Cisco PIX family firewalls and ASA 5500 Series adaptive security appliances integrate next-generation firewall, intrusion protection, and Virtual Private Network features in a cost-effective, single-box format. Both product lines have been superseded by the ASA 5500-X line of firewalls with Firepower. (Refer to configuration and troubleshooting expertise for Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and previous-generation ASA 5500 Series firewalls are extensively used and continue to offer small and mid-size companies a reliable security environment.
Cisco PIC and legacy ASA 5500 firewalls deliver robust user and application policy enforcement, mutlivector attack defense, and safe access services. The enhanced intelligence sharing of integrated protection services in a stand-alone package offers users deploying these integrated solutions the benefits of enhanced security, reduced cost of ownership, and minimal management costs.
Cisco PIX firewalls and the ASA 5500 product line join Cisco IOS Firewall, the Firewall Services Module for Catalyst 6500 switches, and Cisco 7600 routers as parts of Cisco's flexible, integrated firewall line. Engineered with a scalable, building-block approach, every offering is designed with a specific array of options to provide better protection to a variety of network environments. These products can be individually deployed to secure certain areas of the connectivity infrastructure, or can be grouped for a systematic, defense-in-depth strategy following the architecture leading practices outlined in Cisco's SAFE framework. Rounding out the integrated firewall solutions, Cisco has developed a comprehensive security management offering, ranging from Cisco security device and Cisco IOS security components and built-in device controllers, to self-contained management utilities, moving to ensure that businesses can effectively manage their Cisco protection infrastructure purchases.
PIX Security Appliance Series
Cisco PIX Security Appliance Series deliver reliable policy support, multi-source invasion protection, and secure connectivity services in affordable, easy-to-deploy modules. These specialized devices offer a wealth of integrated protection and networking services such as process-aware firewall services, Voice over IP (VoIP) and multimedia security, robust multi-location and remote-connectivity IPcec Virtual Private Network networking, high availability, intelligent networking services, and versatile management solutions. The Cisco PIX Security Appliance Series product line spans compact plug-and-play appliances for small and at home offices to stackable high-bandwidth appliances with ROI for large business and ISP environments, Cisco PIX firewalls deliver dependable protection, performance, and reliability for networks of all sizes.
Built upon a hardened, purpose-built operating system that delivers rich protection features, Cisco PIX security appliances offer excellent protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IPsec certification. Cisco PIX firewalls provide security for a wide range of VoIP and other mixed-media conventions such as H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, helping organizations to safeguard deployments of a broad array of current and upcoming VoIP and mixed-media applications.
Cisco PIX firewall appliances offer a variety of setup, monitoring, and troubleshooting options, giving businesses the versatility to use the techniques that most closely meet their requirements. Administrative solutions include common, policy-based administration tools, integrated web-accessible administration, and support for remote-tracking standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM system offers a powerful web-based management platform that greatly streamlines the installation, in-place configuration, and tracking of a single PIX security appliance without the need of any extra utility other than an ordinary web browser and Java applet to be installed on an administrator's computer.
IT managers can furthermore remotely configure, monitor, and analyze Cisco PIX firewall appliances via a command-line interface. Secure command-line interface (CLI) access is possible through several methods such as SSHv2 Protocol, Telnet over IP Security, and out-of-band via a console port. PIX firewall appliances also include robust auto-update capabilities, a set advanced protected remote-administration services that ensure firewall settings and software images are kept current.
Cisco Adaptive Security Appliances Firewalls
Cisco ASA Firewalls are specially engineered solutions that incorporate market-proven, best-of-breed security and Virtual Private Network services plus a flexible architecture. The end product is a powerful, versatile network security appliance better able to protect small and midsize business (SMB) and enterprise networks and, at the same time, lower the total installation and operations costs previously required for this enhanced degree of protection.
Cisco Adaptive Security Appliances (ASA) Firewalls leverage engineering developed for Cisco's PIX 500 firewall, the Cisco IPS 4200 family sensor, and the Cisco VPN 3000 model concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) Firewall family to offer a platform that defends against a broad range of attacks. Cisco ASA Firewalls provide application protection, network containment and control, and clean Virtual Private Network functionality across Cisco's product portfolio. This breadth of protection enables the guarding of any network section, including the most common attack conduits such as remote locations, LAN-attached inside users, and remote connected Virtual Private Networks.
Cisco Adaptive Security Appliances (ASA) firewalls deliver robust application security through smart, application-aware inspection engines that analyze network flows at Layers 4-7. This produces a safer network including web, voice, and mobile wireless services. To protect environments against application-layer assaults and to give businesses more control over the applications and protocols used in their environments, these inspection engines integrate extensive application and protocol knowledge and rely on protection enforcement solutions such as protocol anomaly detection and state tracking. Also incorporated are attack detection and remediation techniques including application and protocol command filters and URL deobfuscation. Cisco ASA 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, allowing businesses to enforce usage policies and free up network bandwidth for vital business processes.
At the same time as improving network security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower deployment and operational costs. By offering broad Virtual Private Network and protection functions, the Cisco Adaptive Security Appliances 5500 Series firewall can be a the only platform for many environments, allowing product standardization. The Cisco ASA 5500 Series firewall can be deployed as a converged threat-protection appliance at a central location by taking advantage of its connectivity control, process inspection, and malicious assault remediation technologies. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can also be deployed as a specialized remote access solution using its VPN capabilities. As an alternative, the Cisco ASA firewall performs equally well in the network interior for inter-office connectivity management and to defend against malicious assaults inside workers might inadvertently release into the environment. For small business and branch office environments, the Cisco Adaptive Security Appliances firewall acts as a total solution device providing complete threat defense and VPN functionality while fitting within the cost structure and performance models of such situations.
This adaptive one-platform, multiple-use design minimizes the total number of devices that need to be installed and managed while providing a standard operating and management environment throughout all those deployments. This approach simplifies the education of configuration, monitoring, troubleshooting, and protection personnel. To further minimize operations expenses, Cisco ASA firewalls are also exceptionally network conscious, enabling these devices to integrate gracefully into the network without disrupting legitimate data flow and applications.
How Progent's Consultants Can Assist You with Cisco PIX and ASA Firewalls
Cisco's ASA Series firewalls and PIX firewalls incorporate a wealth of configuration, monitoring, and analysis features which offer you the ability to configure these firewalls to match your company's needs. Progent's CCIE authorized network experts can show you how to support your current infrastructure that incorporates Cisco ASA and/or PIX firewalls and that provides security, fault tolerance, throughput, and recoverability. Progent's firewall experts can also help your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-premier information security experts can help your business to create a security strategy appropriate for your situation and can set up your security appliance to support your security policies. Progent's security assessment professionals can assess the strength of your existing firewall solution and help determine the overall security of your whole IT environment. Progentís Help Desk Call Center can provide urgent remote troubleshooting for Cisco products and can give you quick access to a Cisco CCIE network engineer.
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
For additional information about Progent's professional expertise for Cisco technology, select a subject:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include: