Cisco's PIX family firewalls and ASA 5500 Series adaptive security appliances integrate comprehensive firewall, intrusion protection, and Virtual Private Network functionality in an affordable, single-box package. Both product families have been superseded by Cisco's ASA 5500-X line of firewalls with Firepower Services. (Refer to configuration and debugging expertise for Cisco AA 5500-X firewalls with Firepower Services.) Still, both PIX and previous-generation Cisco ASA 5500 model adaptive security appliances are extensively used and continue to provide small and mid-size companies a reliable security solution.
PIX and the original ASA 5500 firewalls offer powerful client and program policy support, mutlivector assault defense, and safe connectivity services. The enhanced knowledge sharing of consolidated protection services in a stand-alone platform offers customers deploying these aggregated solutions the advantages of enhanced protection, reduced TCO, and smaller maintenance costs.
Cisco PIX security appliances and the ASA 5500 Series combine with Cisco IOS Firewall, the Firewall Services Module (FWSM) for Cisco Catalyst 6500 family switches, and 7600 family routers as parts of Cisco's versatile, self-contained firewall solutions. Engineered with an expandable, modular approach, every device is designed with a particular array of options to deliver more efficient security to different network situations. These solutions can be independently deployed to secure certain facets of a connectivity infrastructure, or can be combined for a systematic, defense-in-depth strategy based on the architecture leading practices described in Cisco's SAFE framework. Completing the modular firewall product line, Cisco provides a comprehensive security management offering, spanning Cisco security appliance and Cisco IOS Software security components and embedded device managers, to self-contained management programs, moving to ensure that customers can effectively use their Cisco security infrastructure investments.
Cisco PIX Firewalls
Cisco PIX firewalls deliver reliable policy support, multivector attack protection, and safe connectivity services in economical, out-of-the-box modules. These purpose-built devices offer a wealth of built-in security and connectivity services including application-aware firewall services, Voice over IP (VoIP) and multimedia security, reliable multi-location and remote-access IP Security (IPsec) VPN networking, fault tolerance, smart networking services, and versatile management options. The PIX firewall Appliance product line spans compact plug-and-play devices for small and at home offices to modular gigabit products with investment protection for large business and service-provider customers, Cisco PIX firewall appliances deliver dependable protection, speed, and reliability for networks of any size.
Built around a tested, specialized OS that offers a wealth of protection features, PIX firewalls provide excellent security and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security certification. PIX firewall appliances provide security for a broad range of Voice over IP and other mixed-media conventions such as H.323 Version 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol, helping businesses to safeguard deployments of a wide array of contemporary and upcoming IP voice and mixed-media applications.
PIX firewalls offer a variety of setup, monitoring, and troubleshooting features, giving IT managers the flexibility to utilize the methods that most closely match their needs. Management solutions include common, policy-based administration tools, integrated web-based administration, and compatibility with remote-tracking protocols such as Simple Network Management Protocol and syslog. The integrated ASDM system provides a world-class web-accessible management platform that significantly simplifies the installation, in-place configuration, and tracking of a specific PIX security appliance without the need of any additional software other than an ordinary browser and Java plug-in to be running on an administrator's PC.
IT managers can also remotely set up, monitor, and analyze PIX firewall appliances via a CLI interface. Safe command-line interface (CLI) access is possible through a number of techniques such as Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. PIX firewall appliances also include dependable automatic-update capabilities, a collection of secure remote-management options that ensure security configurations and software images are kept current.
Cisco ASA Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are purpose-built devices that incorporate market-proven, industry-leading protection and Virtual Private Network services with a flexible architecture. The end product is a robust, multifunction network protection appliance better suited to protect small and medium business and larger networks and, simultaneously, lower the overall deployment and maintenance costs previously associated with this enhanced level of security.
Cisco ASA Firewalls build on engineering behind Cisco's PIX 500 Security Appliance, the IPS 4200 Series Intrusion Prevention System, and the VPN 3000 family concentrator. These technologies converge on the Cisco ASA Firewall family to deliver a firewall that defends against a broad range of attacks. Cisco ASA Firewalls provide program protection, local containment and control, and clean VPN functionality throughout Cisco's product portfolio. This breadth of protection allows defense of any network area, which includes the most typical attack conduits such as remote locations, LAN-connected inside users, and remote access Virtual Private Networks.
Cisco Adaptive Security Appliances firewalls provide strong application protection via intelligent, application-aware inspection engines that examine traffic at Layers 4-7. The result is a better protected environment covering web, voice, and mobile wireless access. To protect networks against application-layer attacks and to give businesses more policing of the programs and protocols utilized in their environments, Cisco's inspection engines integrate broad application and protocol knowledge and employ protection enforcement solutions that include anomaly detection and application and protocol state tracking. Also included are attack detection and mitigation technology such as application/protocol command filtering and content verification. Cisco Adaptive Security Appliances firewall inspection engines also deliver management of IM and peer-to-peer file sharing, allowing organizations to enforce usage policies and free up network bandwidth for critical business processes.
While increasing network security, Cisco ASA 5500 Series firewalls also lower deployment and support expenses. By providing extensive VPN and security services, the Cisco Adaptive Security Appliances firewall can be a the only platform for a multitude of uses, enabling product commonality. The Cisco ASA 5500 Series firewall can be used as a consolidated attack-prevention device at a central location by leveraging its access control, process inspection, and malware remediation capabilities. The Cisco ASA 5500 Series firewall can also be deployed as a specialized remote access solution using its Virtual Private Network capabilities. Alternatively, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves capably inside the network for interdepartmental connectivity management and to guard against worms, viruses, and other malicious code inside users might unknowingly introduce into the environment. In small company and branch office environments, the Cisco ASA firewall serves as an all-in-one platform offering complete threat prevention and VPN functionality while suiting the budgets and performance demands of such deployments.
This adaptive single-device, multiple-use design minimizes the number of devices that must be deployed and maintained while offering a common operating and administrative system throughout all deployments. This approach streamlines the education of configuration, monitoring, support, and protection personnel. To further minimize maintenance expenses, Cisco ASA 5500 Series firewalls are also exceptionally network aware, enabling these devices to integrate seamlessly into the environment without disrupting legitimate data flow and applications.
How Progent's Cisco Certified Experts Can Help You with Cisco PIX and ASA Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX firewalls incorporate an array of configuration, tracking, and troubleshooting options that offer you the ability to configure these firewalls to align optimally with your business needs. Progent's CCIE authorized network experts can help you to support your current infrastructure that incorporates Cisco ASA or PIX firewall technology and that offers security, resilience, performance, and manageability. Progent can also assist your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-premier IS security professionals can help your business to create a security policy that makes sense for your situation and can configure your security appliance to support your security policies. Progent's risk evaluation engineers can assess the strength of your existing firewall solution and validate the security of your whole information system network. Progentís Technical Response Center can provide emergency online troubleshooting for Cisco technology and offer fast access to a Cisco network engineer.
To learn more details concerning Progent's consulting assistance for Cisco solutions, pick a topic:
If you wish to contact Progent about professional expertise for Cisco networking, call 1-800-993-9400 or refer to Contact Progent.