Cisco's PIX family firewalls and ASA Series firewalls integrate next-generation firewall, intrusion protection, and Virtual Private Network (VPN) features in a cost-effective, single-cabinet format. Both product lines have been replaced by the ASA 5500-X line of firewalls with Firepower. (Refer to configuration and debugging support for Cisco AA 5500-X firewalls with Firepower Services.) Still, both PIX and first-generation Cisco ASA 5500 model firewalls are widely used and continue to offer small and mid-size organizations a viable firewall environment.
Cisco PIC and the original ASA 5500 firewalls offer powerful client and application policy support, mutlivector attack protection, and safe connectivity services. The increased knowledge sharing of consolidated security features in a stand-alone package offers customers deploying these aggregated firewalls the benefits of enhanced protection, reduced cost of ownership, and minimal maintenance expense.
Cisco PIX security appliances and the ASA 5500 product line combine with IOS Firewall, the Firewall Services Module for Catalyst 6500 family switches, and 7600 Series routers as parts of Cisco's versatile, self-contained firewall product. Based on a scalable, modular platform, each device is equipped with a specific array of options to provide more efficient protection to a variety of networking environments. These products can be individually deployed to secure certain areas of a connectivity infrastructure, or can be grouped for a systematic, protection-in-depth strategy following the design leading practices described in the Cisco SAFE Blueprint. Completing the modular firewall solutions, Cisco provides a complete security management catalog, ranging from Cisco security appliance and IOS security features and built-in device controllers, to self-contained management applications, helping to make sure that businesses can effectively manage their Cisco protection solution investments.
PIX Security Appliance Series
PIX firewalls offer reliable policy enforcement, multi-source invasion defense, and safe connectivity features in affordable, easy-to-deploy solutions. These specialized devices provide a wealth of built-in protection and networking capabilities including application-aware firewall services, Voice over IP and multimedia protection, reliable site-to-site and remote-connectivity IPcec Virtual Private Network (VPN) networking, high availability, intelligent networking features, and flexible administration options. The Cisco PIX firewall Appliance product line spans small plug-and-play devices for small offices or home offices to stackable gigabit products with ROI for enterprise and service-provider customers, Cisco PIX Security Appliance Series deliver dependable protection, performance, and availability for networks of all sizes.
Based upon a tested, specialized software platform that offers rich protection services, PIX security appliances provide a high level of security and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IPsec certification. Cisco PIX security appliances provide security for a broad array of VoIP and additional multimedia conventions including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol, enabling organizations to safeguard installations of a wide range of current and next-generation Voice over IP and video applications.
PIX security appliances feature a wealth of configuration, monitoring, and analysis options, providing businesses the flexibility to use the techniques that most closely match their requirements. Administrative options include common, policy-based administration utilities, integrated web-based management, and compatibility with remote-tracking standards like Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM interface offers a powerful web-accessible management solution that greatly simplifies the installation, in-place modification, and monitoring of a single PIX security appliance without requiring any extra utility other than a standard browser and Java plug-in to be running on an administrator's computer.
IT managers can furthermore remotely set up, monitor, and analyze Cisco PIX firewalls using a command-line interface (CLI). Safe command-line interface communication is available through a number of techniques such as Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band through a console port. PIX firewall appliances also have robust automatic-update features, a collection of protected remote-management services that ensure firewall configurations and software images are kept current.
Cisco Adaptive Security Appliances (ASA) Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are purpose-built solutions that bring together advanced, best-of-breed protection and VPN support plus an adaptive design. The end product is a powerful, multifunction network protection appliance better able to defend small and medium business and larger networks and, at the same time, reduce the total installation and operations costs previously associated with this enhanced level of protection.
Cisco Adaptive Security Appliances firewalls provide strong application security through smart, application-aware inspection engines that examine network flows at Layers 4-7. This results in a better protected network including web, voice, and mobile wireless connectivity. To protect environments against application-layer assaults and to offer businesses more policing of the programs and protocols utilized in their networks, these inspection engines incorporate broad application and protocol knowledge and rely on protection enforcement technologies that include anomaly detection and state tracking. Also incorporated are assault sensing and remediation techniques such as application and protocol command filters and URL deobfuscation. Cisco ASA 5500 Series firewall inspection engines also deliver management of IM and peer-to-peer file sharing, allowing businesses to enforce usage policies and free up bandwidth for vital business processes.
At the same time as increasing security, Cisco Adaptive Security Appliances firewalls also lower installation and operational expenses. By offering extensive VPN and protection services, the Cisco Adaptive Security Appliances (ASA) firewall can be a single device for a multitude of environments, enabling platform commonality. The Cisco Adaptive Security Appliances firewall can be deployed as a converged attack-prevention device at a central location by leveraging its access control, application inspection, and malware remediation technologies. The Cisco ASA 5500 Series firewall can also be deployed as a dedicated remote access solution using its VPN features. As another option, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall performs capably in the network interior for inter-office access control and to defend against malware internal workers may inadvertently release into the network. In small business and branch office environments, the Cisco Adaptive Security Appliances firewall acts as a total solution platform offering comprehensive intrusion prevention and Virtual Private Network functionality while suiting the cost structure and operational models of such situations.
This adaptive one-device, multiple-use approach minimizes the total number of appliances that must be installed and maintained while providing a standard functional and administrative system throughout all deployments. This architecture streamlines the education of setup, tracking, troubleshooting, and protection staff. To further minimize operations costs, Cisco Adaptive Security Appliances firewalls are also exceptionally network conscious, enabling them to integrate seamlessly into the network without disrupting legitimate traffic and applications.
How Progent Can Help You with Cisco PIX and ASA Firewalls
Cisco ASA 5500 Series firewalls and PIX firewalls provide an array of configuration, tracking, and analysis options that offer you the flexibility to deploy these firewalls to match your business needs. Progent's CCIE authorized network professionals can assist you to maintain your existing network infrastructure that incorporates Cisco ASA or PIX firewall technology and that provides security, fault tolerance, performance, and recoverability. Progent can also assist your organization to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-certified information security consultants can help your business to develop a security policy that makes sense for your environment and can set up your security appliance to enforce your security policies. Progent's risk evaluation professionals can assess the strength of your current firewall solution and help determine the overall security of your entire IS network. Progent's Technical Response Center (TRC) can provide urgent online technical support for Cisco technology and offer quick access to a Cisco CCIE expert.
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include: