Cisco's PIX family firewalls and ASA 5500 Series adaptive security appliances integrate next-generation firewall, intrusion defense, and VPN features in an affordable, one-cabinet package. Both of these product lines have been replaced by the ASA 5500-X family of security appliances with Firepower. (See configuration and troubleshooting help with ASA 5500-X firewalls with Firepower Services.) Still, both PIX and previous-generation Cisco ASA 5500 model firewalls are widely deployed and continue to deliver small and mid-size companies a reliable security environment.
Cisco PIC and the original ASA 5500 firewalls deliver powerful user and application policy enforcement, mutlivector assault protection, and safe access features. The increased knowledge sharing of consolidated security services in a stand-alone platform offers customers implementing these aggregated solutions the benefits of advanced protection, lower TCO, and smaller maintenance expense.
PIX firewalls and the ASA 5500 family combine with Cisco IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 family switches, and Cisco 7600 routers as parts of Cisco's versatile, integrated firewall product. Engineered with a scalable, building-block approach, every device is equipped with a particular array of options to provide better security to different network environments. These solutions can be independently deployed to protect certain areas of the network infrastructure, or can be grouped for a systematic, protection-in-depth strategy based on the design leading practices outlined in the Cisco SAFE framework. Completing the modular firewall product line, Cisco has developed a comprehensive security management product portfolio, ranging from Cisco security appliance and Cisco IOS Software security features and built-in device managers, to standalone management programs, helping to ensure that businesses can productively use their Cisco security infrastructure purchases.
Cisco PIX Firewalls
Cisco PIX firewall appliances deliver robust policy enforcement, multivector invasion protection, and safe networking services in economical, out-of-the-box solutions. These specialized appliances offer a broad range of integrated security and connectivity services such as application-aware firewall services, VoIP and multimedia protection, reliable site-to-site and remote-access IPcec Virtual Private Network networking, high availability, smart networking features, and versatile administration solutions. The Cisco PIX Security Appliance Series family spans small plug-and-go devices for small offices and home offices to modular gigabit appliances with investment protection for large business and service-provider customers, Cisco PIX Security Appliance Series deliver high levels of security, performance, and availability for networks of all sizes.
Based around a hardened, purpose-built software platform that delivers a wealth of protection features, Cisco PIX firewall appliances provide excellent security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security qualification. Cisco PIX firewalls provide security for a wide array of VoIP and additional mixed-media standards including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping businesses to safeguard installations of a broad range of current and upcoming IP voice and multimedia applications.
PIX security appliances feature a wealth of setup, tracking, and troubleshooting features, providing businesses the versatility to use the methods that most closely match their requirements. Management options include common, policy-based management utilities, integrated web-accessible administration, and support for remote-monitoring protocols such as SNMP and syslog. The integrated Adaptive Security Device Manager system provides a powerful web-based control platform that greatly simplifies the deployment, ongoing modification, and monitoring of a single PIX firewall appliance without requiring any additional software beyond a standard web browser and Java applet to be installed on a manager's PC.
Administrators can also remotely configure, track, and analyze PIX firewalls using a command-line interface. Safe command-line interface access is possible through a number of methods including SSHv2 Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. PIX firewalls also include robust auto-update capabilities, a collection of protected remote-management services that ensure firewall configurations and software images are always up to date.
Cisco ASA Firewalls
Cisco ASA Firewalls are specially engineered devices that incorporate market-proven, best-of-breed protection and VPN support with an adaptive architecture. The end product is a robust, versatile network security solution better suited to defend small and medium business and larger networks and, simultaneously, reduce the total deployment and operations costs formerly associated with this enhanced degree of protection.
Cisco Adaptive Security Appliances 5500 Series Firewalls build on technology developed for the PIX 500 Series Security Appliance, the IPS 4200 Intrusion Prevention System, and the Cisco VPN 3000 Series concentrator. These solutions enable the Cisco Adaptive Security Appliances 5500 Series Firewall product line to deliver a firewall that stops a wide range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide program protection, local containment, and safe VPN connectivity throughout Cisco's product line. This breadth of security enables defense of any network segment, including the most common attack conduits such as remote sites, LAN-attached internal users, and off-site connected VPNs.
Cisco Adaptive Security Appliances (ASA) firewalls deliver strong application security through intelligent, application-sensitive inspection processes that analyze network flows at Layers 4-7. This results in a better protected environment covering web, voice, and mobile wireless access. To protect networks against application-layer assaults and to offer businesses more policing of the applications and protocols utilized in their environments, these inspection engines integrate extensive application and protocol knowledgebases and rely on protection enforcement solutions that include anomaly sensing and application and protocol state tracking. Also incorporated are assault sensing and remediation techniques including application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver control over instant messaging and peer-to-peer file sharing, allowing organizations to enforce usage policies and recover bandwidth for vital business applications.
While increasing security, Cisco Adaptive Security Appliances 5500 Series firewalls also lower installation and operational costs. By providing broad VPN and security services, the Cisco ASA 5500 Series firewall can be used as the single device for a multitude of environments, allowing product commonality. The Cisco Adaptive Security Appliances firewall can be used as a converged threat-protection device at a central location by taking advantage of its connectivity control, process inspection, and malware mitigation technologies. The Cisco Adaptive Security Appliances (ASA) firewall can also be used as a specialized remote connectivity solution utilizing its Virtual Private Network capabilities. Alternatively, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall performs capably inside the network for interdepartmental connectivity control and to guard against malware inside workers might inadvertently introduce into the environment. For small business and branch office environments, the Cisco ASA firewall serves as a total solution platform offering comprehensive threat defense and VPN functionality while suiting the cost structure and operational demands of these deployments.
This versatile one-device, multiple-use approach minimizes the number of devices that need to be deployed and maintained while providing a standard operating and administrative environment across all those deployments. This approach simplifies the education of configuration, tracking, troubleshooting, and security staff. To further minimize operations costs, Cisco Adaptive Security Appliances 5500 Series firewalls are also highly network conscious, enabling them to integrate seamlessly into the network without interfering with authorized traffic and processes.
How Progent's Cisco Certified Experts Can Help Your Business with Cisco Firewalls
Cisco ASA 5500 Series adaptive security appliances and PIX family firewalls incorporate a wealth of configuration, monitoring, and troubleshooting options that give you the flexibility to deploy these firewalls to align optimally with your company's requirements. Progent's CCIE authorized network experts can assist you to support your current network infrastructure that incorporates Cisco ASA and/or PIX firewalls and that offers security, resilience, throughput, and recoverability. Progent can also help you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-certified IS security consultants can help your business to develop a security policy that makes sense for your business and can set up your security appliance to support your security strategy. Progent's security assessment consultants can assess the effectiveness of your existing firewall solution and validate the overall security of your whole IT network. Progentís Help Desk support team can provide emergency remote troubleshooting for Cisco technology and offer fast access to a Cisco CCIE network engineer.
To find out more details about Progent's engineering help for Cisco networking products, select a topic:
To ask Progent about technical help for Cisco products, call 1-800-993-9400 or visit Contact Progent.