Cisco's PIX security appliances and Cisco ASA Series firewalls integrate next-generation firewall, intrusion protection, and Virtual Private Network features in a cost-effective, single-cabinet format. Both product lines have been superseded by Cisco's ASA 5500-X line of security appliances with Firepower Services. (Refer to integration and troubleshooting support for ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and previous-generation ASA 5500 Series firewalls are extensively deployed and continue to provide small and mid-size companies a viable firewall environment.
Cisco PIC and the original ASA 5500 firewalls deliver powerful user and program policy enforcement, mutlivector attack protection, and safe access features. The increased intelligence sharing of integrated protection features in a single platform offers customers implementing these integrated solutions the advantages of advanced security, lower TCO, and minimal maintenance costs.
PIX firewalls and the ASA 5500 Series combine with IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 switches, and 7600 family routers as components of Cisco's versatile, self-contained firewall line. Engineered with a scalable, building-block approach, every device is designed with a specific array of options to deliver more efficient protection to different network environments. These solutions can be individually deployed to protect certain areas of a network environment, or can be grouped for a systematic, protection-in-depth approach based on the architecture leading practices outlined in Cisco's SAFE framework. Rounding out the modular firewall solutions, Cisco has developed a comprehensive security management catalog, spanning Cisco security appliance and Cisco IOS Software security features and built-in device controllers, to self-contained management utilities, helping to make sure that businesses can effectively use their Cisco protection infrastructure investments.
Cisco PIX Firewall Appliances
PIX Security Appliance Series offer robust policy support, multi-source invasion defense, and safe connectivity services in cost-effective, easy-to-deploy solutions. These specialized appliances provide a broad range of built-in protection and connectivity services including application-aware firewall services, Voice over IP (VoIP) and multimedia security, reliable multi-site and remote-access IP Security VPN connectivity, high availability, intelligent networking features, and versatile management options. The Cisco PIX firewall Appliance family spans small plug-and-play devices for small offices or home offices to stackable gigabit products with investment protection for enterprise and ISP environments, Cisco PIX firewalls provide dependable protection, performance, and availability for networks of all sizes.
Based upon a hardened, purpose-built software platform that delivers a wealth of security features, Cisco PIX firewall appliances provide a high level of security and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security qualification. PIX firewall appliances provide protection for a broad array of VoIP and additional multimedia conventions such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping businesses to protect deployments of a wide array of current and next-generation Voice over IP and video applications.
Cisco PIX firewalls offer a wealth of setup, tracking, and troubleshooting options, giving IT managers the flexibility to utilize the methods that most closely meet their needs. Administrative options include centralized, policy-based management utilities, integrated web-accessible management, and compatibility with remote-tracking standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system offers a powerful web-based control platform that significantly streamlines the deployment, ongoing configuration, and monitoring of a single PIX firewall appliance without the need of any additional utility beyond an ordinary web browser and Java plug-in to be running on a manager's PC.
Administrators can furthermore remotely set up, monitor, and troubleshoot PIX firewall appliances using a command-line interface (CLI). Safe command-line interface access is available using several methods including SSHv2 Protocol, Telnet through IP Security, and out-of-band through a console port. PIX firewalls also have dependable automatic-update features, a set advanced secure remote-management services that ensure firewall configurations and software images are always current.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are specially engineered devices that incorporate advanced, industry-leading protection and VPN support plus a flexible architecture. The end product is a powerful, multifunction network security solution better able to protect small and medium business and larger networks and, at the same time, lower the total installation and operations expenses previously required for this enhanced level of protection.
Cisco Adaptive Security Appliances firewalls deliver robust application security through smart, application-sensitive inspection processes that analyze traffic at Layers 4-7. The result is a better protected environment covering web, voice, and mobile wireless connectivity. To protect environments from application-layer attacks and to give businesses more policing of the applications and protocols used in their networks, Cisco's inspection engines integrate extensive application and protocol knowledgebases and rely on security enforcement technologies such as anomaly detection and application and protocol state tracking. Also included are assault detection and remediation technology including application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver management of instant messaging and tunneling applications, allowing organizations to police usage policies and free up network bandwidth for critical business applications.
At the same time as increasing security, Cisco Adaptive Security Appliances firewalls also decrease deployment and operational costs. By offering broad VPN and protection services, the Cisco ASA 5500 Series firewall can be a single device for a multitude of uses, allowing product standardization. The Cisco Adaptive Security Appliances (ASA) firewall can be deployed as a consolidated attack-prevention device at the datacenter by taking advantage of its access control, application inspection, and malicious assault mitigation technologies. The Cisco ASA firewall can also be deployed as a specialized remote connectivity solution using its VPN capabilities. As another option, the Cisco Adaptive Security Appliances (ASA) firewall operates equally well in the network interior for inter-office access management and to guard against worms, viruses, and other malicious code inside users might unknowingly introduce into the network. For small business and branch office networks, the Cisco Adaptive Security Appliances 5500 Series firewall serves as a total solution device offering comprehensive intrusion prevention and VPN services while suiting the cost structure and operational models of such situations.
This versatile one-platform, many-solution approach reduces the number of devices that must be installed and managed while providing a common functional and administrative environment throughout all installations. This approach simplifies the training of configuration, tracking, support, and security personnel. To further reduce maintenance costs, Cisco Adaptive Security Appliances firewalls are also exceptionally network aware, enabling them to insert gracefully into the environment without interfering with legitimate data flow and processes.
How Progent's Cisco Certified Experts Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco ASA 5500 Series firewalls and PIX security appliances provide an array of configuration, tracking, and troubleshooting features that offer you the ability to set up these security appliances to align optimally with your business requirements. Progent's CCIE authorized network experts can assist you to maintain your current network infrastructure that includes Cisco ASA or PIX firewalls and that offers protection, fault tolerance, throughput, and manageability. Progent's firewall experts can also help you to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-certified information security engineers can help you to develop a security strategy that makes sense for your environment and can configure your security appliance to support your security strategy. Progent's security evaluation engineers can assess the strength of your existing firewall deployment and validate the security of your entire information system environment. Progent's Technical Response Center (TRC) can deliver urgent remote troubleshooting for Cisco technology and can give you quick access to a Cisco network engineer.
Integration of Cisco and Third-party Firewall Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include: