Cisco PIX family firewalls and Cisco ASA 5500 Series firewalls integrate comprehensive firewall, intrusion defense, and VPN technologies in an affordable, one-box package. Both product lines have been superseded by the ASA 5500-X family of firewalls with Firepower Services. (Refer to configuration and troubleshooting help with Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and previous-generation ASA 5500 Series firewalls are extensively deployed and continue to deliver small and mid-size companies a viable security environment.
PIX and the original ASA 5500 firewalls offer robust user and application policy enforcement, mutlivector attack protection, and safe connectivity features. The enhanced knowledge sharing of consolidated security features in a single platform provides customers implementing these aggregated firewalls the benefits of advanced protection, reduced TCO, and smaller management expense.
Cisco PIX security appliances and Cisco's ASA 5500 Series combine with Cisco IOS Firewall, the FWSM for Cisco Catalyst 6500 Series switches, and 7600 routers as parts of Cisco's flexible, self-contained firewall solutions. Engineered with an expandable, building-block platform, each offering is equipped with a particular feature set to deliver more efficient protection to a variety of networking environments. These solutions can be individually installed to protect specific areas of a network infrastructure, or can be combined for a layered, protection-in-depth strategy following the architecture best practices outlined in Cisco's SAFE Blueprint. Completing the integrated firewall product line, Cisco has developed a complete security management product portfolio, spanning Cisco security appliance and Cisco IOS Software security components and built-in appliance controllers, to self-contained management utilities, moving to ensure that customers can effectively use their Cisco protection infrastructure purchases.
PIX Firewall Appliances
Cisco PIX Security Appliance Series deliver robust user and application policy enforcement, multi-source attack defense, and secure connectivity services in cost-effective, simple-to-configure modules. These purpose-built appliances offer a wealth of integrated protection and connectivity capabilities such as process-aware firewall services, VoIP and multimedia protection, reliable multi-site and remote-access IP Security Virtual Private Network networking, fault tolerance, smart networking services, and flexible administration options. The Cisco PIX firewall product line ranges from small plug-and-go appliances for small and at home offices to modular gigabit appliances with investment protection for large business and ISP environments, PIX firewall appliances provide dependable protection, speed, and availability for network environments of any size.
Based around a tested, specialized software platform that delivers a wealth of security services, Cisco PIX firewall appliances provide a high level of protection and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security qualification. Cisco PIX security appliances provide security for a wide range of Voice over IP and additional mixed-media conventions including H.323 v. 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, helping organizations to protect installations of a broad range of contemporary and next-generation VoIP and mixed-media applications.
Cisco PIX firewalls feature a wealth of setup, monitoring, and analysis features, providing businesses the flexibility to use the techniques that best meet their requirements. Management solutions include common, policy-based administration utilities, integrated web-based administration, and support for remote-monitoring standards such as SNMP and syslog. The integrated ASDM interface offers a world-class web-based management platform that significantly streamlines the deployment, ongoing modification, and tracking of a single PIX firewall appliance without requiring any extra utility beyond an ordinary browser and Java plug-in to be installed on a manager's computer.
IT managers can also remotely set up, track, and analyze PIX security appliances using a CLI interface. Secure command-line interface (CLI) communication is available using a number of techniques such as Secure Shell Protocol, Telnet over IP Security, and out-of-band through a console port. PIX security appliances also include dependable automatic-update features, a collection of protected remote-administration options that make sure that firewall settings and software images are kept up to date.
Cisco ASA Firewalls
Cisco ASA 5500 Series Firewalls are specially engineered solutions that bring together market-proven, industry-leading protection and VPN services with a flexible design. The result is a robust, versatile network security solution better able to protect small and midsize business (SMB) and enterprise networks and, simultaneously, lower the total installation and operations expenses formerly required for this high level of protection.
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage engineering developed for the Cisco PIX 500 family Security Appliance, the IPS 4200 Series Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These solutions enable the Cisco ASA 5500 Series Firewall product line to deliver a platform that stops a wide range of attacks. Cisco ASA 5500 Series Firewalls deliver application security, network containment, and clean Virtual Private Network functionality across the entire product portfolio. This breadth of security enables the guarding of any network section, including the most common attack conduits like remote locations, locally-attached internal users, and off-site connected VPNs.
Cisco ASA 5500 Series firewalls provide strong application security via intelligent, application-sensitive inspection engines that examine network flows at Layers 4-7. This results in a safer network including web, voice, and mobile wireless access. To protect networks against application-layer assaults and to give businesses more control over the programs and protocols utilized in their networks, Cisco's inspection engines incorporate broad application and protocol knowledge and employ security enforcement solutions that include anomaly sensing and state tracking. Also incorporated are assault detection and mitigation techniques including application/protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide management of instant messaging and peer-to-peer file sharing, allowing businesses to enforce usage policies and preserve network bandwidth for important business applications.
At the same time as improving network protection, Cisco Adaptive Security Appliances 5500 Series firewalls also decrease deployment and operational costs. By offering broad Virtual Private Network and protection functions, the Cisco Adaptive Security Appliances (ASA) firewall can be a the only platform for a multitude of environments, enabling product commonality. The Cisco Adaptive Security Appliances firewall can be deployed as a consolidated attack-prevention appliance at the datacenter by taking advantage of its connectivity control, process inspection, and malware remediation capabilities. The Cisco Adaptive Security Appliances firewall can also be deployed as a dedicated remote connectivity device utilizing its VPN features. Alternatively, the Cisco Adaptive Security Appliances (ASA) firewall performs equally well in the network interior for inter-office access control and to guard against worms, viruses, and other malicious code inside workers may unwittingly introduce into the network. In small business and branch office environments, the Cisco Adaptive Security Appliances firewall serves as an all-in-one device offering complete threat defense and Virtual Private Network services while fitting within the cost structure and operational models of these deployments.
This adaptive one-device, multiple-use approach reduces the total number of appliances that must be deployed and maintained while offering a common functional and administrative system throughout all those installations. This approach streamlines the education of configuration, monitoring, troubleshooting, and security staff. To further reduce operations costs, Cisco ASA 5500 Series firewalls are also exceptionally network conscious, enabling them to integrate gracefully into the network without disrupting authorized data flow and applications.
How Progent Can Assist Your Business with Cisco Firewalls
Cisco ASA 5500 Series firewalls and PIX family firewalls provide a wealth of configuration, tracking, and analysis options which offer you the flexibility to set up these firewalls to align optimally with your business needs. Progent's CCIE authorized network experts can help you to maintain your current infrastructure that includes Cisco ASA or PIX firewall technology and that offers security, resilience, performance, and recoverability. Progent's firewall experts can also assist your organization to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-premier IS security consultants can assist your business to develop a security strategy appropriate for your situation and can configure your firewall to enforce your security policies. Progent's security assessment engineers can evaluate the effectiveness of your current firewall solution and audit the overall security of your entire IS environment. Progentís Technical Response Center can deliver urgent online troubleshooting for Cisco products and can give you fast access to a Cisco CCIE expert.
For more details concerning Progent's professional help for Cisco products, choose a topic:
In order to contact Progent about consulting assistance for Cisco networking, call 1-800-993-9400 or go to Contact Progent.