Cisco's PIX family security appliances and ASA 5500 Series adaptive security appliances integrate next-generation firewall, intrusion defense, and Virtual Private Network features in an economical, single-cabinet format. Both product lines have been replaced by the ASA 5500-X line of firewalls with Firepower. (Refer to integration and troubleshooting expertise for ASA 5500-X firewalls with Firepower Services.) Still, PIX and previous-generation ASA 5500 Series firewalls are extensively used and continue to provide small and mid-size companies a reliable firewall environment.
PIX and the original ASA 5500 firewalls offer robust user and application policy support, mutlivector assault defense, and safe access features. The enhanced intelligence sharing of integrated protection features in a stand-alone platform offers users deploying these integrated firewalls the benefits of advanced security, lower cost of ownership, and smaller maintenance costs.
PIX security appliances and the ASA 5500 family join Cisco IOS Firewall, the Firewall Services Module for Catalyst 6500 switches, and 7600 routers as parts of Cisco's versatile, self-contained firewall product. Engineered with a scalable, building-block platform, each device is designed with a particular array of options to deliver better security to different network environments. These solutions can be individually deployed to protect certain areas of a network infrastructure, or can be combined for a systematic, protection-in-depth strategy based on the architecture best practices described in Cisco's SAFE framework. Rounding out the modular firewall product line, Cisco has developed a complete security management portfolio, ranging from Cisco security device and Cisco IOS security features and embedded device managers, to standalone management utilities, helping to make sure that businesses can effectively manage their Cisco protection solution investments.
Cisco PIX Firewalls
PIX firewall appliances deliver reliable policy support, multivector invasion protection, and secure networking features in cost-effective, easy-to-deploy modules. These purpose-built appliances offer a wealth of integrated protection and networking capabilities such as application-aware firewall features, Voice over IP and multimedia security, reliable multi-site and remote-access IPcec Virtual Private Network (VPN) connectivity, high availability, intelligent networking features, and versatile administration options. The PIX Security Appliance Series product line ranges from small plug-and-play appliances for small and home offices to modular high-bandwidth appliances with ROI for enterprise and service-provider environments, Cisco PIX firewall appliances deliver dependable security, performance, and availability for networks of any size.
Based upon a hardened, purpose-built operating system that offers a wealth of protection services, Cisco PIX firewall appliances offer a high level of protection and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IPsec certification. Cisco PIX firewalls offer security for a broad array of VoIP and other mixed-media conventions including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), enabling organizations to safeguard deployments of a broad array of current and upcoming IP voice and video applications.
Cisco PIX firewall appliances offer a variety of configuration, tracking, and analysis options, providing IT managers the flexibility to use the techniques that most closely match their requirements. Management options include common, policy-based administration tools, integrated web-based management, and support for remote-tracking protocols such as SNMP and syslog. The integrated Adaptive Security Device Manager system offers a world-class web-accessible management solution that greatly simplifies the installation, ongoing modification, and tracking of a specific Cisco PIX firewall appliance without requiring any extra software other than an ordinary web browser and Java plug-in to be running on a manager's PC.
Administrators can also remotely configure, monitor, and analyze PIX firewalls via a command-line interface. Secure command-line interface access is available using several methods including SSHv2 Protocol, Telnet over IP Security, and out-of-band via a console port. Cisco PIX firewall appliances also include robust automatic-update capabilities, a collection of protected remote-management options that make sure that security configurations and software images are kept up to date.
Cisco ASA Firewalls
Cisco ASA 5500 Series Firewalls are specially engineered devices that bring together advanced, industry-leading security and VPN support plus an adaptive design. The result is a robust, versatile network protection solution better able to protect small and midsize business and enterprise networks and, at the same time, lower the total installation and operations expenses formerly required for this high level of security.
Cisco Adaptive Security Appliances (ASA) Firewalls build on technology developed for the Cisco PIX 500 Security Appliance, the IPS 4200 Series Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These solutions enable the Cisco Adaptive Security Appliances 5500 Series Firewall family to deliver a platform that stops a broad range of attacks. Cisco ASA 5500 Series Firewalls provide program security, network containment and control, and safe VPN functionality across the entire product portfolio. This broad scope of protection allows the guarding of any network area, which includes the most common threat vectors like remote sites, LAN-connected inside users, and off-site connected VPNs.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide a high-level of application security through smart, application-sensitive inspection engines that analyze network flows at Layers 4-7. This results in a better protected network covering web, voice, and mobile wireless connectivity. To defend networks against application-layer assaults and to offer businesses greater control over the applications and protocols used in their environments, Cisco's inspection engines incorporate broad application and protocol knowledge and employ protection enforcement technologies such as protocol anomaly sensing and application and protocol state monitoring. Also incorporated are attack sensing and remediation techniques including application/protocol command filtering and content verification. Cisco ASA firewall inspection engines also provide management of IM and peer-to-peer file sharing, enabling businesses to police usage policies and free up network bandwidth for crucial business applications.
At the same time as improving network protection, Cisco Adaptive Security Appliances 5500 Series firewalls also decrease deployment and support costs. By providing extensive VPN and protection functions, the Cisco Adaptive Security Appliances firewall can be a single device for many uses, allowing product standardization. The Cisco Adaptive Security Appliances (ASA) firewall can be used as a converged threat-prevention device at the datacenter by taking advantage of its access control, application inspection, and malicious assault mitigation capabilities. The Cisco Adaptive Security Appliances (ASA) firewall can also be used as a dedicated remote access solution utilizing its Virtual Private Network features. As an alternative, the Cisco Adaptive Security Appliances (ASA) firewall serves equally well in the network interior for inter-office connectivity control and to guard against worms, viruses, and other malicious code internal workers may inadvertently release into the environment. In small business and branch office environments, the Cisco Adaptive Security Appliances 5500 Series firewall acts as a total solution device offering comprehensive threat defense and VPN functionality while suiting the budgets and performance demands of these deployments.
This versatile single-device, many-solution design minimizes the total number of devices that need to be installed and maintained while offering a common functional and administrative system throughout all those deployments. This approach simplifies the education of configuration, tracking, support, and protection staff. To further minimize operations expenses, Cisco Adaptive Security Appliances (ASA) firewalls are also exceptionally network conscious, allowing them to integrate gracefully into the environment without disrupting legitimate data flow and processes.
How Progent's Consultants Can Help Your Business with Cisco Firewalls
Cisco's ASA 5500 Series firewalls and PIX family security appliances provide a wealth of configuration, tracking, and troubleshooting options that give you the flexibility to configure these firewalls to match your company's requirements. Progent's CCIE certified network consultants can show you how to maintain your existing infrastructure that incorporates Cisco ASA and/or PIX firewalls and that offers protection, resilience, performance, and recoverability. Progent's firewall experts can also help you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-certified information security engineers can assist your business to create a security strategy appropriate for your business and can configure your PIX or ASA firewall to support your security policies. Progent's security assessment consultants can assess the strength of your current firewall solution and validate the security of your entire IT network. Progent's Help Desk Call Center can provide urgent online technical support for Cisco technology and can give you fast access to a Cisco CCIE network engineer.
To learn additional information concerning Progent's professional expertise for Cisco solutions, select a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
To contact Progent about engineering expertise for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.