Cisco's PIX firewalls and ASA 5500 Series firewalls integrate comprehensive firewall, intrusion defense, and Virtual Private Network features in an affordable, single-box format. Both of these product lines have been replaced by Cisco's ASA 5500-X family of firewalls with Firepower Services. (Refer to integration and troubleshooting support for ASA 5500-X firewalls with Firepower Services.) Still, both PIX and first-generation ASA 5500 Series firewalls are widely deployed and continue to provide small and mid-size companies a reliable security environment.
PIX and legacy ASA 5500 firewalls offer powerful client and program policy enforcement, mutlivector attack defense, and secure connectivity services. The enhanced intelligence sharing of consolidated protection features in a stand-alone platform provides customers deploying these aggregated solutions the advantages of advanced security, reduced cost of ownership, and minimal maintenance expense.
Cisco PIX security appliances and the ASA 5500 family join Cisco IOS Firewall, the FWSM for Cisco Catalyst 6500 switches, and 7600 family routers as components of Cisco's flexible, self-contained firewall solutions. Engineered with an expandable, modular approach, every offering is designed with a particular feature set to deliver more efficient protection to different network environments. These solutions can be independently installed to secure certain facets of the network infrastructure, or can be combined for a systematic, protection-in-depth strategy based on the architecture best practices outlined in the Cisco SAFE Blueprint. Completing the integrated firewall solutions, Cisco has developed a complete security management offering, spanning Cisco security device and IOS security features and built-in device managers, to self-contained management utilities, helping to ensure that customers can productively use their Cisco protection infrastructure investments.
Cisco PIX Firewall Appliances
Cisco PIX firewall appliances offer robust user and application policy support, multivector attack defense, and safe networking features in cost-effective, easy-to-deploy modules. These specialized devices provide a wealth of integrated security and connectivity services such as application-aware firewall services, Voice over IP and multimedia protection, robust site-to-site and remote-access IP Security (IPsec) VPN networking, high availability, smart networking features, and flexible administration solutions. The PIX Security Appliance Series family spans small plug-and-go devices for small and at home offices to stackable gigabit products with ROI for enterprise and ISP customers, PIX firewalls provide dependable security, performance, and reliability for environments of all sizes.
Built around a tested, purpose-built OS that delivers a wealth of protection services, Cisco PIX firewall appliances offer excellent security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec certification. PIX firewalls provide security for a wide array of VoIP and other mixed-media standards such as H.323 Version 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping businesses to protect deployments of a broad range of contemporary and upcoming Voice over IP and video applications.
Cisco PIX firewalls feature a wealth of setup, tracking, and troubleshooting options, giving businesses the flexibility to utilize the methods that most closely match their requirements. Administrative solutions include common, policy-based administration tools, integrated web-based management, and support for remote-tracking standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM system offers a powerful web-based control solution that significantly simplifies the deployment, ongoing configuration, and tracking of a single Cisco PIX firewall appliance without the need of any extra utility other than an ordinary web browser and Java applet to be running on a manager's computer.
IT managers can furthermore remotely configure, monitor, and troubleshoot PIX security appliances via a command-line interface. Secure command-line interface access is available through a number of methods including Secure Shell Protocol, Telnet over IPsec, and out-of-band through a console port. PIX firewalls also have dependable auto-update capabilities, a collection of protected remote-administration services that make sure that firewall configurations and software images are always current.
Cisco Adaptive Security Appliances (ASA) Firewalls
Cisco ASA 5500 Series Firewalls are specially engineered solutions that bring together market-proven, best-of-breed security and VPN services with a flexible design. The end product is a robust, multifunction network protection solution better suited to protect small and midsize business and larger networks and, at the same time, lower the total deployment and maintenance expenses previously associated with this enhanced degree of protection.
Cisco Adaptive Security Appliances (ASA) firewalls provide strong application security via intelligent, application-aware inspection engines that analyze network flows at Layers 4-7. This results in a more secure network including web, voice, and mobile wireless services. To defend environments from application-layer assaults and to offer organizations greater policing of the programs and protocols utilized in their networks, Cisco's inspection engines incorporate extensive application and protocol knowledge and rely on protection enforcement technologies that include anomaly sensing and state tracking. Also incorporated are assault detection and remediation techniques including application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide management of IM and tunneling applications, allowing businesses to enforce usage policies and recover network bandwidth for critical business processes.
At the same time as increasing security, Cisco Adaptive Security Appliances firewalls also decrease installation and support costs. By providing extensive VPN and protection services, the Cisco Adaptive Security Appliances (ASA) firewall can be a single device for a multitude of environments, allowing product standardization. The Cisco ASA 5500 Series firewall can be deployed as a converged threat-prevention appliance at a central location by leveraging its connectivity control, process inspection, and worm, virus, and other malware mitigation capabilities. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can also be deployed as a dedicated remote connectivity solution using its VPN features. Alternatively, the Cisco ASA firewall performs equally well in the network interior for interdepartmental access control and to defend against malware inside workers may unknowingly introduce into the environment. In small business and satellite office environments, the Cisco Adaptive Security Appliances 5500 Series firewall acts as a total solution device offering complete threat defense and Virtual Private Network functionality while fitting within the cost structure and performance demands of such situations.
This versatile single-platform, multiple-solution approach minimizes the number of appliances that need to be deployed and maintained while offering a standard functional and management system throughout all those deployments. This approach simplifies the education of setup, monitoring, support, and protection staff. To further reduce operations costs, Cisco Adaptive Security Appliances firewalls are also highly network aware, allowing these devices to insert seamlessly into the environment without interfering with authorized data flow and applications.
How Progent's Cisco Certified Experts Can Help You with Cisco Firewalls
Cisco ASA Series firewalls and PIX family firewalls incorporate a wealth of configuration, monitoring, and analysis options which offer you the flexibility to set up these security appliances to match your business requirements. Progent's CCIE authorized network professionals can show you how to support your current network infrastructure that includes Cisco ASA or PIX firewall technology and that provides protection, resilience, throughput, and recoverability. Progent can also help you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-certified IS security experts can assist you to create a security policy that makes sense for your situation and can configure your firewall to enforce your security strategy. Progent's risk assessment experts can assess the strength of your current firewall deployment and help determine the overall security of your whole information system network. Progent's Technical Response Center can provide emergency remote technical support for Cisco products and offer quick access to a Cisco expert.
For more details concerning Progent's engineering support for Cisco technology, choose a topic: