Cisco PIX family security appliances and Cisco ASA 5500 Series firewalls combine comprehensive firewall, intrusion protection, and VPN features in an economical, single-box package. Both product lines have been replaced by the ASA 5500-X series of firewalls with Firepower. (See integration and troubleshooting help with ASA 5500-X firewalls with Firepower Services.) Still, both PIX and first-generation ASA 5500 model firewalls are extensively deployed and continue to provide small and mid-size companies a reliable firewall solution.
PIX and the original ASA 5500 firewalls deliver powerful client and application policy support, mutlivector assault defense, and secure access features. The enhanced knowledge sharing of integrated security features in a single package provides customers deploying these aggregated firewalls the advantages of advanced protection, reduced cost of ownership, and minimal maintenance costs.
Cisco PIX firewalls and Cisco's ASA 5500 Series combine with IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 Series switches, and 7600 Series routers as parts of Cisco's versatile, self-contained firewall product. Based on a scalable, modular platform, each offering is designed with a specific feature set to deliver better protection to different networking situations. These solutions can be individually deployed to protect certain facets of a network infrastructure, or can be combined for a systematic, protection-in-depth approach based on the architecture leading practices described in the Cisco SAFE Blueprint. Rounding out the integrated firewall solutions, Cisco provides a comprehensive security management offering, spanning Cisco security appliance and Cisco IOS security features and built-in appliance managers, to self-contained management utilities, helping to make sure that customers can productively use their Cisco security solution investments.
PIX Firewall Appliances
Cisco PIX firewall appliances deliver reliable user and application policy support, multi-source invasion protection, and safe networking services in economical, easy-to-deploy modules. These purpose-built appliances provide a wealth of built-in protection and connectivity services such as process-aware firewall services, VoIP and multimedia protection, reliable multi-site and remote-access IPcec Virtual Private Network connectivity, fault tolerance, smart networking services, and versatile administration solutions. The Cisco PIX Security Appliance Series family ranges from compact plug-and-play devices for small or home offices to modular high-bandwidth appliances with ROI for large business and service-provider environments, Cisco PIX firewalls deliver dependable security, performance, and reliability for networks of any size.
Based around a tested, purpose-built software platform that offers a wealth of protection services, Cisco PIX security appliances provide a high level of security and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security (IPsec) certification. PIX firewall appliances offer security for a wide array of VoIP and additional multimedia conventions including H.323 Version 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol, and MGCP, enabling businesses to safeguard installations of a wide array of contemporary and next-generation VoIP and mixed-media applications.
PIX firewall appliances offer a variety of setup, monitoring, and analysis features, giving businesses the flexibility to use the methods that most closely match their requirements. Management options include common, policy-based administration utilities, integrated web-based administration, and compatibility with remote-monitoring protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface offers a world-class web-accessible management solution that significantly simplifies the installation, in-place modification, and monitoring of a single Cisco PIX security appliance without requiring any extra utility other than a standard browser and Java plug-in to be installed on an administrator's computer.
Administrators can furthermore remotely set up, monitor, and analyze PIX security appliances using a command-line interface (CLI). Secure CLI interface communication is possible using several techniques including Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. Cisco PIX security appliances also include dependable auto-update capabilities, a set of secure remote-management options that make sure that firewall configurations and software images are always up to date.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are purpose-built devices that incorporate market-proven, best-of-breed protection and Virtual Private Network services plus an adaptive architecture. The end product is a robust, versatile network security solution better suited to protect small and medium business (SMB) and enterprise networks and, simultaneously, reduce the total installation and maintenance expenses previously required for this enhanced degree of security.
Cisco ASA firewalls provide a high-level of application security via intelligent, application-aware inspection engines that examine traffic at Layers 4-7. The result is a safer environment covering web, voice, and mobile wireless access. To protect environments from application-layer assaults and to give organizations greater control over the applications and protocols utilized in their networks, Cisco's inspection engines incorporate broad application and protocol knowledge and employ security enforcement technologies such as protocol anomaly detection and application and protocol state monitoring. Also included are attack detection and remediation techniques such as application/protocol command filtering and URL deobfuscation. Cisco ASA firewall inspection engines also provide management of IM and tunneling applications, allowing businesses to police usage policies and recover bandwidth for vital business applications.
While improving network protection, Cisco Adaptive Security Appliances firewalls also lower installation and support expenses. By offering broad VPN and security functions, the Cisco ASA firewall can be used as the single device for many environments, allowing platform commonality. The Cisco Adaptive Security Appliances firewall can be used as a consolidated threat-prevention appliance at a central location by taking advantage of its access control, process inspection, and malicious assault remediation capabilities. The Cisco Adaptive Security Appliances 5500 Series firewall can also be used as a specialized remote connectivity solution using its VPN capabilities. Alternatively, the Cisco ASA firewall serves capably in the network interior for interdepartmental access control and to defend against worms, viruses, and other malicious code inside workers might unknowingly release into the environment. In small company and branch office environments, the Cisco Adaptive Security Appliances (ASA) firewall serves as an all-in-one device providing complete threat defense and VPN functionality while fitting within the cost structure and performance models of these deployments.
This adaptive single-platform, multiple-use approach reduces the total number of appliances that need to be installed and managed while offering a standard operating and administrative environment throughout all those deployments. This approach streamlines the training of setup, tracking, troubleshooting, and protection staff. To further minimize maintenance costs, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also highly network conscious, enabling these devices to integrate seamlessly into the network without interfering with authorized data flow and processes.
How Progent's Cisco Certified Experts Can Assist You with Cisco Firewalls
Cisco's ASA Series firewalls and PIX family firewalls provide a wealth of configuration, monitoring, and troubleshooting features which offer you the ability to configure these security appliances to match your business requirements. Progent's CCIE certified network consultants can assist you to maintain your current network infrastructure that includes Cisco ASA or PIX firewalls and that offers protection, fault tolerance, throughput, and manageability. Progent's firewall experts can also help you to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified IS security professionals can help your business to develop a security strategy that makes sense for your situation and can configure your security appliance to support your security policies. Progent's risk evaluation experts can evaluate the strength of your existing firewall solution and audit the security of your whole IT environment. Progent's Help Desk Call Center can provide emergency online troubleshooting for Cisco technology and can give you fast access to a Cisco CCIE expert.
Integration of Cisco and Third-party Firewall Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include: