Cisco's PIX family firewalls and Cisco ASA 5500 Series firewalls combine comprehensive firewall, intrusion protection, and Virtual Private Network (VPN) technologies in an affordable, one-box package. Both of these product lines have been superseded by Cisco's ASA 5500-X family of firewalls with Firepower Services. (Refer to configuration and debugging help with Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and earlier-generation ASA 5500 Series adaptive security appliances are extensively used and continue to provide small and mid-size companies a reliable security environment.
Cisco PIC and legacy ASA 5500 firewalls offer robust client and application policy support, mutlivector assault protection, and secure connectivity features. The enhanced knowledge sharing of consolidated protection features in a stand-alone platform offers customers deploying these integrated firewalls the benefits of advanced protection, reduced TCO, and smaller maintenance costs.
PIX firewalls and the ASA 5500 product line join Cisco IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 family switches, and 7600 Series routers as components of Cisco's flexible, self-contained firewall solutions. Engineered with a scalable, building-block approach, every offering is designed with a particular feature set to deliver better security to different network environments. These solutions can be individually deployed to protect specific facets of a network infrastructure, or can be combined for a systematic, defense-in-depth strategy based on the design leading practices outlined in Cisco's SAFE Blueprint. Completing the modular firewall solutions, Cisco has developed a complete security management product portfolio, ranging from Cisco security device and Cisco IOS security features and built-in appliance controllers, to standalone management programs, helping to ensure that customers can effectively manage their Cisco security solution investments.
PIX firewalls offer robust policy enforcement, multivector attack defense, and safe connectivity services in economical, simple-to-configure modules. These specialized appliances provide a wealth of built-in protection and connectivity services including application-aware firewall features, Voice over IP (VoIP) and multimedia security, robust multi-location and remote-connectivity IP Security Virtual Private Network connectivity, high availability, smart networking features, and flexible management options. The Cisco PIX firewall Appliance product line ranges from small plug-and-play appliances for small offices or home offices to modular gigabit products with ROI for large business and ISP customers, PIX firewalls deliver dependable protection, performance, and availability for networks of any size.
Built around a tested, purpose-built operating system that delivers rich security features, PIX security appliances provide a high level of security and have been awarded EAL 4 status and ICSA Labs Firewall and IPsec qualification. PIX security appliances offer security for a wide array of VoIP and additional mixed-media standards including H.323 Version 4, Session Initiation Protocol, SCCP, RTSP, and Media Gateway Control Protocol (MGCP), enabling businesses to protect installations of a broad range of current and upcoming Voice over IP and video applications.
PIX firewalls feature a wealth of setup, tracking, and troubleshooting options, providing IT managers the flexibility to utilize the techniques that best meet their needs. Management options include common, policy-based management tools, integrated web-based management, and compatibility with remote-monitoring standards such as SNMP and syslog. The integrated ASDM interface offers a world-class web-accessible control solution that significantly simplifies the installation, in-place configuration, and tracking of a specific Cisco PIX security appliance without the need of any extra utility beyond a standard web browser and Java applet to be running on a manager's PC.
Administrators can furthermore remotely set up, track, and troubleshoot Cisco PIX security appliances via a command-line interface. Safe command-line interface access is possible using a number of techniques such as Secure Shell (SSHv2) Protocol, Telnet over IPsec, and out-of-band through a console port. Cisco PIX security appliances also include dependable automatic-update features, a set advanced secure remote-management services that make sure that firewall settings and software images are kept current.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco ASA Firewalls are purpose-built solutions that incorporate advanced, industry-leading security and Virtual Private Network support plus a flexible architecture. The end product is a powerful, multifunction network security appliance better suited to protect small and medium company and enterprise networks and, at the same time, lower the overall installation and operations expenses formerly associated with this enhanced level of security.
Cisco Adaptive Security Appliances Firewalls build on technology behind the PIX 500 Series Security Appliance, the IPS 4200 Intrusion Prevention System, and the VPN 3000 Series concentrator. These technologies converge on the Cisco ASA 5500 Series Firewall product line to deliver a firewall that stops a wide range of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls provide program security, network containment, and clean Virtual Private Network functionality across the entire product line. This broad scope of protection allows the guarding of any network segment, which includes the most common threat vectors like remote sites, LAN-attached internal users, and remote connected VPNs.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide robust application protection via intelligent, application-aware inspection processes that analyze traffic at Layers 4-7. The result is a more secure network covering web, voice, and mobile wireless services. To protect environments from application-layer attacks and to offer businesses greater control over the applications and protocols utilized in their networks, Cisco's inspection engines incorporate broad application and protocol knowledge and rely on protection enforcement solutions that include protocol anomaly detection and state tracking. Also incorporated are assault sensing and remediation technology including application/protocol command filtering and content verification. Cisco ASA firewall inspection engines also provide control over instant messaging and tunneling applications, enabling organizations to police usage policies and recover network bandwidth for important business applications.
At the same time as increasing security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also decrease deployment and support expenses. By providing broad VPN and protection services, the Cisco Adaptive Security Appliances 5500 Series firewall can be used as the the only platform for a multitude of uses, enabling product commonality. The Cisco Adaptive Security Appliances firewall can be deployed as a converged threat-protection appliance at the datacenter by leveraging its access control, process inspection, and worm, virus, and other malware remediation capabilities. The Cisco ASA firewall can also be deployed as a specialized remote access solution utilizing its VPN capabilities. As another option, the Cisco Adaptive Security Appliances 5500 Series firewall serves capably in the network interior for inter-office connectivity management and to defend against worms, viruses, and other malicious code inside workers may unwittingly introduce into the environment. For small company and satellite office environments, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves as an all-in-one platform providing comprehensive intrusion prevention and Virtual Private Network services while fitting within the budgets and operational models of such situations.
This adaptive one-device, many-solution design minimizes the total number of appliances that need to be installed and managed while offering a common functional and management system across all installations. This architecture simplifies the education of configuration, tracking, support, and protection personnel. To further reduce maintenance costs, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also exceptionally network conscious, enabling these devices to insert gracefully into the network without disrupting legitimate traffic and processes.
How Progent's Cisco Certified Experts Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco's ASA Series adaptive security appliances and PIX family firewalls incorporate an array of configuration, monitoring, and analysis options that give you the ability to configure these firewalls to align optimally with your business needs. Progent's CCIE authorized network professionals can show you how to support your existing network infrastructure that incorporates Cisco ASA and/or PIX firewalls and that provides security, fault tolerance, throughput, and recoverability. Progent's firewall experts can also help you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-premier IS security professionals can help you to create a security policy appropriate for your business and can configure your firewall to enforce your security policies. Progent's security assessment professionals can evaluate the effectiveness of your current firewall solution and audit the security of your entire information system environment. Progent’s Help Desk support team can provide urgent online troubleshooting for Cisco technology and offer fast access to a Cisco CCIE expert.
To find out additional details about Progent's professional expertise for Cisco solutions, pick a topic:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To contact Progent about professional support for Cisco products, phone 1-800-993-9400 or refer to Contact Progent.