Cisco PIX family firewalls and Cisco ASA 5500 Series adaptive security appliances combine comprehensive firewall, intrusion protection, and Virtual Private Network (VPN) functionality in an economical, single-box package. Both product lines have been replaced by the ASA 5500-X family of security appliances with Firepower. (See integration and debugging expertise for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and previous-generation Cisco ASA 5500 Series adaptive security appliances are extensively used and continue to provide small and mid-size organizations a reliable firewall environment.
Cisco PIC and the original ASA 5500 firewalls deliver robust user and application policy enforcement, mutlivector attack defense, and secure connectivity features. The enhanced knowledge sharing of consolidated security features in a stand-alone package provides customers implementing these integrated firewalls the benefits of enhanced protection, lower cost of ownership, and smaller management expense.
PIX firewalls and Cisco's ASA 5500 Series combine with Cisco IOS Firewall, the FWSM for Catalyst 6500 switches, and Cisco 7600 Series routers as parts of Cisco's versatile, integrated firewall line. Based on an expandable, building-block approach, every device is designed with a particular feature set to provide better protection to a variety of networking situations. These products can be independently installed to protect certain facets of the connectivity infrastructure, or can be grouped for a layered, defense-in-depth approach based on the design leading practices described in the Cisco SAFE framework. Rounding out the modular firewall solutions, Cisco has developed a complete security management portfolio, ranging from Cisco security device and Cisco IOS security components and built-in appliance controllers, to self-contained management applications, helping to make sure that businesses can effectively use their Cisco protection solution purchases.
PIX Firewall Appliances
Cisco PIX firewall appliances offer reliable user and application policy enforcement, multi-source attack defense, and secure networking features in cost-effective, easy-to-deploy solutions. These specialized devices provide a broad range of integrated protection and networking capabilities such as process-aware firewall services, VoIP and multimedia protection, robust multi-site and remote-access IP Security Virtual Private Network networking, high availability, intelligent networking features, and versatile management options. The PIX firewall Appliance product line ranges from compact plug-and-go devices for small or home offices to stackable gigabit appliances with investment protection for enterprise and service-provider environments, Cisco PIX firewall appliances deliver high levels of protection, performance, and availability for environments of all sizes.
Built around a hardened, specialized OS that offers rich protection features, PIX security appliances offer a high level of security and have earned EAL 4 status and ICSA Firewall and IP Security (IPsec) certification. Cisco PIX firewall appliances provide security for a wide range of Voice over IP and other multimedia conventions including H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol, helping businesses to safeguard deployments of a broad array of current and next-generation Voice over IP and multimedia applications.
Cisco PIX firewalls offer a variety of setup, tracking, and analysis options, providing businesses the versatility to use the methods that best match their requirements. Administrative options include centralized, policy-based management utilities, integrated web-based management, and compatibility with remote-monitoring protocols like SNMP and syslog. The integrated ASDM system provides a world-class web-based control solution that greatly streamlines the installation, in-place modification, and monitoring of a specific Cisco PIX security appliance without requiring any extra software other than a standard browser and Java plug-in to be installed on a manager's PC.
IT managers can also remotely set up, monitor, and troubleshoot PIX firewalls via a command-line interface (CLI). Safe command-line interface (CLI) communication is possible using several techniques including Secure Shell Protocol, Telnet over IPsec, and out-of-band via a console port. PIX firewall appliances also have dependable automatic-update capabilities, a collection advanced secure remote-administration options that ensure security settings and software images are kept up to date.
Cisco Adaptive Security Appliances (ASA) Firewalls
Cisco ASA Firewalls are purpose-built solutions that incorporate advanced, best-of-breed security and Virtual Private Network support plus a flexible design. The end product is a powerful, multifunction network protection solution better able to defend small and medium company and enterprise networks and, at the same time, lower the total installation and maintenance expenses previously associated with this high degree of protection.
Cisco Adaptive Security Appliances (ASA) Firewalls leverage technology developed for Cisco's PIX 500 firewall, the IPS 4200 Series sensor, and Cisco's VPN 3000 Series concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to deliver a platform that defends against a wide range of threats. Cisco Adaptive Security Appliances (ASA) Firewalls provide program protection, local containment, and clean VPN functionality across the entire product portfolio. This broad scope of protection enables the guarding of any network area, including the most typical attack conduits such as remote locations, LAN-attached inside users, and off-site access VPNs.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide robust application security through intelligent, application-aware inspection processes that examine network flows at Layers 4-7. This results in a safer network including web, voice, and mobile wireless connectivity. To protect environments from application-layer attacks and to give organizations greater policing of the programs and protocols used in their networks, Cisco's inspection engines integrate extensive application and protocol knowledge and employ security enforcement solutions such as anomaly detection and application and protocol state tracking. Also included are assault detection and mitigation technology such as application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide control over IM and tunneling applications, allowing businesses to enforce usage policies and preserve bandwidth for vital business applications.
At the same time as improving network security, Cisco Adaptive Security Appliances 5500 Series firewalls also lower installation and operational expenses. By providing extensive VPN and security services, the Cisco Adaptive Security Appliances 5500 Series firewall can be used as the single device for many uses, allowing product standardization. The Cisco Adaptive Security Appliances firewall can be deployed as a converged attack-prevention device at the datacenter by leveraging its connectivity control, process inspection, and worm, virus, and other malware remediation capabilities. The Cisco ASA firewall can also be deployed as a dedicated remote access device utilizing its VPN capabilities. Alternatively, the Cisco ASA firewall serves capably in the network interior for inter-office access management and to guard against malware internal workers may unknowingly release into the environment. In small business and branch office environments, the Cisco Adaptive Security Appliances 5500 Series firewall serves as a total solution device offering comprehensive intrusion defense and VPN functionality while fitting within the cost structure and performance demands of these deployments.
This adaptive single-device, multiple-solution design reduces the total number of devices that need to be deployed and managed while offering a standard operating and administrative system throughout all installations. This approach streamlines the training of setup, monitoring, troubleshooting, and protection staff. To further minimize maintenance expenses, Cisco Adaptive Security Appliances 5500 Series firewalls are also highly network conscious, enabling them to integrate seamlessly into the environment without disrupting legitimate traffic and processes.
How Progent's Cisco Certified Experts Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco ASA 5500 Series firewalls and PIX family security appliances provide a wealth of setup, monitoring, and analysis options which give you the ability to deploy these security appliances to match your company's needs. Progent's CCIE authorized network professionals can help you to support your current network infrastructure that includes Cisco ASA and/or PIX firewall technology and that offers protection, fault tolerance, performance, and recoverability. Progent can also assist your organization to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-certified IS security experts can assist you to develop a security strategy that makes sense for your business and can configure your security appliance to support your security strategy. Progent's security assessment engineers can evaluate the effectiveness of your current firewall deployment and validate the overall security of your entire IS environment. Progentís Help Desk Call Center can provide urgent online troubleshooting for Cisco technology and can give you quick access to a Cisco network engineer.
To learn more information about Progent's consulting assistance for Cisco products, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
In order to contact Progent about technical assistance for Cisco networking, phone 1-800-993-9400 or go to Contact Progent.