Cisco's PIX family security appliances and Cisco ASA Series adaptive security appliances integrate comprehensive firewall, intrusion protection, and Virtual Private Network features in an affordable, single-box format. Both of these product families have been replaced by Cisco's ASA 5500-X line of firewalls with Firepower. (Refer to configuration and debugging support for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and earlier-generation ASA 5500 Series firewalls are extensively used and continue to offer small and mid-size companies a reliable firewall solution.
PIX and the original ASA 5500 firewalls offer robust user and program policy support, mutlivector attack protection, and safe connectivity services. The enhanced knowledge sharing of consolidated protection services in a single platform offers customers deploying these integrated solutions the advantages of advanced protection, lower TCO, and minimal maintenance expense.
Cisco PIX firewalls and the ASA 5500 product line combine with Cisco IOS Firewall, the FWSM for Cisco Catalyst 6500 family switches, and Cisco 7600 Series routers as components of Cisco's versatile, self-contained firewall solutions. Engineered with an expandable, modular approach, each device is designed with a specific feature set to deliver better security to a variety of networking environments. These products can be independently deployed to secure specific facets of the network environment, or can be grouped for a systematic, defense-in-depth approach following the design leading practices outlined in Cisco's SAFE Blueprint. Rounding out the modular firewall product line, Cisco has developed a complete security management portfolio, spanning Cisco security device and IOS security features and embedded appliance controllers, to standalone management programs, helping to ensure that businesses can productively manage their Cisco security infrastructure investments.
Cisco PIX Firewalls
PIX firewalls deliver reliable policy support, multivector attack protection, and secure networking services in cost-effective, easy-to-deploy modules. These specialized appliances provide a wealth of integrated protection and connectivity services such as application-aware firewall services, Voice over IP (VoIP) and multimedia protection, robust multi-site and remote-access IP Security Virtual Private Network (VPN) connectivity, high availability, smart networking services, and flexible management solutions. The Cisco PIX Security Appliance Series product line ranges from compact plug-and-play appliances for small and home offices to stackable high-bandwidth products with investment protection for enterprise and ISP environments, PIX firewalls deliver dependable protection, performance, and availability for network environments of any size.
Built around a tested, purpose-built software platform that delivers rich security services, Cisco PIX firewall appliances offer a high level of security and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. PIX firewalls provide security for a broad array of Voice over IP and other mixed-media conventions including H.323 Version 4, SIP, Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol, helping organizations to safeguard installations of a broad array of contemporary and upcoming VoIP and multimedia applications.
Cisco PIX security appliances feature a variety of setup, tracking, and troubleshooting features, providing businesses the flexibility to utilize the techniques that most closely match their needs. Administrative solutions include common, policy-based management utilities, integrated web-accessible management, and compatibility with remote-tracking protocols like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a world-class web-based management solution that greatly simplifies the deployment, in-place configuration, and monitoring of a single PIX security appliance without the need of any additional software other than a standard browser and Java applet to be running on an administrator's computer.
Administrators can furthermore remotely set up, monitor, and analyze Cisco PIX firewalls via a command-line interface. Safe CLI interface access is available through a number of techniques such as Secure Shell Protocol, Telnet over IP Security, and out-of-band through a console port. Cisco PIX firewall appliances also include robust auto-update capabilities, a set of secure remote-management services that ensure firewall configurations and software images are always up to date.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco ASA 5500 Series Firewalls are specially engineered solutions that incorporate market-proven, industry-leading security and VPN support with an adaptive architecture. The end product is a robust, multifunction network protection solution better suited to defend small and medium company and larger networks and, simultaneously, lower the total deployment and operations costs previously required for this enhanced level of security.
Cisco Adaptive Security Appliances 5500 Series Firewalls build on technology behind the PIX 500 Series Security Appliance, Cisco's IPS 4200 Series Intrusion Prevention System, and the VPN 3000 family concentrator. These technologies converge on the Cisco ASA Firewall family to deliver a firewall that stops a broad range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver program protection, local containment and control, and clean Virtual Private Network connectivity across the entire product line. This breadth of protection enables the guarding of any network area, including the most common attack vectors like remote sites, locally-connected inside users, and remote access Virtual Private Networks.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver strong application protection via smart, application-sensitive inspection engines that analyze traffic at Layers 4-7. The result is a safer network including web, voice, and mobile wireless connectivity. To defend environments against application-layer assaults and to give organizations greater policing of the applications and protocols utilized in their environments, Cisco's inspection engines integrate broad application and protocol knowledgebases and employ protection enforcement technologies that include protocol anomaly detection and state tracking. Also included are assault detection and remediation technology such as application and protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver control over instant messaging and peer-to-peer file sharing, enabling organizations to enforce usage policies and preserve bandwidth for vital business processes.
At the same time as increasing network protection, Cisco ASA 5500 Series firewalls also lower installation and operational expenses. By offering broad VPN and security functions, the Cisco ASA 5500 Series firewall can be a the only platform for many uses, allowing product commonality. The Cisco Adaptive Security Appliances firewall can be deployed as a converged attack-prevention device at a central location by leveraging its connectivity control, application inspection, and worm, virus, and other malware mitigation capabilities. The Cisco ASA 5500 Series firewall can also be used as a dedicated remote access solution using its VPN features. As another option, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves capably inside the network for interdepartmental access control and to defend against malicious assaults internal workers might unknowingly introduce into the environment. In small company and branch office environments, the Cisco ASA 5500 Series firewall acts as an all-in-one device providing complete intrusion prevention and Virtual Private Network services while suiting the budgets and performance demands of these situations.
This versatile one-device, many-use approach reduces the number of devices that need to be deployed and maintained while offering a common operating and management environment throughout all deployments. This approach simplifies the training of configuration, tracking, support, and security staff. To further reduce operations expenses, Cisco ASA 5500 Series firewalls are also exceptionally network aware, enabling them to insert gracefully into the network without disrupting authorized traffic and applications.
How Progent's Cisco Certified Experts Can Assist Your Business with Cisco Firewalls
Cisco's ASA 5500 Series firewalls and PIX firewalls incorporate a wealth of setup, tracking, and analysis features which offer you the ability to configure these firewalls to match your business requirements. Progent's CCIE certified network consultants can show you how to maintain your existing infrastructure that incorporates Cisco ASA and/or PIX firewall technology and that offers security, resilience, performance, and manageability. Progent's firewall experts can also assist your organization to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-certified IS security professionals can help you to create a security strategy appropriate for your business and can set up your PIX or ASA firewall to support your security policies. Progent's security evaluation engineers can evaluate the strength of your existing firewall deployment and audit the overall security of your entire IT network. Progent’s Help Desk Call Center can deliver urgent online troubleshooting for Cisco technology and can give you quick access to a Cisco CCIE expert.
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
To find out more information concerning Progent's engineering help for Cisco solutions, choose a subject:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include: