Cisco PIX family firewalls and ASA 5500 Series firewalls combine next-generation firewall, intrusion protection, and Virtual Private Network (VPN) functionality in an affordable, one-box format. Both product families have been superseded by Cisco's ASA 5500-X family of firewalls with Firepower Services. (See configuration and debugging support for ASA 5500-X firewalls with Firepower Services.) Still, both PIX and first-generation ASA 5500 Series adaptive security appliances are extensively deployed and continue to provide small and mid-size companies a reliable security solution.
PIX and the original ASA 5500 firewalls offer powerful user and application policy support, mutlivector attack defense, and safe access services. The enhanced knowledge sharing of integrated security services in a single platform provides users implementing these integrated firewalls the advantages of advanced protection, lower TCO, and smaller management costs.
PIX firewalls and the ASA 5500 product line join Cisco IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 Series switches, and Cisco 7600 routers as components of Cisco's flexible, self-contained firewall line. Based on a scalable, building-block approach, every device is equipped with a specific feature set to provide better protection to different networking environments. These products can be individually deployed to secure certain facets of the connectivity infrastructure, or can be combined for a layered, protection-in-depth approach following the architecture leading practices described in the Cisco SAFE framework. Rounding out the integrated firewall solutions, Cisco has developed a comprehensive security management product portfolio, ranging from Cisco security appliance and Cisco IOS Software security components and embedded appliance managers, to standalone management applications, moving to ensure that customers can productively manage their Cisco protection solution investments.
Cisco PIX Security Appliance Series
PIX firewalls deliver reliable policy support, multivector invasion defense, and safe connectivity features in affordable, simple-to-configure solutions. These purpose-built devices provide a broad range of built-in security and networking services including process-aware firewall features, VoIP and multimedia security, reliable site-to-site and remote-connectivity IP Security Virtual Private Network (VPN) networking, high availability, intelligent networking features, and flexible administration options. The PIX Security Appliance Series product line spans small plug-and-go appliances for small offices and home offices to stackable high-bandwidth appliances with investment protection for large business and service-provider customers, PIX firewall appliances provide dependable protection, performance, and reliability for network environments of all sizes.
Built around a tested, purpose-built OS that delivers a wealth of protection features, Cisco PIX firewalls offer a high level of protection and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IPsec certification. PIX firewall appliances offer protection for a wide array of Voice over IP and additional mixed-media conventions such as H.323 Version 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, helping businesses to protect installations of a broad range of current and upcoming Voice over IP and multimedia applications.
PIX firewalls offer a variety of configuration, monitoring, and troubleshooting features, giving businesses the versatility to use the techniques that best match their requirements. Administrative solutions include common, policy-based administration utilities, integrated web-accessible administration, and compatibility with remote-monitoring standards such as SNMP and syslog. The integrated ASDM system offers a powerful web-accessible control solution that significantly streamlines the deployment, in-place modification, and monitoring of a single PIX firewall without the need of any extra software beyond a standard web browser and Java plug-in to be installed on an administrator's PC.
IT managers can furthermore remotely set up, track, and troubleshoot PIX firewall appliances using a CLI interface. Secure command-line interface (CLI) communication is possible through a number of methods including Secure Shell Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. PIX firewalls also have robust auto-update features, a set advanced protected remote-management options that ensure security settings and software images are always up to date.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco ASA Firewalls are purpose-built solutions that bring together market-proven, industry-leading security and Virtual Private Network support with a flexible design. The end product is a robust, multifunction network protection solution better able to defend small and midsize business (SMB) and larger networks and, at the same time, lower the total installation and operations expenses previously associated with this high level of security.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls leverage engineering developed for the PIX 500 Security Appliance, the Cisco IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 family concentrator. These technologies enable the Cisco Adaptive Security Appliances 5500 Series Firewall family to deliver a platform that stops a wide range of attacks. Cisco ASA 5500 Series Firewalls deliver program security, local containment and control, and clean Virtual Private Network functionality across the entire product line. This breadth of security enables the guarding of any network section, including the most typical attack vectors like remote locations, locally-connected inside users, and off-site access VPNs.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide a high-level of application security through intelligent, application-aware inspection processes that examine network flows at Layers 4-7. The result is a safer network covering web, voice, and mobile wireless services. To protect environments from application-layer assaults and to give businesses more control over the programs and protocols used in their networks, these inspection engines incorporate broad application and protocol knowledge and employ security enforcement solutions that include protocol anomaly detection and state monitoring. Also incorporated are assault detection and remediation technology including application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also deliver management of IM and tunneling applications, enabling organizations to police usage policies and preserve bandwidth for vital business applications.
At the same time as improving network protection, Cisco ASA firewalls also lower installation and support expenses. By offering broad VPN and protection services, the Cisco ASA firewall can be a single device for a multitude of environments, enabling platform commonality. The Cisco Adaptive Security Appliances firewall can be deployed as a consolidated threat-protection device at a central location by taking advantage of its access control, process inspection, and malicious assault mitigation capabilities. The Cisco Adaptive Security Appliances firewall can also be used as a dedicated remote access device utilizing its VPN features. Alternatively, the Cisco ASA 5500 Series firewall serves capably inside the network for inter-office access management and to defend against malicious assaults inside users may unknowingly release into the network. For small company and branch office environments, the Cisco Adaptive Security Appliances 5500 Series firewall acts as a total solution device providing complete intrusion defense and VPN functionality while fitting within the cost structure and performance models of these situations.
This versatile single-platform, multiple-solution design minimizes the total number of devices that need to be installed and managed while offering a common operating and administrative environment throughout all deployments. This approach simplifies the training of configuration, monitoring, support, and security personnel. To further reduce operations costs, Cisco ASA firewalls are also exceptionally network conscious, allowing them to insert gracefully into the environment without disrupting legitimate data flow and processes.
How Progent's Cisco Certified Experts Can Help You with Cisco PIX and ASA Security Appliances
Cisco ASA Series adaptive security appliances and PIX firewalls provide a wealth of configuration, monitoring, and analysis options which give you the flexibility to set up these security appliances to align optimally with your company's needs. Progent's CCIE authorized network consultants can assist you to maintain your existing network infrastructure that includes Cisco ASA and/or PIX security appliances and that offers security, fault tolerance, throughput, and recoverability. Progent can also assist your organization to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-premier information security professionals can assist you to create a security strategy that makes sense for your environment and can set up your firewall to support your security strategy. Progent's security assessment experts can assess the effectiveness of your current firewall deployment and audit the security of your whole IT environment. Progentís Help Desk support team can provide urgent remote technical support for Cisco products and can give you quick access to a Cisco expert.
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
To learn additional information about Progent's consulting support for Cisco products, choose a topic:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include: