Cisco's PIX family firewalls and ASA Series adaptive security appliances combine next-generation firewall, intrusion protection, and VPN functionality in an affordable, single-box format. Both product families have been superseded by Cisco's ASA 5500-X family of firewalls with Firepower Services. (Refer to integration and troubleshooting support for Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and earlier-generation Cisco ASA 5500 model adaptive security appliances are extensively deployed and continue to offer small and mid-size organizations a viable security environment.
PIX and the original ASA 5500 firewalls offer robust user and program policy enforcement, mutlivector assault protection, and secure connectivity services. The increased intelligence sharing of integrated protection services in a stand-alone platform provides users implementing these aggregated firewalls the benefits of advanced security, reduced cost of ownership, and smaller maintenance costs.
Cisco PIX security appliances and the ASA 5500 Series combine with Cisco IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 Series switches, and 7600 family routers as components of Cisco's versatile, self-contained firewall line. Engineered with a scalable, building-block approach, every device is equipped with a particular feature set to deliver better protection to a variety of network situations. These solutions can be independently deployed to secure specific areas of a network infrastructure, or can be combined for a systematic, defense-in-depth approach following the design best practices outlined in Cisco's SAFE framework. Rounding out the integrated firewall solutions, Cisco has developed a comprehensive security management catalog, spanning Cisco security appliance and IOS Software security components and built-in appliance managers, to standalone management applications, moving to make sure that customers can effectively manage their Cisco security infrastructure investments.
PIX Security Appliance Series
PIX Security Appliance Series offer reliable user and application policy support, multivector attack defense, and secure networking features in affordable, easy-to-deploy modules. These specialized devices offer a wealth of integrated security and connectivity services including application-aware firewall features, Voice over IP (VoIP) and multimedia protection, reliable site-to-site and remote-access IP Security Virtual Private Network (VPN) networking, fault tolerance, smart networking services, and versatile administration solutions. The Cisco PIX firewall product line spans compact plug-and-go devices for small or at home offices to modular high-bandwidth products with ROI for enterprise and ISP environments, Cisco PIX Security Appliance Series provide dependable protection, performance, and reliability for networks of any size.
Based around a tested, purpose-built OS that delivers a wealth of security services, PIX firewall appliances offer excellent protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security (IPsec) certification. Cisco PIX firewall appliances provide security for a wide array of Voice over IP and other multimedia conventions such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), enabling organizations to protect installations of a broad range of current and upcoming VoIP and video applications.
PIX firewalls feature a variety of configuration, tracking, and analysis features, providing IT managers the versatility to utilize the techniques that most closely meet their requirements. Administrative options include common, policy-based management utilities, integrated web-based management, and compatibility with remote-tracking protocols such as Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager interface provides a world-class web-based management platform that significantly streamlines the installation, ongoing configuration, and monitoring of a specific Cisco PIX security appliance without the need of any additional utility other than an ordinary web browser and Java applet to be running on a manager's computer.
IT managers can furthermore remotely set up, track, and analyze Cisco PIX firewall appliances via a CLI interface. Secure command-line interface (CLI) access is available using a number of methods including Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. PIX firewalls also include dependable automatic-update capabilities, a set of secure remote-administration services that ensure firewall settings and software images are always up to date.
Cisco ASA 5500 Series Firewalls
Cisco ASA 5500 Series Firewalls are purpose-built solutions that incorporate advanced, industry-leading security and Virtual Private Network support with a flexible design. The result is a robust, multifunction network protection appliance better able to protect small and medium company and enterprise networks and, at the same time, lower the overall installation and operations costs previously required for this enhanced level of security.
Cisco ASA 5500 Series Firewalls build on technology developed for the Cisco PIX 500 family firewall, the Cisco IPS 4200 Series Intrusion Prevention System, and the VPN 3000 Series concentrator. These technologies enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to offer a firewall that stops a broad range of threats. Cisco Adaptive Security Appliances Firewalls deliver application security, network containment, and safe VPN functionality across the entire product portfolio. This broad scope of protection enables the guarding of any network area, which includes the most common attack vectors like remote sites, locally-attached internal users, and off-site connected Virtual Private Networks.
Cisco Adaptive Security Appliances firewalls provide a high-level of application security through smart, application-aware inspection engines that analyze traffic at Layers 4-7. The result is a more secure network including web, voice, and mobile wireless services. To defend environments from application-layer assaults and to give businesses greater policing of the programs and protocols utilized in their environments, these inspection engines incorporate broad application and protocol knowledge and employ security enforcement solutions that include anomaly detection and application and protocol state tracking. Also incorporated are attack sensing and remediation technology such as application/protocol command filters and content verification. Cisco ASA 5500 Series firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, allowing organizations to enforce usage policies and recover network bandwidth for important business processes.
At the same time as increasing network protection, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower installation and operational expenses. By offering extensive Virtual Private Network and security functions, the Cisco ASA 5500 Series firewall can be used as the single device for many environments, enabling product commonality. The Cisco Adaptive Security Appliances 5500 Series firewall can be deployed as a consolidated attack-protection device at the datacenter by leveraging its connectivity control, application inspection, and worm, virus, and other malware mitigation technologies. The Cisco ASA firewall can also be used as a dedicated remote access solution using its VPN capabilities. As an alternative, the Cisco Adaptive Security Appliances firewall operates capably in the network interior for interdepartmental access management and to guard against malware internal workers may inadvertently release into the environment. For small business and branch office networks, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall acts as a total solution platform providing complete threat defense and Virtual Private Network services while fitting within the cost structure and performance demands of these deployments.
This versatile one-device, many-use design reduces the number of appliances that need to be installed and maintained while offering a standard operating and administrative environment across all installations. This approach simplifies the training of setup, tracking, troubleshooting, and security personnel. To further reduce maintenance expenses, Cisco Adaptive Security Appliances 5500 Series firewalls are also highly network aware, enabling them to insert gracefully into the network without disrupting legitimate data flow and applications.
How Progent's Cisco Certified Experts Can Help Your Business with Cisco PIX and ASA Security Appliances
Cisco's ASA 5500 Series adaptive security appliances and PIX security appliances provide a wealth of setup, tracking, and analysis features which offer you the ability to configure these firewalls to align optimally with your company's needs. Progent's CCIE authorized network consultants can assist you to maintain your existing infrastructure that includes Cisco ASA or PIX firewall technology and that offers security, resilience, throughput, and recoverability. Progent can also assist you to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-certified IS security experts can assist your business to create a security strategy that makes sense for your business and can configure your security appliance to enforce your security policies. Progent's risk evaluation engineers can evaluate the strength of your current firewall solution and help determine the security of your entire information system network. Progent’s Help Desk Call Center can deliver emergency online technical support for Cisco products and offer fast access to a Cisco CCIE expert.
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
To learn more details about Progent's professional help for Cisco networking products, pick a subject:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include: