent's consulting support for Cisco products, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to ask Progent about consulting support for Cisco networking, phone 1-800-993-9400 or go to Contact Progent.