Cisco's PIX family security appliances and Cisco ASA 5500 Series firewalls integrate next-generation firewall, intrusion defense, and VPN technologies in an affordable, single-box format. Both of these product lines have been superseded by the ASA 5500-X family of firewalls with Firepower Services. (Refer to configuration and troubleshooting support for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and previous-generation Cisco ASA 5500 model firewalls are widely deployed and continue to provide small and mid-size companies a viable security environment.
PIX and legacy ASA 5500 firewalls offer robust client and application policy enforcement, mutlivector attack protection, and safe connectivity services. The enhanced knowledge sharing of consolidated security features in a single package offers users implementing these aggregated firewalls the benefits of advanced security, lower TCO, and smaller management expense.
Cisco PIX security appliances and the ASA 5500 product line join IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 switches, and Cisco 7600 Series routers as parts of Cisco's versatile, integrated firewall solutions. Engineered with a scalable, modular approach, every offering is designed with a specific array of options to provide better protection to a variety of network environments. These solutions can be individually deployed to secure specific areas of the network infrastructure, or can be combined for a layered, defense-in-depth strategy following the architecture leading practices outlined in Cisco's SAFE Blueprint. Rounding out the integrated firewall product line, Cisco provides a complete security management offering, ranging from Cisco security appliance and Cisco IOS security features and embedded device controllers, to standalone management utilities, moving to ensure that customers can effectively use their Cisco protection solution purchases.
PIX Firewall Appliances
PIX firewalls offer robust policy support, multivector invasion protection, and safe networking features in economical, out-of-the-box solutions. These purpose-built appliances offer a wealth of built-in protection and networking capabilities including process-aware firewall services, Voice over IP (VoIP) and multimedia security, reliable site-to-site and remote-connectivity IPcec Virtual Private Network (VPN) networking, high availability, intelligent networking features, and flexible administration options. The PIX firewall family spans compact plug-and-go devices for small or at home offices to stackable high-bandwidth appliances with ROI for large business and ISP customers, Cisco PIX Security Appliance Series provide high levels of security, speed, and availability for networks of any size.
Based around a tested, specialized software platform that offers a wealth of security services, PIX firewall appliances offer a high level of security and have received EAL 4 status and ICSA Firewall and IP Security (IPsec) qualification. Cisco PIX security appliances provide security for a wide array of VoIP and other mixed-media standards such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol (MGCP), helping businesses to protect installations of a broad array of contemporary and next-generation Voice over IP and mixed-media applications.
Cisco PIX firewalls feature a wealth of setup, monitoring, and analysis options, providing IT managers the flexibility to use the methods that most closely match their needs. Administrative options include centralized, policy-based management utilities, integrated web-based management, and support for remote-tracking standards such as SNMP and syslog. The integrated Adaptive Security Device Manager interface offers a powerful web-based control solution that significantly simplifies the installation, ongoing modification, and tracking of a specific Cisco PIX firewall without requiring any extra software beyond a standard web browser and Java applet to be running on a manager's computer.
Administrators can also remotely configure, monitor, and analyze PIX firewalls using a command-line interface (CLI). Secure CLI interface communication is available using a number of methods such as Secure Shell (SSHv2) Protocol, Telnet through IPsec, and out-of-band through a console port. PIX security appliances also include dependable automatic-update features, a set of secure remote-management services that make sure that security settings and software images are kept current.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are specially engineered devices that incorporate market-proven, industry-leading security and VPN support plus an adaptive design. The end product is a powerful, multifunction network protection appliance better able to protect small and midsize company and enterprise networks and, simultaneously, reduce the overall installation and operations costs formerly associated with this enhanced degree of security.
Cisco ASA 5500 Series firewalls provide robust application security via smart, application-sensitive inspection processes that examine traffic at Layers 4-7. The result is a more secure network covering web, voice, and mobile wireless connectivity. To protect environments against application-layer attacks and to offer businesses more policing of the programs and protocols utilized in their networks, Cisco's inspection engines incorporate extensive application and protocol knowledge and rely on security enforcement technologies such as protocol anomaly sensing and application and protocol state tracking. Also incorporated are assault sensing and remediation techniques such as application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, allowing businesses to enforce usage policies and conserve bandwidth for crucial business applications.
While increasing security, Cisco ASA 5500 Series firewalls also decrease installation and operational costs. By offering extensive VPN and protection services, the Cisco Adaptive Security Appliances firewall can be used as the the only platform for a multitude of uses, enabling platform standardization. The Cisco ASA firewall can be deployed as a consolidated attack-protection appliance at a central location by leveraging its access control, process inspection, and malware remediation capabilities. The Cisco Adaptive Security Appliances (ASA) firewall can also be used as a dedicated remote access device utilizing its VPN capabilities. As another option, the Cisco Adaptive Security Appliances firewall operates capably in the network interior for interdepartmental connectivity management and to defend against worms, viruses, and other malicious code inside users may unwittingly introduce into the environment. In small company and satellite office environments, the Cisco Adaptive Security Appliances 5500 Series firewall serves as an all-in-one device providing complete threat defense and VPN functionality while suiting the cost structure and performance models of such situations.
This versatile single-platform, many-solution approach minimizes the number of appliances that need to be deployed and managed while providing a common operating and administrative system across all those installations. This architecture simplifies the education of setup, tracking, troubleshooting, and security staff. To further minimize operations costs, Cisco ASA 5500 Series firewalls are also exceptionally network conscious, allowing these devices to integrate gracefully into the environment without interfering with legitimate traffic and applications.
How Progent's Cisco Certified Experts Can Assist You with Cisco PIX and ASA Firewalls
Cisco ASA 5500 Series firewalls and PIX family security appliances provide an array of setup, tracking, and analysis features that offer you the ability to deploy these security appliances to align optimally with your company's needs. Progent's CCIE certified network consultants can assist you to maintain your current network infrastructure that includes Cisco ASA and/or PIX firewalls and that provides security, resilience, throughput, and recoverability. Progent's firewall experts can also help you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-certified IS security engineers can assist you to develop a security strategy appropriate for your situation and can set up your security appliance to support your security policies. Progent's risk assessment professionals can evaluate the strength of your existing firewall solution and validate the security of your whole IS environment. Progent's Help Desk Call Center can provide urgent online troubleshooting for Cisco technology and offer fast access to a Cisco expert.
To see more details about Progent's consulting expertise for Cisco networking products, select a subject: