Cisco PIX security appliances and ASA 5500 Series firewalls combine next-generation firewall, intrusion defense, and VPN technologies in an affordable, one-box format. Both product lines have been replaced by Cisco's ASA 5500-X series of security appliances with Firepower Services. (Refer to integration and debugging support for ASA 5500-X firewalls with Firepower Services.) Still, both PIX and first-generation Cisco ASA 5500 Series firewalls are extensively deployed and continue to provide small and mid-size organizations a reliable firewall environment.
Cisco PIC and the original ASA 5500 firewalls deliver robust client and program policy support, mutlivector attack defense, and safe connectivity services. The increased knowledge sharing of consolidated security features in a stand-alone platform offers customers implementing these integrated firewalls the advantages of advanced protection, lower cost of ownership, and minimal management expense.
PIX firewalls and Cisco's ASA 5500 family combine with Cisco IOS Firewall, the Firewall Services Module for Catalyst 6500 family switches, and 7600 Series routers as parts of Cisco's flexible, self-contained firewall line. Engineered with an expandable, modular approach, every offering is designed with a specific feature set to deliver better protection to different network environments. These solutions can be individually installed to protect specific facets of a connectivity infrastructure, or can be grouped for a layered, protection-in-depth approach based on the design best practices described in the Cisco SAFE Blueprint. Completing the modular firewall product line, Cisco provides a complete security management portfolio, spanning Cisco security appliance and IOS Software security components and embedded appliance managers, to standalone management utilities, moving to make sure that businesses can productively use their Cisco protection solution investments.
PIX Firewall Appliances
Cisco PIX firewall appliances deliver reliable user and application policy support, multivector invasion defense, and safe connectivity services in affordable, simple-to-configure solutions. These purpose-built devices provide a wealth of integrated security and connectivity services including process-aware firewall features, Voice over IP and multimedia protection, reliable multi-location and remote-access IPcec Virtual Private Network networking, fault tolerance, intelligent networking services, and flexible management solutions. The Cisco PIX Security Appliance Series product line ranges from compact plug-and-play desktop units for small offices or home offices to modular gigabit appliances with investment protection for enterprise and service-provider customers, PIX firewall appliances provide high levels of protection, speed, and availability for network environments of any size.
Based around a tested, purpose-built OS that offers rich protection services, PIX firewall appliances offer excellent protection and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IPsec certification. PIX firewalls offer protection for a wide range of Voice over IP and additional mixed-media standards including H.323 v. 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), enabling businesses to safeguard installations of a broad range of current and next-generation Voice over IP and video applications.
Cisco PIX firewalls feature a variety of configuration, tracking, and analysis features, giving IT managers the versatility to use the techniques that most closely meet their needs. Management solutions include common, policy-based administration utilities, integrated web-accessible management, and support for remote-monitoring protocols like Simple Network Management Protocol and syslog. The integrated ASDM interface offers a world-class web-based management platform that greatly streamlines the deployment, ongoing modification, and tracking of a specific PIX firewall appliance without the need of any extra software beyond a standard browser and Java applet to be installed on a manager's PC.
Administrators can furthermore remotely set up, monitor, and analyze PIX security appliances using a command-line interface. Secure command-line interface communication is available through a number of methods including Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band via a console port. PIX firewall appliances also include robust automatic-update features, a set of protected remote-administration options that ensure security configurations and software images are kept current.
Cisco ASA Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are specially engineered devices that incorporate market-proven, best-of-breed security and Virtual Private Network services plus a flexible architecture. The result is a powerful, versatile network protection solution better able to defend small and midsize business and enterprise networks and, at the same time, reduce the total installation and maintenance expenses formerly required for this enhanced degree of security.
Cisco Adaptive Security Appliances 5500 Series Firewalls build on technology behind the PIX 500 family Security Appliance, the IPS 4200 Series Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These solutions converge on the Cisco Adaptive Security Appliances Firewall family to deliver a firewall that defends against a wide range of threats. Cisco Adaptive Security Appliances Firewalls deliver application protection, local containment and control, and clean VPN connectivity across the entire product portfolio. This breadth of security enables the guarding of any network segment, which includes the most typical attack vectors like remote locations, locally-attached inside users, and off-site access VPNs.
Cisco Adaptive Security Appliances firewalls provide a high-level of application security through intelligent, application-aware inspection processes that examine network flows at Layers 4-7. The result is a more secure network including web, voice, and mobile wireless connectivity. To defend environments against application-layer assaults and to give businesses more control over the programs and protocols utilized in their environments, these inspection engines integrate extensive application and protocol knowledge and rely on security enforcement solutions such as anomaly detection and application and protocol state monitoring. Also included are assault detection and remediation technology including application and protocol command filters and content verification. Cisco ASA 5500 Series firewall inspection engines also provide control over instant messaging and tunneling applications, enabling organizations to police usage policies and recover bandwidth for critical business applications.
At the same time as increasing network protection, Cisco ASA 5500 Series firewalls also decrease installation and support expenses. By offering broad VPN and security functions, the Cisco Adaptive Security Appliances (ASA) firewall can be used as the the only platform for many environments, enabling product commonality. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be deployed as a converged attack-prevention device at the datacenter by leveraging its access control, process inspection, and worm, virus, and other malware remediation technologies. The Cisco Adaptive Security Appliances 5500 Series firewall can also be deployed as a specialized remote connectivity device using its VPN features. As another option, the Cisco Adaptive Security Appliances firewall performs capably inside the network for interdepartmental connectivity management and to guard against worms, viruses, and other malicious code inside users might unwittingly introduce into the environment. For small company and branch office environments, the Cisco Adaptive Security Appliances 5500 Series firewall acts as an all-in-one platform providing comprehensive intrusion defense and VPN services while fitting within the cost structure and performance demands of these situations.
This versatile one-device, many-solution approach reduces the total number of appliances that need to be deployed and maintained while providing a standard functional and administrative environment throughout all deployments. This approach streamlines the training of setup, tracking, support, and protection staff. To further minimize operations expenses, Cisco Adaptive Security Appliances firewalls are also highly network aware, enabling these devices to insert seamlessly into the environment without interfering with authorized data flow and processes.
How Progent's Consultants Can Help Your Business with Cisco PIX and ASA Security Appliances
Cisco's ASA 5500 Series firewalls and PIX family security appliances provide a wealth of setup, monitoring, and analysis options that offer you the flexibility to set up these firewalls to align optimally with your company's requirements. Progent's CCIE certified network professionals can show you how to support your current network infrastructure that incorporates Cisco ASA or PIX firewalls and that offers security, fault tolerance, performance, and manageability. Progent's firewall experts can also help your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-premier IS security engineers can assist you to develop a security policy that makes sense for your situation and can set up your PIX or ASA firewall to support your security strategy. Progent's security evaluation experts can evaluate the effectiveness of your current firewall deployment and validate the security of your entire information system environment. Progentís Help Desk Call Center can provide urgent online troubleshooting for Cisco technology and can give you fast access to a Cisco expert.
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
For additional information about Progent's professional support for Cisco networking products, select a topic:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include: