Cisco PIX family firewalls and Cisco ASA Series adaptive security appliances integrate next-generation firewall, intrusion protection, and Virtual Private Network (VPN) features in an affordable, single-cabinet format. Both product families have been replaced by Cisco's ASA 5500-X line of firewalls with Firepower Services. (See integration and debugging expertise for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation Cisco ASA 5500 model adaptive security appliances are widely used and continue to provide small and mid-size companies a reliable security solution.
PIX and the original ASA 5500 firewalls offer powerful client and program policy support, mutlivector attack protection, and secure connectivity features. The enhanced knowledge sharing of integrated protection features in a stand-alone platform provides users deploying these integrated solutions the benefits of advanced protection, reduced TCO, and smaller management costs.
PIX firewalls and Cisco's ASA 5500 Series combine with Cisco IOS Firewall, the Firewall Services Module (FWSM) for Cisco Catalyst 6500 family switches, and Cisco 7600 routers as parts of Cisco's versatile, self-contained firewall product. Engineered with a scalable, modular platform, every device is equipped with a particular feature set to deliver better security to different network situations. These products can be independently deployed to secure certain areas of a connectivity environment, or can be grouped for a layered, defense-in-depth strategy following the design leading practices described in Cisco's SAFE framework. Completing the integrated firewall solutions, Cisco has developed a complete security management product portfolio, ranging from Cisco security device and Cisco IOS Software security components and built-in device controllers, to self-contained management programs, helping to ensure that businesses can effectively use their Cisco security solution investments.
PIX Security Appliance Series
PIX firewall appliances offer reliable policy enforcement, multi-source invasion defense, and safe connectivity features in affordable, simple-to-configure solutions. These specialized appliances offer a wealth of built-in protection and networking services including application-aware firewall services, Voice over IP (VoIP) and multimedia protection, reliable multi-site and remote-access IP Security (IPsec) Virtual Private Network networking, high availability, smart networking services, and flexible management solutions. The PIX firewall family spans small plug-and-go desktop units for small or at home offices to stackable high-bandwidth products with ROI for enterprise and service-provider customers, PIX firewalls deliver high levels of security, speed, and availability for networks of all sizes.
Built upon a tested, purpose-built software platform that offers rich security features, Cisco PIX firewall appliances offer excellent security and have received EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. Cisco PIX firewalls offer security for a broad range of Voice over IP and other multimedia conventions including H.323 Version 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, helping organizations to safeguard installations of a broad array of contemporary and next-generation IP voice and multimedia applications.
PIX security appliances feature a variety of configuration, tracking, and troubleshooting features, giving IT managers the flexibility to use the techniques that most closely match their requirements. Administrative options include centralized, policy-based management utilities, integrated web-accessible management, and support for remote-monitoring protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager system offers a powerful web-accessible control platform that significantly streamlines the installation, in-place configuration, and monitoring of a specific Cisco PIX firewall without the need of any additional software beyond a standard browser and Java plug-in to be running on an administrator's PC.
IT managers can furthermore remotely configure, monitor, and troubleshoot PIX firewalls using a command-line interface. Safe command-line interface access is available using several techniques including SSHv2 Protocol, Telnet through IP Security, and out-of-band through a console port. Cisco PIX firewalls also have robust auto-update capabilities, a collection of protected remote-management options that make sure that firewall configurations and software images are always current.
Cisco Adaptive Security Appliances Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls are specially engineered devices that bring together advanced, best-of-breed security and VPN services plus a flexible architecture. The result is a robust, multifunction network protection solution better suited to defend small and midsize company and enterprise networks and, simultaneously, lower the total installation and operations expenses formerly associated with this enhanced degree of protection.
Cisco Adaptive Security Appliances (ASA) Firewalls leverage engineering behind Cisco's PIX 500 family firewall, the IPS 4200 Series Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These technologies converge on the Cisco ASA Firewall family to offer a firewall that defends against a wide range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide application security, local containment, and clean VPN functionality throughout Cisco's product portfolio. This broad scope of security enables the guarding of any network section, including the most typical attack conduits like remote sites, LAN-attached internal users, and remote connected Virtual Private Networks.
Cisco Adaptive Security Appliances (ASA) firewalls deliver robust application protection through intelligent, application-sensitive inspection processes that analyze network flows at Layers 4-7. This results in a more secure network including web, voice, and mobile wireless connectivity. To defend networks against application-layer assaults and to give organizations greater policing of the programs and protocols used in their networks, Cisco's inspection engines incorporate broad application and protocol knowledge and rely on protection enforcement technologies such as anomaly sensing and application and protocol state tracking. Also included are assault sensing and mitigation technology including application/protocol command filters and content verification. Cisco ASA 5500 Series firewall inspection engines also provide management of instant messaging and peer-to-peer file sharing, enabling organizations to enforce usage policies and free up bandwidth for important business applications.
While improving network security, Cisco Adaptive Security Appliances firewalls also lower deployment and operational costs. By offering extensive Virtual Private Network and security services, the Cisco ASA firewall can be used as the single device for many uses, allowing platform commonality. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as a consolidated attack-protection appliance at the datacenter by leveraging its access control, process inspection, and worm, virus, and other malware mitigation technologies. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can also be deployed as a dedicated remote connectivity solution utilizing its VPN capabilities. Alternatively, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall performs capably in the network interior for interdepartmental access control and to guard against malicious assaults internal workers might unknowingly release into the environment. In small company and branch office environments, the Cisco Adaptive Security Appliances (ASA) firewall serves as an all-in-one device offering comprehensive threat defense and Virtual Private Network functionality while suiting the budgets and performance demands of such situations.
This adaptive one-device, multiple-solution design minimizes the number of devices that must be deployed and maintained while providing a standard functional and administrative system across all those deployments. This approach streamlines the training of configuration, monitoring, troubleshooting, and security staff. To further reduce operations costs, Cisco Adaptive Security Appliances (ASA) firewalls are also highly network conscious, allowing these devices to integrate seamlessly into the environment without disrupting legitimate traffic and applications.
How Progent Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco ASA Series adaptive security appliances and PIX family security appliances incorporate a wealth of configuration, tracking, and analysis features which offer you the flexibility to deploy these firewalls to match your business requirements. Progent's CCIE certified network professionals can help you to support your existing network infrastructure that incorporates Cisco ASA and/or PIX firewall technology and that offers security, fault tolerance, throughput, and recoverability. Progent's firewall experts can also help you to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-certified IS security consultants can assist you to create a security strategy that makes sense for your situation and can set up your PIX or ASA firewall to support your security policies. Progent's security assessment professionals can evaluate the strength of your current firewall deployment and validate the security of your entire IT network. Progent’s Help Desk Call Center can provide emergency remote technical support for Cisco products and can give you fast access to a Cisco CCIE network engineer.
For additional details concerning Progent's professional help for Cisco technology, choose a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to ask Progent about technical help for Cisco networking, phone 1-800-993-9400 or refer to Contact Progent.