Cisco PIX family firewalls and ASA 5500 Series adaptive security appliances combine next-generation firewall, intrusion defense, and Virtual Private Network features in an economical, one-box package. Both product lines have been superseded by the ASA 5500-X line of firewalls with Firepower. (See integration and debugging help with Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and earlier-generation Cisco ASA 5500 Series adaptive security appliances are extensively used and continue to offer small and mid-size companies a reliable firewall environment.
PIX and legacy ASA 5500 firewalls offer robust client and program policy enforcement, mutlivector assault protection, and secure access features. The enhanced intelligence sharing of consolidated protection features in a single platform provides users deploying these aggregated firewalls the advantages of advanced protection, reduced cost of ownership, and smaller maintenance costs.
Cisco PIX security appliances and Cisco's ASA 5500 product line combine with Cisco IOS Firewall, the Firewall Services Module for Catalyst 6500 Series switches, and Cisco 7600 routers as components of Cisco's versatile, integrated firewall line. Engineered with an expandable, building-block approach, every offering is designed with a particular feature set to provide more efficient protection to different network environments. These products can be individually deployed to secure specific facets of a connectivity environment, or can be grouped for a systematic, protection-in-depth strategy following the architecture leading practices outlined in the Cisco SAFE Blueprint. Completing the integrated firewall product line, Cisco has developed a comprehensive security management product portfolio, ranging from Cisco security device and IOS security features and built-in appliance managers, to self-contained management utilities, helping to make sure that customers can effectively manage their Cisco security solution purchases.
Cisco PIX Security Appliance Series
Cisco PIX firewalls deliver reliable policy enforcement, multi-source invasion protection, and secure networking services in affordable, simple-to-configure modules. These specialized appliances provide a wealth of built-in security and connectivity services including application-aware firewall features, VoIP and multimedia protection, robust multi-location and remote-connectivity IP Security (IPsec) VPN networking, excellent resiliency, intelligent networking services, and flexible management solutions. The PIX Security Appliance Series product line ranges from compact plug-and-play appliances for small offices or at home offices to modular high-bandwidth appliances with investment protection for large business and service-provider customers, Cisco PIX Security Appliance Series provide dependable protection, speed, and availability for networks of any size.
Built upon a hardened, specialized OS that delivers a wealth of security services, PIX security appliances provide excellent security and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security certification. Cisco PIX firewall appliances provide protection for a wide array of Voice over IP and other multimedia conventions such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol (MGCP), helping businesses to safeguard installations of a wide range of contemporary and upcoming Voice over IP and mixed-media applications.
Cisco PIX firewalls feature a variety of setup, monitoring, and analysis options, providing businesses the flexibility to use the techniques that best meet their requirements. Administrative options include centralized, policy-based administration utilities, integrated web-based management, and compatibility with remote-tracking standards like SNMP and syslog. The integrated ASDM system offers a powerful web-accessible control solution that significantly streamlines the deployment, in-place modification, and tracking of a single PIX firewall without the need of any additional utility other than a standard browser and Java plug-in to be running on a manager's computer.
IT managers can furthermore remotely set up, monitor, and troubleshoot Cisco PIX firewall appliances via a CLI interface. Safe command-line interface (CLI) access is available through several techniques such as Secure Shell Protocol, Telnet through IPsec, and out-of-band via a console port. Cisco PIX firewall appliances also have dependable automatic-update features, a collection advanced protected remote-management services that ensure firewall configurations and software images are always up to date.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco ASA 5500 Series Firewalls are specially engineered devices that bring together advanced, best-of-breed security and VPN support plus a flexible design. The result is a robust, multifunction network security appliance better suited to protect small and medium business (SMB) and larger networks and, simultaneously, reduce the total installation and operations costs previously required for this high degree of protection.
Cisco ASA 5500 Series Firewalls build on engineering developed for Cisco's PIX 500 Series firewall, the IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These solutions enable the Cisco ASA 5500 Series Firewall product line to offer a platform that stops a broad range of threats. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver program security, network containment, and safe Virtual Private Network connectivity across the entire product line. This breadth of security allows defense of any network section, which includes the most common threat vectors such as remote locations, LAN-attached inside users, and remote access VPNs.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver robust application protection through intelligent, application-sensitive inspection engines that analyze traffic at Layers 4-7. This produces a more secure environment including web, voice, and mobile wireless access. To protect networks against application-layer attacks and to offer organizations greater policing of the applications and protocols used in their environments, these inspection engines integrate broad application and protocol knowledgebases and employ security enforcement technologies such as protocol anomaly detection and application and protocol state monitoring. Also incorporated are attack sensing and remediation technology such as application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide management of instant messaging and peer-to-peer file sharing, enabling organizations to police usage policies and preserve network bandwidth for critical business applications.
At the same time as improving network protection, Cisco ASA firewalls also lower deployment and operational costs. By providing broad Virtual Private Network and protection functions, the Cisco Adaptive Security Appliances (ASA) firewall can be a the only platform for many uses, allowing platform standardization. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as a converged threat-prevention appliance at the datacenter by taking advantage of its connectivity control, process inspection, and malware mitigation technologies. The Cisco ASA firewall can also be used as a dedicated remote access device using its Virtual Private Network features. As an alternative, the Cisco Adaptive Security Appliances firewall performs capably inside the network for inter-office access management and to guard against malware internal users might unwittingly introduce into the environment. For small company and satellite office environments, the Cisco Adaptive Security Appliances 5500 Series firewall acts as a total solution device providing complete threat defense and VPN services while suiting the cost structure and operational demands of such deployments.
This adaptive one-platform, many-use approach reduces the number of appliances that need to be installed and managed while offering a standard functional and administrative environment throughout all those deployments. This approach streamlines the education of configuration, tracking, support, and security staff. To further reduce maintenance expenses, Cisco ASA firewalls are also highly network aware, enabling these devices to integrate seamlessly into the environment without interfering with legitimate data flow and processes.
How Progent Can Help You with Cisco PIX and ASA Firewalls
Cisco ASA 5500 Series adaptive security appliances and PIX firewalls incorporate a wealth of setup, monitoring, and troubleshooting features that offer you the ability to configure these security appliances to align optimally with your company's needs. Progent's CCIE certified network professionals can assist you to maintain your existing infrastructure that incorporates Cisco ASA or PIX firewall technology and that offers security, fault tolerance, throughput, and manageability. Progent's firewall experts can also help you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-premier information security professionals can help your business to create a security strategy that makes sense for your situation and can set up your firewall to support your security strategy. Progent's risk evaluation engineers can assess the strength of your current firewall deployment and help determine the security of your entire IS environment. Progent's Technical Response Center (TRC) can deliver urgent online technical support for Cisco products and offer quick access to a Cisco expert.
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
To see additional information about Progent's professional help for Cisco products, choose a subject:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include: