Cisco's PIX family security appliances and Cisco ASA Series firewalls integrate next-generation firewall, intrusion defense, and Virtual Private Network (VPN) technologies in an affordable, single-box package. Both product families have been replaced by the ASA 5500-X series of firewalls with Firepower. (See integration and troubleshooting help with Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and earlier-generation ASA 5500 model firewalls are widely deployed and continue to offer small and mid-size companies a viable security solution.
PIX and legacy ASA 5500 firewalls deliver robust client and program policy support, mutlivector attack defense, and safe connectivity services. The increased knowledge sharing of integrated protection services in a single package provides users implementing these integrated firewalls the benefits of advanced protection, lower TCO, and smaller management expense.
Cisco PIX firewalls and the ASA 5500 Series join Cisco IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 family switches, and Cisco 7600 Series routers as parts of Cisco's flexible, self-contained firewall product. Engineered with a scalable, building-block approach, every offering is designed with a particular array of options to deliver more efficient security to a variety of networking situations. These products can be individually deployed to secure certain areas of a network environment, or can be grouped for a systematic, defense-in-depth strategy following the design leading practices outlined in the Cisco SAFE Blueprint. Completing the integrated firewall solutions, Cisco has developed a complete security management catalog, ranging from Cisco security device and IOS security components and embedded device managers, to standalone management programs, moving to ensure that businesses can productively manage their Cisco security infrastructure purchases.
Cisco PIX Firewall Appliances
PIX firewalls offer robust user and application policy enforcement, multi-source invasion protection, and safe connectivity features in affordable, easy-to-deploy modules. These specialized appliances provide a broad range of integrated security and networking services such as process-aware firewall services, VoIP and multimedia security, reliable multi-location and remote-access IP Security (IPsec) Virtual Private Network (VPN) connectivity, excellent resiliency, intelligent networking services, and flexible management solutions. The PIX Security Appliance Series product line spans compact plug-and-go desktop units for small and home offices to stackable gigabit appliances with investment protection for enterprise and ISP customers, PIX firewall appliances provide high levels of security, performance, and availability for networks of all sizes.
Based around a tested, specialized software platform that delivers rich protection services, PIX security appliances provide a high level of protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IPsec certification. Cisco PIX firewall appliances provide protection for a broad array of Voice over IP and other mixed-media conventions including H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol (MGCP), helping organizations to safeguard deployments of a broad range of current and next-generation IP voice and video applications.
PIX security appliances feature a variety of setup, monitoring, and troubleshooting options, providing IT managers the flexibility to utilize the methods that most closely meet their needs. Administrative solutions include centralized, policy-based administration tools, integrated web-accessible administration, and compatibility with remote-tracking standards like Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a powerful web-accessible management platform that significantly simplifies the deployment, in-place configuration, and tracking of a single Cisco PIX security appliance without requiring any additional utility beyond an ordinary web browser and Java applet to be installed on an administrator's computer.
IT managers can also remotely configure, track, and analyze PIX firewalls via a CLI interface. Secure command-line interface access is possible using a number of methods such as Secure Shell (SSHv2) Protocol, Telnet through IPsec, and out-of-band through a console port. PIX firewall appliances also include robust automatic-update features, a collection advanced protected remote-management options that ensure firewall settings and software images are kept current.
Cisco ASA Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are specially engineered solutions that bring together market-proven, best-of-breed protection and VPN services plus a flexible design. The result is a robust, versatile network security appliance better suited to protect small and medium business (SMB) and enterprise networks and, simultaneously, reduce the overall installation and operations costs previously required for this high level of protection.
Cisco Adaptive Security Appliances 5500 Series Firewalls build on technology behind the PIX 500 Security Appliance, the IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 Series concentrator. These technologies enable the Cisco Adaptive Security Appliances Firewall product line to deliver a platform that defends against a wide range of attacks. Cisco ASA 5500 Series Firewalls deliver program security, network containment and control, and safe VPN connectivity across Cisco's product line. This breadth of security enables defense of any network section, which includes the most typical threat conduits such as remote sites, LAN-attached inside users, and remote access VPNs.
Cisco Adaptive Security Appliances (ASA) firewalls provide strong application protection through intelligent, application-aware inspection processes that analyze network flows at Layers 4-7. The result is a better protected environment covering web, voice, and mobile wireless access. To defend environments against application-layer attacks and to give businesses greater policing of the programs and protocols used in their networks, Cisco's inspection engines integrate extensive application and protocol knowledgebases and employ security enforcement solutions that include anomaly sensing and state tracking. Also incorporated are assault sensing and remediation technology such as application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, enabling organizations to police usage policies and conserve bandwidth for important business applications.
At the same time as improving network protection, Cisco Adaptive Security Appliances 5500 Series firewalls also lower deployment and operational expenses. By offering extensive VPN and security services, the Cisco Adaptive Security Appliances 5500 Series firewall can be a single device for many uses, enabling platform standardization. The Cisco Adaptive Security Appliances (ASA) firewall can be deployed as a consolidated threat-prevention device at the datacenter by leveraging its connectivity control, process inspection, and malicious assault remediation technologies. The Cisco Adaptive Security Appliances firewall can also be deployed as a specialized remote access solution using its VPN features. Alternatively, the Cisco ASA firewall operates capably inside the network for interdepartmental connectivity control and to defend against malware internal users may unknowingly release into the network. In small company and branch office environments, the Cisco Adaptive Security Appliances (ASA) firewall acts as an all-in-one device offering comprehensive intrusion defense and Virtual Private Network functionality while fitting within the cost structure and operational models of these deployments.
This adaptive single-device, many-use approach reduces the total number of devices that must be deployed and managed while offering a common functional and administrative system across all deployments. This approach simplifies the education of setup, tracking, troubleshooting, and security staff. To further minimize maintenance expenses, Cisco ASA 5500 Series firewalls are also exceptionally network aware, enabling these devices to integrate seamlessly into the network without disrupting authorized data flow and processes.
How Progent's Cisco Certified Experts Can Help Your Business with Cisco PIX and ASA Firewalls
Cisco ASA Series adaptive security appliances and PIX security appliances incorporate an array of configuration, monitoring, and troubleshooting features which offer you the ability to deploy these security appliances to align optimally with your business requirements. Progent's CCIE authorized network experts can show you how to support your current network infrastructure that incorporates Cisco ASA and/or PIX security appliances and that offers security, resilience, throughput, and manageability. Progent's firewall experts can also assist your organization to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified information security professionals can help you to develop a security strategy appropriate for your situation and can set up your security appliance to support your security strategy. Progent's security evaluation experts can assess the strength of your current firewall solution and help determine the overall security of your entire information system environment. Progentís Technical Response Center can provide emergency online troubleshooting for Cisco technology and offer quick access to a Cisco expert.
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
To learn more details about Progent's professional support for Cisco solutions, choose a subject:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include: