Cisco's PIX security appliances and ASA Series adaptive security appliances integrate comprehensive firewall, intrusion protection, and Virtual Private Network (VPN) functionality in an economical, one-cabinet package. Both of these product lines have been superseded by the ASA 5500-X series of security appliances with Firepower Services. (Refer to configuration and troubleshooting expertise for Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and earlier-generation Cisco ASA 5500 model adaptive security appliances are extensively used and continue to offer small and mid-size companies a reliable firewall environment.
PIX and the original ASA 5500 firewalls offer powerful client and program policy enforcement, mutlivector attack defense, and secure connectivity services. The increased intelligence sharing of consolidated protection features in a single package provides users implementing these integrated solutions the benefits of advanced security, reduced cost of ownership, and smaller maintenance expense.
Cisco PIX security appliances and Cisco's ASA 5500 Series combine with IOS Firewall, the Firewall Services Module for Catalyst 6500 switches, and Cisco 7600 family routers as parts of Cisco's flexible, self-contained firewall solutions. Based on a scalable, building-block platform, every offering is designed with a particular feature set to deliver better protection to a variety of networking situations. These products can be independently deployed to secure specific facets of a network environment, or can be grouped for a systematic, defense-in-depth approach following the design leading practices outlined in Cisco's SAFE framework. Rounding out the integrated firewall solutions, Cisco provides a complete security management portfolio, ranging from Cisco security device and IOS Software security features and built-in appliance managers, to self-contained management applications, moving to make sure that businesses can productively use their Cisco protection infrastructure purchases.
Cisco PIX Security Appliance Series
Cisco PIX firewalls offer robust user and application policy support, multivector invasion protection, and secure connectivity services in economical, out-of-the-box modules. These specialized appliances offer a broad range of built-in security and networking capabilities such as application-aware firewall features, Voice over IP (VoIP) and multimedia protection, robust multi-location and remote-connectivity IP Security Virtual Private Network (VPN) networking, fault tolerance, smart networking services, and flexible management options. The PIX firewall Appliance family ranges from compact plug-and-play devices for small or at home offices to stackable high-bandwidth products with ROI for large business and service-provider environments, Cisco PIX firewall appliances deliver high levels of protection, performance, and reliability for network environments of all sizes.
Based around a hardened, specialized OS that delivers rich protection services, Cisco PIX firewalls provide a high level of security and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security (IPsec) certification. Cisco PIX firewall appliances offer protection for a broad array of VoIP and other multimedia conventions such as H.323 Version 4, SIP, SCCP, RTSP, and Media Gateway Control Protocol, helping businesses to protect installations of a broad range of contemporary and upcoming VoIP and video applications.
Cisco PIX firewall appliances feature a wealth of configuration, monitoring, and troubleshooting options, providing businesses the flexibility to use the techniques that best meet their needs. Management solutions include common, policy-based management utilities, integrated web-accessible management, and compatibility with remote-monitoring protocols like Simple Network Management Protocol and syslog. The integrated ASDM interface provides a world-class web-accessible management platform that significantly streamlines the deployment, in-place configuration, and monitoring of a single PIX firewall appliance without the need of any extra utility other than an ordinary browser and Java plug-in to be running on a manager's computer.
Administrators can furthermore remotely configure, track, and analyze Cisco PIX firewall appliances via a command-line interface. Secure command-line interface (CLI) communication is possible through a number of methods including Secure Shell Protocol, Telnet over IP Security, and out-of-band through a console port. PIX firewall appliances also have robust automatic-update capabilities, a set of secure remote-administration options that ensure firewall settings and software images are kept up to date.
Cisco Adaptive Security Appliances Firewalls
Cisco Adaptive Security Appliances Firewalls are purpose-built solutions that bring together market-proven, industry-leading security and Virtual Private Network services with a flexible architecture. The result is a robust, versatile network protection appliance better able to protect small and medium business and larger networks and, simultaneously, reduce the total installation and operations expenses previously required for this high level of security.
Cisco ASA 5500 Series Firewalls leverage engineering behind the PIX 500 family firewall, the Cisco IPS 4200 sensor, and the VPN 3000 model concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to deliver a firewall that stops a wide range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide program protection, network containment, and safe Virtual Private Network functionality throughout the entire product portfolio. This broad scope of security allows defense of any network area, which includes the most common attack conduits like remote sites, locally-attached inside users, and remote access VPNs.
Cisco Adaptive Security Appliances firewalls provide strong application protection via smart, application-aware inspection engines that analyze traffic at Layers 4-7. This produces a more secure network including web, voice, and mobile wireless services. To protect environments against application-layer assaults and to offer organizations more policing of the applications and protocols utilized in their networks, these inspection engines integrate extensive application and protocol knowledgebases and rely on security enforcement solutions that include protocol anomaly sensing and application and protocol state monitoring. Also incorporated are attack sensing and remediation techniques such as application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide control over IM and tunneling applications, enabling organizations to police usage policies and free up bandwidth for critical business applications.
At the same time as increasing network protection, Cisco ASA firewalls also decrease deployment and support costs. By providing broad Virtual Private Network and security services, the Cisco Adaptive Security Appliances 5500 Series firewall can be used as the the only platform for many uses, allowing product standardization. The Cisco Adaptive Security Appliances 5500 Series firewall can be deployed as a consolidated attack-protection appliance at the datacenter by taking advantage of its access control, application inspection, and worm, virus, and other malware remediation technologies. The Cisco Adaptive Security Appliances 5500 Series firewall can also be used as a dedicated remote access device using its Virtual Private Network capabilities. As an alternative, the Cisco Adaptive Security Appliances (ASA) firewall serves capably in the network interior for interdepartmental connectivity control and to defend against worms, viruses, and other malicious code internal workers may unwittingly introduce into the network. In small business and branch office networks, the Cisco Adaptive Security Appliances (ASA) firewall serves as an all-in-one platform providing comprehensive threat prevention and VPN services while fitting within the budgets and operational models of such deployments.
This adaptive one-platform, multiple-use approach reduces the total number of appliances that must be installed and maintained while offering a common functional and administrative system across all deployments. This approach simplifies the education of setup, monitoring, troubleshooting, and protection staff. To further reduce operations expenses, Cisco ASA 5500 Series firewalls are also exceptionally network conscious, enabling these devices to integrate gracefully into the network without disrupting authorized data flow and applications.
How Progent's Cisco Certified Experts Can Help You with Cisco PIX and ASA Security Appliances
Cisco's ASA Series adaptive security appliances and PIX family firewalls incorporate a wealth of configuration, tracking, and analysis features that give you the ability to deploy these firewalls to align optimally with your company's needs. Progent's CCIE authorized network experts can show you how to support your existing infrastructure that includes Cisco ASA or PIX firewall technology and that provides security, resilience, performance, and manageability. Progent can also assist you to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-certified IS security experts can assist you to create a security strategy that makes sense for your situation and can set up your firewall to enforce your security strategy. Progent's security assessment experts can evaluate the strength of your current firewall deployment and audit the security of your whole IS network. Progentís Technical Response Center can deliver urgent online technical support for Cisco products and offer quick access to a Cisco CCIE network engineer.
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
For more information concerning Progent's engineering assistance for Cisco networking products, select a subject:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include: