Cisco's PIX security appliances and Cisco ASA Series firewalls integrate comprehensive firewall, intrusion protection, and Virtual Private Network (VPN) functionality in a cost-effective, one-box package. Both product families have been superseded by the ASA 5500-X line of security appliances with Firepower. (See integration and debugging help with Cisco AA 5500-X firewalls with Firepower Services.) Still, both PIX and previous-generation ASA 5500 Series firewalls are widely used and continue to deliver small and mid-size organizations a reliable firewall solution.
Cisco PIC and legacy ASA 5500 firewalls deliver robust user and program policy enforcement, mutlivector assault defense, and secure access features. The enhanced intelligence sharing of consolidated protection services in a stand-alone package offers customers implementing these integrated solutions the advantages of advanced security, lower TCO, and minimal management costs.
Cisco PIX firewalls and the ASA 5500 Series combine with IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 switches, and 7600 Series routers as components of Cisco's versatile, self-contained firewall solutions. Engineered with a scalable, building-block platform, every offering is designed with a particular array of options to deliver more efficient protection to a variety of network environments. These solutions can be independently installed to protect specific facets of the network environment, or can be combined for a layered, defense-in-depth strategy following the architecture best practices outlined in Cisco's SAFE Blueprint. Rounding out the integrated firewall product line, Cisco provides a comprehensive security management offering, spanning Cisco security device and IOS Software security features and embedded device managers, to standalone management programs, moving to ensure that businesses can effectively use their Cisco security solution purchases.
PIX Security Appliance Series
PIX firewalls offer reliable policy support, multivector attack protection, and safe connectivity features in cost-effective, simple-to-configure modules. These specialized devices provide a wealth of integrated security and connectivity capabilities including process-aware firewall features, VoIP and multimedia security, robust multi-site and remote-connectivity IP Security (IPsec) VPN networking, fault tolerance, smart networking services, and versatile administration options. The PIX firewall product line spans compact plug-and-play desktop units for small offices or at home offices to modular gigabit products with ROI for enterprise and service-provider environments, Cisco PIX Security Appliance Series deliver high levels of security, speed, and availability for network environments of any size.
Built upon a tested, specialized OS that delivers a wealth of protection features, PIX firewall appliances provide a high level of security and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IPsec qualification. PIX firewalls offer security for a broad range of VoIP and additional multimedia conventions including H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), enabling businesses to safeguard installations of a broad array of contemporary and next-generation Voice over IP and multimedia applications.
PIX security appliances feature a wealth of setup, monitoring, and troubleshooting features, providing IT managers the versatility to use the techniques that most closely match their requirements. Management options include centralized, policy-based management utilities, integrated web-based management, and support for remote-tracking protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface provides a powerful web-accessible management platform that significantly simplifies the installation, ongoing modification, and monitoring of a single PIX firewall without the need of any additional utility other than an ordinary browser and Java applet to be running on a manager's computer.
IT managers can furthermore remotely configure, monitor, and analyze Cisco PIX firewalls using a command-line interface. Safe CLI interface communication is possible through several techniques such as SSHv2 Protocol, Telnet through IPsec, and out-of-band via a console port. Cisco PIX security appliances also include robust automatic-update capabilities, a collection advanced protected remote-administration options that ensure firewall settings and software images are always current.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are specially engineered devices that bring together market-proven, best-of-breed protection and Virtual Private Network support with a flexible design. The end product is a robust, multifunction network security appliance better able to defend small and medium business and enterprise networks and, at the same time, reduce the total installation and maintenance expenses previously required for this enhanced degree of security.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls leverage technology developed for the Cisco PIX 500 Series Security Appliance, the IPS 4200 Series Intrusion Prevention System, and the VPN 3000 Series concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to offer a platform that defends against a wide range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver application protection, local containment and control, and clean VPN functionality across the entire product line. This broad scope of protection enables the guarding of any network section, which includes the most common attack conduits like remote locations, LAN-connected inside users, and off-site connected Virtual Private Networks.
Cisco Adaptive Security Appliances firewalls provide a high-level of application security via smart, application-sensitive inspection processes that examine network flows at Layers 4-7. The result is a safer environment covering web, voice, and mobile wireless services. To protect environments from application-layer attacks and to offer businesses greater policing of the applications and protocols used in their environments, Cisco's inspection engines integrate extensive application and protocol knowledge and employ security enforcement technologies such as protocol anomaly sensing and application and protocol state monitoring. Also included are attack sensing and mitigation techniques such as application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also deliver control over instant messaging and tunneling applications, enabling businesses to police usage policies and conserve network bandwidth for critical business applications.
While improving network security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower installation and operational costs. By providing extensive Virtual Private Network and protection functions, the Cisco ASA firewall can be a the only platform for many environments, allowing product standardization. The Cisco ASA 5500 Series firewall can be deployed as a converged threat-prevention appliance at a central location by leveraging its connectivity control, process inspection, and malware mitigation technologies. The Cisco Adaptive Security Appliances (ASA) firewall can also be used as a specialized remote access device utilizing its Virtual Private Network capabilities. As an alternative, the Cisco Adaptive Security Appliances 5500 Series firewall serves capably in the network interior for inter-office connectivity management and to guard against malware inside users might inadvertently introduce into the environment. For small business and branch office networks, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves as an all-in-one device offering complete threat prevention and VPN functionality while fitting within the budgets and operational models of such situations.
This versatile single-device, multiple-use approach reduces the number of appliances that must be installed and maintained while offering a common operating and management system throughout all those installations. This architecture simplifies the education of configuration, tracking, support, and protection personnel. To further reduce operations costs, Cisco Adaptive Security Appliances 5500 Series firewalls are also exceptionally network aware, enabling these devices to integrate seamlessly into the network without disrupting legitimate data flow and processes.
How Progent's Consultants Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco ASA Series firewalls and PIX family firewalls provide a wealth of setup, tracking, and analysis options which give you the ability to configure these firewalls to align optimally with your business requirements. Progent's CCIE certified network professionals can help you to support your current network infrastructure that includes Cisco ASA and/or PIX firewall technology and that provides protection, fault tolerance, performance, and manageability. Progent's firewall experts can also assist your organization to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified information security experts can help you to develop a security strategy that makes sense for your situation and can set up your security appliance to support your security strategy. Progent's risk assessment professionals can evaluate the strength of your current firewall deployment and audit the overall security of your whole information system environment. Progentís Technical Response Center (TRC) can provide emergency remote troubleshooting for Cisco products and can give you fast access to a Cisco expert.
To find out more details concerning Progent's professional assistance for Cisco technology, select a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to contact Progent about technical help for Cisco technology, call 1-800-993-9400 or refer to Contact Progent.