Cisco PIX firewalls and Cisco ASA 5500 Series adaptive security appliances combine comprehensive firewall, intrusion defense, and Virtual Private Network (VPN) features in an economical, one-box format. Both of these product families have been replaced by the ASA 5500-X family of firewalls with Firepower. (Refer to integration and troubleshooting support for Cisco AA 5500-X firewalls with Firepower Services.) Still, both PIX and previous-generation ASA 5500 model adaptive security appliances are widely used and continue to deliver small and mid-size companies a viable firewall solution.
Cisco PIC and the original ASA 5500 firewalls offer robust user and program policy support, mutlivector attack protection, and secure connectivity services. The enhanced knowledge sharing of integrated security features in a stand-alone platform provides customers implementing these aggregated solutions the advantages of advanced protection, reduced TCO, and minimal maintenance expense.
PIX firewalls and Cisco's ASA 5500 Series combine with IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 Series switches, and Cisco 7600 family routers as parts of Cisco's versatile, self-contained firewall line. Based on a scalable, modular platform, each device is designed with a particular array of options to provide more efficient security to a variety of network environments. These products can be independently deployed to secure specific facets of the network environment, or can be combined for a layered, defense-in-depth approach following the architecture best practices outlined in the Cisco SAFE framework. Completing the modular firewall product line, Cisco has developed a complete security management portfolio, spanning Cisco security device and Cisco IOS security features and built-in device managers, to standalone management utilities, moving to make sure that customers can effectively manage their Cisco security solution purchases.
PIX Security Appliance Series
PIX Security Appliance Series deliver robust policy support, multi-source invasion protection, and secure networking features in economical, simple-to-configure modules. These purpose-built appliances provide a wealth of built-in protection and connectivity services such as process-aware firewall services, Voice over IP (VoIP) and multimedia protection, reliable multi-location and remote-connectivity IP Security VPN networking, fault tolerance, intelligent networking features, and versatile administration solutions. The Cisco PIX firewall Appliance product line spans small plug-and-go devices for small offices or home offices to modular high-bandwidth appliances with ROI for large business and ISP customers, Cisco PIX Security Appliance Series provide high levels of security, speed, and availability for networks of any size.
Based around a tested, specialized software platform that delivers a wealth of security services, PIX firewall appliances provide a high level of security and have earned EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. Cisco PIX security appliances provide protection for a wide range of VoIP and other mixed-media conventions including H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and MGCP, enabling organizations to protect installations of a broad range of contemporary and next-generation Voice over IP and multimedia applications.
PIX firewall appliances offer a wealth of configuration, tracking, and analysis features, giving businesses the flexibility to use the techniques that most closely match their needs. Management solutions include centralized, policy-based management tools, integrated web-accessible administration, and support for remote-tracking standards such as Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager system provides a world-class web-accessible control platform that significantly streamlines the installation, in-place configuration, and tracking of a specific PIX firewall appliance without the need of any additional utility beyond an ordinary web browser and Java applet to be installed on an administrator's computer.
IT managers can furthermore remotely configure, track, and troubleshoot Cisco PIX firewalls using a command-line interface (CLI). Secure command-line interface access is available using a number of methods such as Secure Shell Protocol, Telnet through IP Security, and out-of-band through a console port. Cisco PIX security appliances also include robust auto-update features, a set advanced secure remote-management services that make sure that security configurations and software images are kept current.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls are purpose-built devices that bring together advanced, best-of-breed protection and Virtual Private Network support plus an adaptive architecture. The end product is a robust, versatile network security solution better able to protect small and medium company and enterprise networks and, simultaneously, reduce the total deployment and operations expenses previously required for this high level of protection.
Cisco Adaptive Security Appliances Firewalls build on engineering behind the PIX 500 Series firewall, the IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These solutions converge on the Cisco ASA Firewall product line to deliver a platform that defends against a broad range of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver program security, network containment and control, and safe Virtual Private Network connectivity throughout the entire product line. This broad scope of security enables the guarding of any network section, including the most typical threat vectors such as remote sites, LAN-connected inside users, and off-site access Virtual Private Networks.
Cisco Adaptive Security Appliances firewalls deliver strong application security through smart, application-sensitive inspection engines that examine traffic at Layers 4-7. This results in a more secure environment covering web, voice, and mobile wireless access. To protect environments against application-layer attacks and to offer businesses greater control over the applications and protocols utilized in their environments, Cisco's inspection engines integrate broad application and protocol knowledge and rely on protection enforcement technologies that include protocol anomaly sensing and application and protocol state tracking. Also incorporated are attack sensing and mitigation techniques including application/protocol command filters and content verification. Cisco ASA firewall inspection engines also provide control over instant messaging and tunneling applications, allowing businesses to enforce usage policies and free up network bandwidth for crucial business processes.
At the same time as improving security, Cisco ASA 5500 Series firewalls also lower installation and support costs. By offering broad Virtual Private Network and security functions, the Cisco ASA firewall can be a the only platform for many environments, enabling product commonality. The Cisco Adaptive Security Appliances 5500 Series firewall can be deployed as a consolidated threat-protection appliance at a central location by leveraging its access control, process inspection, and malicious assault mitigation technologies. The Cisco Adaptive Security Appliances (ASA) firewall can also be used as a dedicated remote connectivity solution utilizing its VPN capabilities. As another option, the Cisco ASA firewall operates equally well in the network interior for inter-office access management and to defend against malware inside users may unknowingly release into the environment. For small company and satellite office environments, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves as an all-in-one platform offering comprehensive threat prevention and VPN services while suiting the budgets and operational demands of these situations.
This adaptive one-platform, multiple-use design minimizes the number of devices that must be installed and managed while providing a common operating and management system throughout all installations. This approach streamlines the training of setup, monitoring, troubleshooting, and protection personnel. To further minimize maintenance expenses, Cisco Adaptive Security Appliances (ASA) firewalls are also highly network conscious, enabling them to insert gracefully into the environment without disrupting authorized traffic and applications.
How Progent's Consultants Can Help You with Cisco PIX and ASA Firewalls
Cisco ASA 5500 Series firewalls and PIX security appliances incorporate a wealth of setup, tracking, and troubleshooting features which give you the ability to set up these security appliances to match your business needs. Progent's CCIE certified network experts can help you to maintain your existing infrastructure that includes Cisco ASA and/or PIX firewall technology and that provides protection, resilience, performance, and manageability. Progent can also help your organization to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified IS security experts can help your business to develop a security strategy appropriate for your business and can configure your PIX or ASA firewall to enforce your security policies. Progent's security evaluation engineers can assess the effectiveness of your existing firewall deployment and validate the security of your entire IT network. Progent’s Help Desk Call Center can deliver urgent remote troubleshooting for Cisco technology and offer fast access to a Cisco network engineer.
To find out more details about Progent's consulting assistance for Cisco technology, choose a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to ask Progent about professional assistance for Cisco products, call 1-800-993-9400 or refer to Contact Progent.