Cisco PIX family security appliances and Cisco ASA Series adaptive security appliances integrate comprehensive firewall, intrusion protection, and Virtual Private Network technologies in an economical, one-box package. Both product lines have been replaced by Cisco's ASA 5500-X series of security appliances with Firepower. (Refer to integration and troubleshooting expertise for ASA 5500-X firewalls with Firepower Services.) Still, both PIX and first-generation Cisco ASA 5500 model firewalls are widely used and continue to offer small and mid-size organizations a viable firewall solution.
PIX and the original ASA 5500 firewalls offer robust user and application policy support, mutlivector attack defense, and safe access services. The increased intelligence sharing of integrated protection features in a single package provides users deploying these integrated firewalls the advantages of enhanced protection, lower TCO, and smaller management costs.
Cisco PIX firewalls and the ASA 5500 family combine with Cisco IOS Firewall, the Firewall Services Module (FWSM) for Cisco Catalyst 6500 switches, and Cisco 7600 family routers as components of Cisco's flexible, integrated firewall solutions. Engineered with an expandable, modular approach, each device is designed with a specific array of options to deliver better protection to different network environments. These products can be independently installed to protect certain areas of the network environment, or can be combined for a layered, defense-in-depth approach based on the architecture leading practices outlined in the Cisco SAFE Blueprint. Rounding out the modular firewall solutions, Cisco has developed a comprehensive security management catalog, spanning Cisco security appliance and Cisco IOS Software security components and built-in device managers, to self-contained management programs, helping to ensure that customers can productively manage their Cisco security solution investments.
Cisco PIX Firewalls
PIX firewalls offer robust user and application policy support, multi-source attack protection, and safe connectivity features in cost-effective, easy-to-deploy solutions. These purpose-built appliances provide a wealth of integrated protection and connectivity services such as process-aware firewall features, VoIP and multimedia protection, reliable site-to-site and remote-connectivity IP Security (IPsec) Virtual Private Network networking, excellent resiliency, smart networking features, and flexible management solutions. The PIX firewall Appliance product line ranges from compact plug-and-play appliances for small and at home offices to modular high-bandwidth products with ROI for enterprise and ISP customers, Cisco PIX Security Appliance Series provide high levels of protection, speed, and reliability for environments of any size.
Built upon a hardened, specialized OS that delivers rich protection features, PIX firewall appliances provide excellent protection and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security (IPsec) certification. Cisco PIX security appliances provide security for a wide array of Voice over IP and additional multimedia standards such as H.323 Version 4, SIP, SCCP, Real-Time Streaming Protocol, and MGCP, enabling organizations to safeguard installations of a wide range of contemporary and next-generation Voice over IP and multimedia applications.
PIX firewalls offer a variety of setup, tracking, and troubleshooting features, providing businesses the flexibility to use the techniques that most closely match their needs. Management solutions include centralized, policy-based management tools, integrated web-accessible administration, and support for remote-monitoring standards like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system offers a world-class web-accessible management solution that significantly streamlines the deployment, ongoing configuration, and monitoring of a single Cisco PIX firewall appliance without requiring any extra software other than an ordinary browser and Java applet to be running on a manager's computer.
Administrators can also remotely set up, track, and troubleshoot Cisco PIX firewall appliances via a command-line interface. Safe CLI interface communication is possible using a number of methods such as Secure Shell Protocol, Telnet over IP Security, and out-of-band through a console port. Cisco PIX security appliances also include dependable automatic-update capabilities, a collection advanced protected remote-administration services that make sure that security configurations and software images are kept up to date.
Cisco ASA Firewalls
Cisco Adaptive Security Appliances Firewalls are specially engineered devices that bring together market-proven, industry-leading protection and Virtual Private Network services plus a flexible architecture. The end product is a powerful, multifunction network protection solution better suited to defend small and medium business and enterprise networks and, simultaneously, lower the total installation and maintenance costs previously required for this high degree of security.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on engineering developed for Cisco's PIX 500 family firewall, Cisco's IPS 4200 Series sensor, and the VPN 3000 model concentrator. These technologies enable the Cisco ASA 5500 Series Firewall product line to offer a platform that defends against a wide range of threats. Cisco Adaptive Security Appliances (ASA) Firewalls provide application protection, local containment, and safe VPN connectivity across Cisco's product line. This breadth of security allows defense of any network area, including the most common threat conduits like remote sites, LAN-connected inside users, and off-site connected Virtual Private Networks.
Cisco ASA firewalls provide robust application protection via smart, application-sensitive inspection engines that examine network flows at Layers 4-7. The result is a better protected network including web, voice, and mobile wireless services. To defend environments against application-layer attacks and to give businesses more policing of the programs and protocols used in their networks, these inspection engines integrate extensive application and protocol knowledge and employ protection enforcement technologies such as protocol anomaly detection and application and protocol state monitoring. Also incorporated are attack sensing and mitigation techniques including application and protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide control over instant messaging and tunneling applications, allowing businesses to enforce usage policies and recover network bandwidth for vital business applications.
At the same time as improving network security, Cisco Adaptive Security Appliances 5500 Series firewalls also lower installation and support costs. By offering broad Virtual Private Network and protection services, the Cisco Adaptive Security Appliances (ASA) firewall can be a single device for many uses, enabling product standardization. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as a consolidated threat-protection appliance at the datacenter by taking advantage of its connectivity control, process inspection, and worm, virus, and other malware mitigation technologies. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can also be deployed as a dedicated remote connectivity device utilizing its Virtual Private Network capabilities. Alternatively, the Cisco Adaptive Security Appliances (ASA) firewall serves equally well in the network interior for inter-office connectivity management and to guard against malware inside users may unknowingly introduce into the environment. For small company and satellite office environments, the Cisco Adaptive Security Appliances firewall serves as an all-in-one device offering complete threat defense and Virtual Private Network services while suiting the cost structure and performance models of these situations.
This versatile single-platform, multiple-use design minimizes the total number of devices that need to be installed and managed while offering a common operating and administrative system throughout all deployments. This approach simplifies the education of configuration, tracking, support, and protection personnel. To further reduce operations expenses, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also highly network conscious, allowing them to integrate seamlessly into the network without disrupting authorized data flow and applications.
How Progent Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco ASA Series adaptive security appliances and PIX security appliances incorporate a wealth of configuration, monitoring, and troubleshooting options which offer you the flexibility to deploy these firewalls to match your business needs. Progent's CCIE authorized network professionals can show you how to support your existing infrastructure that incorporates Cisco ASA or PIX firewalls and that provides security, resilience, performance, and manageability. Progent's firewall experts can also help you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-certified information security professionals can assist your business to create a security policy appropriate for your environment and can configure your firewall to enforce your security policies. Progent's security evaluation professionals can assess the strength of your existing firewall solution and help determine the security of your entire IT network. Progentís Help Desk support team can provide emergency remote troubleshooting for Cisco technology and offer fast access to a Cisco CCIE expert.
To learn more details concerning Progent's professional help for Cisco solutions, choose a subject:
In order to get in touch with Progent about consulting assistance for Cisco products, phone 1-800-993-9400 or go to Contact Progent.