Cisco PIX family firewalls and ASA Series adaptive security appliances integrate comprehensive firewall, intrusion protection, and Virtual Private Network (VPN) functionality in a cost-effective, one-box package. Both of these product lines have been superseded by the ASA 5500-X line of security appliances with Firepower Services. (Refer to configuration and troubleshooting support for Cisco AA 5500-X firewalls with Firepower Services.) Still, both PIX and previous-generation ASA 5500 model adaptive security appliances are widely deployed and continue to deliver small and mid-size companies a reliable security solution.
PIX and the original ASA 5500 firewalls offer robust user and application policy enforcement, mutlivector assault defense, and safe connectivity services. The enhanced intelligence sharing of integrated protection services in a stand-alone package offers customers implementing these integrated firewalls the benefits of enhanced security, lower cost of ownership, and smaller management costs.
PIX firewalls and Cisco's ASA 5500 family join IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 family switches, and Cisco 7600 Series routers as parts of Cisco's versatile, integrated firewall line. Engineered with a scalable, modular approach, every device is designed with a particular feature set to deliver better security to different networking environments. These solutions can be individually deployed to secure certain areas of the network environment, or can be grouped for a layered, protection-in-depth strategy based on the design leading practices outlined in the Cisco SAFE Blueprint. Completing the integrated firewall solutions, Cisco has developed a comprehensive security management product portfolio, spanning Cisco security appliance and Cisco IOS Software security components and embedded device managers, to standalone management utilities, helping to make sure that businesses can effectively use their Cisco security solution purchases.
PIX Security Appliance Series
PIX firewall appliances deliver robust user and application policy enforcement, multi-source attack protection, and secure networking services in affordable, easy-to-deploy solutions. These specialized devices offer a wealth of built-in protection and networking services such as process-aware firewall features, Voice over IP (VoIP) and multimedia protection, reliable multi-location and remote-connectivity IP Security (IPsec) VPN connectivity, excellent resiliency, intelligent networking features, and flexible administration solutions. The PIX Security Appliance Series product line spans compact plug-and-play appliances for small and at home offices to modular gigabit products with ROI for enterprise and ISP customers, Cisco PIX firewalls provide high levels of security, performance, and availability for networks of any size.
Built upon a tested, purpose-built software platform that offers rich protection services, Cisco PIX firewall appliances provide a high level of protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec qualification. Cisco PIX firewall appliances offer protection for a broad array of VoIP and other mixed-media standards including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, RTSP, and MGCP, helping organizations to safeguard deployments of a broad array of current and next-generation IP voice and mixed-media applications.
PIX firewall appliances offer a wealth of setup, tracking, and troubleshooting features, providing businesses the flexibility to utilize the techniques that best match their requirements. Management solutions include centralized, policy-based administration tools, integrated web-accessible administration, and support for remote-monitoring protocols like Simple Network Management Protocol and syslog. The integrated ASDM interface offers a world-class web-accessible management solution that greatly simplifies the installation, in-place modification, and tracking of a specific PIX security appliance without requiring any additional utility beyond a standard web browser and Java plug-in to be installed on a manager's PC.
Administrators can also remotely set up, track, and troubleshoot Cisco PIX firewall appliances using a CLI interface. Secure command-line interface (CLI) communication is possible using several methods including SSHv2 Protocol, Telnet over IP Security, and out-of-band via a console port. PIX security appliances also include dependable auto-update features, a set advanced secure remote-administration services that make sure that security settings and software images are always up to date.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls are purpose-built devices that incorporate advanced, industry-leading protection and Virtual Private Network support plus an adaptive design. The result is a powerful, multifunction network protection appliance better suited to protect small and midsize company and larger networks and, simultaneously, lower the overall installation and operations expenses formerly associated with this high level of security.
Cisco Adaptive Security Appliances Firewalls build on engineering behind the Cisco PIX 500 Security Appliance, the IPS 4200 family Intrusion Prevention System, and the VPN 3000 family concentrator. These technologies converge on the Cisco Adaptive Security Appliances Firewall product line to offer a firewall that stops a wide range of threats. Cisco ASA 5500 Series Firewalls provide program protection, local containment, and safe VPN functionality throughout Cisco's product portfolio. This broad scope of protection enables the guarding of any network section, which includes the most common threat conduits like remote sites, locally-connected inside users, and off-site access Virtual Private Networks.
Cisco ASA firewalls provide strong application security through intelligent, application-sensitive inspection engines that analyze traffic at Layers 4-7. The result is a more secure network including web, voice, and mobile wireless services. To defend environments against application-layer assaults and to offer businesses more control over the applications and protocols utilized in their networks, Cisco's inspection engines incorporate broad application and protocol knowledgebases and rely on security enforcement solutions such as anomaly detection and application and protocol state monitoring. Also included are attack detection and remediation techniques such as application/protocol command filters and content verification. Cisco ASA firewall inspection engines also provide management of instant messaging and peer-to-peer file sharing, enabling organizations to police usage policies and conserve network bandwidth for crucial business processes.
While increasing security, Cisco Adaptive Security Appliances (ASA) firewalls also decrease deployment and support costs. By providing extensive Virtual Private Network and security functions, the Cisco Adaptive Security Appliances 5500 Series firewall can be a the only platform for many uses, allowing platform standardization. The Cisco Adaptive Security Appliances (ASA) firewall can be deployed as a converged threat-prevention device at the datacenter by taking advantage of its access control, process inspection, and worm, virus, and other malware mitigation technologies. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can also be used as a dedicated remote connectivity device utilizing its Virtual Private Network features. As an alternative, the Cisco Adaptive Security Appliances firewall performs capably inside the network for interdepartmental connectivity management and to defend against malicious assaults inside workers may unwittingly release into the network. For small company and satellite office networks, the Cisco ASA firewall acts as an all-in-one device offering comprehensive intrusion prevention and VPN functionality while fitting within the budgets and operational models of these deployments.
This adaptive single-platform, many-use design reduces the total number of devices that need to be installed and maintained while offering a standard operating and management environment across all those deployments. This approach simplifies the education of setup, monitoring, troubleshooting, and protection staff. To further reduce operations expenses, Cisco Adaptive Security Appliances (ASA) firewalls are also highly network aware, enabling them to integrate seamlessly into the environment without disrupting legitimate traffic and applications.
How Progent Can Assist You with Cisco PIX and ASA Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX family firewalls incorporate an array of setup, tracking, and troubleshooting features that give you the ability to deploy these security appliances to align optimally with your business needs. Progent's CCIE authorized network experts can assist you to support your existing network infrastructure that includes Cisco ASA and/or PIX security appliances and that provides security, resilience, throughput, and manageability. Progent can also help you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-certified information security professionals can help your business to create a security policy that makes sense for your environment and can configure your PIX or ASA firewall to support your security strategy. Progent's security assessment engineers can evaluate the strength of your current firewall solution and validate the security of your entire IS environment. Progent's Help Desk Call Center can provide emergency remote technical support for Cisco technology and offer quick access to a Cisco network engineer.
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
To see additional details concerning Progent's professional support for Cisco solutions, pick a topic:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include: