Cisco's PIX firewalls and Cisco ASA Series firewalls integrate next-generation firewall, intrusion protection, and Virtual Private Network (VPN) functionality in an economical, one-box package. Both product families have been replaced by Cisco's ASA 5500-X family of firewalls with Firepower. (Refer to integration and troubleshooting support for ASA 5500-X firewalls with Firepower Services.) Still, both PIX and previous-generation Cisco ASA 5500 model adaptive security appliances are widely deployed and continue to provide small and mid-size organizations a viable firewall solution.
PIX and the original ASA 5500 firewalls deliver powerful client and application policy support, mutlivector assault defense, and safe connectivity services. The increased intelligence sharing of integrated security features in a stand-alone package provides customers implementing these aggregated solutions the benefits of enhanced security, lower TCO, and minimal maintenance expense.
Cisco PIX firewalls and Cisco's ASA 5500 Series combine with Cisco IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 Series switches, and Cisco 7600 family routers as components of Cisco's versatile, integrated firewall product. Engineered with a scalable, building-block approach, every device is equipped with a specific array of options to provide more efficient security to a variety of networking situations. These solutions can be individually deployed to secure certain areas of the connectivity environment, or can be grouped for a layered, defense-in-depth strategy following the architecture best practices outlined in the Cisco SAFE framework. Rounding out the integrated firewall product line, Cisco provides a complete security management catalog, spanning Cisco security appliance and IOS Software security components and built-in device controllers, to standalone management applications, helping to make sure that businesses can productively manage their Cisco protection solution purchases.
Cisco PIX Firewall Appliances
Cisco PIX firewalls deliver reliable user and application policy support, multi-source invasion protection, and safe connectivity features in affordable, simple-to-configure solutions. These specialized appliances offer a broad range of integrated protection and networking services such as process-aware firewall services, Voice over IP and multimedia security, reliable multi-location and remote-connectivity IP Security (IPsec) VPN connectivity, excellent resiliency, smart networking features, and flexible administration solutions. The PIX firewall product line spans compact plug-and-go desktop units for small or at home offices to modular high-bandwidth products with investment protection for large business and service-provider customers, PIX firewalls provide high levels of protection, performance, and availability for network environments of all sizes.
Built around a tested, purpose-built operating system that delivers a wealth of security features, PIX security appliances offer a high level of security and have earned EAL 4 status and ICSA Labs Firewall and IP Security certification. PIX security appliances offer protection for a wide array of Voice over IP and additional multimedia conventions such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, helping businesses to protect deployments of a wide range of current and next-generation IP voice and mixed-media applications.
Cisco PIX security appliances offer a wealth of setup, monitoring, and troubleshooting options, providing businesses the flexibility to use the methods that most closely match their requirements. Administrative options include common, policy-based management utilities, integrated web-based management, and support for remote-tracking protocols like SNMP and syslog. The integrated ASDM system provides a world-class web-accessible control platform that significantly streamlines the installation, in-place configuration, and monitoring of a specific PIX security appliance without requiring any additional software beyond an ordinary web browser and Java plug-in to be installed on an administrator's computer.
Administrators can furthermore remotely configure, monitor, and analyze Cisco PIX security appliances via a CLI interface. Secure command-line interface (CLI) access is possible using a number of techniques such as Secure Shell Protocol, Telnet through IP Security, and out-of-band via a console port. PIX firewalls also include dependable automatic-update capabilities, a collection advanced secure remote-administration options that make sure that security configurations and software images are kept up to date.
Cisco Adaptive Security Appliances (ASA) Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls are purpose-built devices that bring together market-proven, industry-leading security and VPN support plus a flexible design. The result is a robust, multifunction network protection solution better suited to defend small and medium business and enterprise networks and, at the same time, lower the overall installation and operations costs formerly associated with this high degree of protection.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls leverage technology developed for the PIX 500 firewall, the Cisco IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 family concentrator. These solutions enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to offer a firewall that defends against a wide range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver program protection, network containment and control, and safe VPN connectivity across Cisco's product portfolio. This broad scope of protection enables the guarding of any network section, including the most typical threat vectors such as remote locations, locally-connected inside users, and off-site connected Virtual Private Networks.
Cisco Adaptive Security Appliances 5500 Series firewalls deliver a high-level of application security through intelligent, application-aware inspection engines that analyze traffic at Layers 4-7. This results in a better protected network including web, voice, and mobile wireless access. To defend networks from application-layer attacks and to give organizations more policing of the programs and protocols utilized in their environments, these inspection engines incorporate broad application and protocol knowledge and rely on security enforcement technologies that include protocol anomaly sensing and application and protocol state monitoring. Also included are attack detection and remediation techniques including application/protocol command filtering and URL deobfuscation. Cisco ASA 5500 Series firewall inspection engines also deliver management of instant messaging and peer-to-peer file sharing, enabling organizations to police usage policies and free up bandwidth for crucial business processes.
While increasing security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower installation and operational costs. By offering extensive VPN and protection functions, the Cisco ASA 5500 Series firewall can be a single device for many uses, allowing platform commonality. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be deployed as a consolidated attack-protection appliance at the datacenter by taking advantage of its access control, application inspection, and malware mitigation technologies. The Cisco Adaptive Security Appliances firewall can also be deployed as a specialized remote access solution using its VPN capabilities. Alternatively, the Cisco ASA firewall operates equally well inside the network for interdepartmental connectivity control and to defend against malware inside users might unwittingly release into the environment. In small business and satellite office environments, the Cisco ASA firewall serves as an all-in-one device offering complete threat prevention and VPN services while suiting the cost structure and performance models of such situations.
This adaptive single-platform, multiple-solution design reduces the number of devices that must be installed and maintained while providing a common functional and administrative environment throughout all deployments. This approach streamlines the education of configuration, monitoring, support, and protection personnel. To further reduce maintenance costs, Cisco Adaptive Security Appliances (ASA) firewalls are also highly network aware, enabling them to integrate gracefully into the environment without disrupting legitimate data flow and applications.
How Progent's Cisco Certified Experts Can Assist You with Cisco PIX and ASA Security Appliances
Cisco ASA Series adaptive security appliances and PIX family security appliances provide an array of setup, tracking, and analysis features which offer you the flexibility to deploy these firewalls to align optimally with your company's requirements. Progent's CCIE authorized network consultants can show you how to maintain your existing network infrastructure that includes Cisco ASA or PIX security appliances and that provides protection, fault tolerance, performance, and manageability. Progent's firewall experts can also assist your organization to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-certified information security experts can assist you to develop a security strategy appropriate for your business and can configure your PIX or ASA firewall to enforce your security strategy. Progent's risk assessment experts can evaluate the strength of your current firewall solution and help determine the security of your whole information system network. Progentís Technical Response Center can deliver urgent online technical support for Cisco products and offer quick access to a Cisco network engineer.
For more information about Progent's professional support for Cisco networking products, select a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to get in touch with Progent about engineering assistance for Cisco products, phone 1-800-993-9400 or refer to Contact Progent.