Cisco's PIX firewalls and ASA 5500 Series firewalls combine comprehensive firewall, intrusion defense, and Virtual Private Network functionality in an economical, one-box format. Both of these product families have been superseded by Cisco's ASA 5500-X series of security appliances with Firepower. (Refer to configuration and troubleshooting expertise for ASA 5500-X firewalls with Firepower Services.) Still, PIX and previous-generation ASA 5500 Series firewalls are extensively used and continue to provide small and mid-size organizations a viable security solution.
Cisco PIC and the original ASA 5500 firewalls deliver robust user and program policy support, mutlivector attack protection, and safe connectivity features. The increased intelligence sharing of integrated protection features in a stand-alone platform offers customers implementing these integrated solutions the advantages of advanced security, lower cost of ownership, and minimal management costs.
Cisco PIX firewalls and Cisco's ASA 5500 product line combine with Cisco IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 family switches, and 7600 Series routers as components of Cisco's versatile, self-contained firewall solutions. Based on a scalable, building-block platform, every offering is equipped with a specific feature set to provide more efficient protection to a variety of networking environments. These solutions can be independently installed to secure specific facets of the connectivity infrastructure, or can be combined for a layered, protection-in-depth strategy following the design best practices described in Cisco's SAFE framework. Rounding out the integrated firewall product line, Cisco has developed a comprehensive security management catalog, spanning Cisco security device and IOS Software security features and embedded device controllers, to self-contained management utilities, moving to ensure that businesses can effectively use their Cisco protection infrastructure investments.
Cisco PIX Security Appliance Series
PIX Security Appliance Series deliver robust policy enforcement, multi-source attack defense, and secure networking features in economical, easy-to-deploy solutions. These purpose-built devices offer a wealth of integrated protection and connectivity services including application-aware firewall features, Voice over IP (VoIP) and multimedia protection, robust multi-location and remote-access IP Security (IPsec) Virtual Private Network networking, excellent resiliency, smart networking services, and versatile management solutions. The PIX firewall Appliance product line spans compact plug-and-play desktop units for small and home offices to stackable high-bandwidth appliances with ROI for enterprise and ISP environments, PIX firewall appliances deliver high levels of security, speed, and availability for network environments of all sizes.
Built around a tested, specialized software platform that offers rich security features, PIX firewall appliances offer excellent protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IPsec qualification. Cisco PIX security appliances provide security for a broad range of VoIP and additional multimedia standards including H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol, enabling organizations to safeguard installations of a wide array of current and next-generation IP voice and multimedia applications.
PIX firewalls feature a variety of setup, tracking, and troubleshooting features, giving IT managers the flexibility to utilize the techniques that most closely match their needs. Management options include common, policy-based management utilities, integrated web-based management, and support for remote-tracking standards such as Simple Network Management Protocol and syslog. The integrated ASDM interface provides a powerful web-accessible control solution that significantly simplifies the deployment, in-place configuration, and monitoring of a specific PIX firewall without requiring any additional software other than an ordinary browser and Java plug-in to be running on a manager's PC.
IT managers can furthermore remotely set up, monitor, and analyze PIX security appliances via a CLI interface. Safe command-line interface access is available using a number of methods such as Secure Shell Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewalls also have dependable automatic-update capabilities, a collection advanced secure remote-management options that ensure firewall configurations and software images are always current.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are specially engineered solutions that bring together advanced, best-of-breed security and VPN support plus an adaptive architecture. The end product is a robust, multifunction network protection appliance better suited to defend small and midsize company and larger networks and, at the same time, lower the total deployment and operations costs formerly associated with this enhanced level of protection.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide strong application security via smart, application-sensitive inspection processes that examine traffic at Layers 4-7. This results in a safer network including web, voice, and mobile wireless access. To protect networks against application-layer attacks and to offer businesses more policing of the applications and protocols utilized in their environments, these inspection engines integrate broad application and protocol knowledge and employ security enforcement solutions that include protocol anomaly detection and state tracking. Also included are attack sensing and mitigation techniques such as application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also deliver control over IM and tunneling applications, allowing businesses to police usage policies and free up bandwidth for vital business processes.
At the same time as improving security, Cisco Adaptive Security Appliances 5500 Series firewalls also decrease installation and support costs. By providing broad VPN and protection services, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be a the only platform for many environments, allowing product standardization. The Cisco ASA 5500 Series firewall can be used as a consolidated threat-prevention appliance at the datacenter by leveraging its connectivity control, process inspection, and malware remediation capabilities. The Cisco ASA 5500 Series firewall can also be used as a dedicated remote access device utilizing its VPN features. As an alternative, the Cisco Adaptive Security Appliances firewall performs equally well in the network interior for interdepartmental connectivity management and to guard against malicious assaults internal users may unknowingly release into the environment. In small business and satellite office networks, the Cisco Adaptive Security Appliances 5500 Series firewall serves as a total solution platform offering complete intrusion prevention and VPN services while fitting within the budgets and performance demands of such deployments.
This adaptive single-device, many-use design reduces the number of devices that must be installed and managed while providing a common operating and administrative system across all those deployments. This approach simplifies the training of configuration, monitoring, support, and protection staff. To further reduce maintenance costs, Cisco Adaptive Security Appliances 5500 Series firewalls are also exceptionally network conscious, enabling them to integrate gracefully into the environment without interfering with authorized traffic and applications.
How Progent Can Help You with Cisco PIX and ASA Security Appliances
Cisco's ASA 5500 Series firewalls and PIX firewalls incorporate a wealth of setup, tracking, and analysis features that give you the ability to deploy these firewalls to match your company's needs. Progent's CCIE certified network consultants can assist you to support your existing network infrastructure that includes Cisco ASA or PIX firewalls and that provides security, resilience, performance, and recoverability. Progent can also help your organization to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-premier information security experts can assist your business to create a security strategy that makes sense for your situation and can configure your firewall to enforce your security policies. Progent's security assessment professionals can assess the effectiveness of your existing firewall solution and validate the security of your whole IT network. Progent’s Technical Response Center can provide emergency online troubleshooting for Cisco technology and offer quick access to a Cisco CCIE expert.
To learn more details about Progent's engineering assistance for Cisco networking products, pick a topic: