Cisco's PIX family security appliances and Cisco ASA 5500 Series adaptive security appliances integrate next-generation firewall, intrusion protection, and Virtual Private Network features in an affordable, one-cabinet package. Both of these product families have been superseded by Cisco's ASA 5500-X family of security appliances with Firepower. (See integration and troubleshooting help with Cisco AA 5500-X firewalls with Firepower Services.) Still, both PIX and previous-generation ASA 5500 model firewalls are extensively used and continue to provide small and mid-size organizations a viable security environment.
Cisco PIC and legacy ASA 5500 firewalls deliver powerful client and application policy enforcement, mutlivector attack protection, and secure connectivity features. The enhanced knowledge sharing of consolidated protection features in a stand-alone package provides customers implementing these aggregated firewalls the benefits of advanced protection, lower cost of ownership, and minimal management costs.
PIX firewalls and the ASA 5500 Series combine with Cisco IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 family switches, and 7600 family routers as parts of Cisco's versatile, self-contained firewall product. Engineered with an expandable, building-block platform, each offering is designed with a specific array of options to provide better protection to different network environments. These solutions can be independently installed to protect certain facets of a network environment, or can be combined for a systematic, defense-in-depth strategy based on the architecture leading practices outlined in the Cisco SAFE Blueprint. Rounding out the integrated firewall product line, Cisco provides a comprehensive security management product portfolio, spanning Cisco security appliance and Cisco IOS security components and embedded appliance managers, to self-contained management utilities, moving to ensure that customers can productively manage their Cisco security infrastructure investments.
PIX firewall appliances deliver reliable policy support, multivector attack defense, and safe networking features in affordable, out-of-the-box modules. These purpose-built devices provide a broad range of integrated protection and networking services including application-aware firewall services, Voice over IP (VoIP) and multimedia security, robust site-to-site and remote-access IP Security (IPsec) VPN networking, excellent resiliency, intelligent networking features, and flexible management options. The Cisco PIX firewall Appliance product line ranges from small plug-and-go desktop units for small and home offices to stackable high-bandwidth appliances with investment protection for large business and ISP customers, Cisco PIX firewalls deliver dependable security, performance, and availability for networks of any size.
Based around a hardened, specialized operating system that offers rich protection services, Cisco PIX security appliances offer a high level of security and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security (IPsec) certification. PIX firewalls offer protection for a broad array of VoIP and additional mixed-media standards including H.323 Version 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), enabling organizations to safeguard installations of a wide array of current and upcoming IP voice and mixed-media applications.
PIX security appliances feature a wealth of configuration, tracking, and analysis options, providing businesses the flexibility to utilize the techniques that best meet their requirements. Administrative options include centralized, policy-based administration tools, integrated web-based management, and compatibility with remote-tracking standards like Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a powerful web-based control platform that significantly simplifies the installation, ongoing modification, and monitoring of a single Cisco PIX firewall appliance without requiring any extra utility other than an ordinary web browser and Java applet to be installed on a manager's PC.
IT managers can furthermore remotely configure, monitor, and analyze Cisco PIX security appliances using a command-line interface. Safe command-line interface access is possible using a number of methods including Secure Shell (SSHv2) Protocol, Telnet through IPsec, and out-of-band via a console port. PIX firewalls also have robust auto-update capabilities, a collection of protected remote-management options that ensure firewall settings and software images are always up to date.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are specially engineered solutions that bring together market-proven, industry-leading protection and VPN support with an adaptive design. The result is a powerful, multifunction network security appliance better able to protect small and midsize company and enterprise networks and, at the same time, lower the total installation and operations costs formerly associated with this enhanced degree of security.
Cisco Adaptive Security Appliances Firewalls build on technology behind the PIX 500 firewall, Cisco's IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 family concentrator. These solutions converge on the Cisco ASA 5500 Series Firewall family to offer a firewall that stops a wide range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide application security, local containment and control, and safe VPN connectivity throughout Cisco's product portfolio. This breadth of protection enables defense of any network section, which includes the most common attack conduits like remote sites, LAN-connected internal users, and remote access VPNs.
Cisco Adaptive Security Appliances firewalls deliver robust application security via intelligent, application-aware inspection processes that analyze network flows at Layers 4-7. This produces a better protected network including web, voice, and mobile wireless services. To defend environments from application-layer attacks and to give businesses greater policing of the programs and protocols utilized in their environments, Cisco's inspection engines incorporate extensive application and protocol knowledgebases and rely on protection enforcement solutions that include anomaly detection and state monitoring. Also incorporated are attack detection and remediation technology including application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide management of instant messaging and peer-to-peer file sharing, allowing businesses to police usage policies and preserve bandwidth for critical business processes.
At the same time as improving network security, Cisco ASA 5500 Series firewalls also decrease installation and operational expenses. By providing extensive Virtual Private Network and security functions, the Cisco ASA 5500 Series firewall can be used as the the only platform for many uses, allowing product standardization. The Cisco ASA 5500 Series firewall can be used as a consolidated threat-prevention device at the datacenter by taking advantage of its connectivity control, process inspection, and worm, virus, and other malware mitigation technologies. The Cisco Adaptive Security Appliances firewall can also be deployed as a dedicated remote access solution using its VPN capabilities. Alternatively, the Cisco Adaptive Security Appliances firewall performs equally well inside the network for interdepartmental access management and to defend against malicious assaults inside workers may unknowingly introduce into the network. For small company and satellite office environments, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves as an all-in-one device offering complete intrusion defense and Virtual Private Network functionality while fitting within the cost structure and operational models of such situations.
This adaptive single-platform, multiple-solution approach minimizes the total number of devices that need to be deployed and maintained while providing a standard operating and administrative system throughout all deployments. This architecture simplifies the training of setup, tracking, support, and protection personnel. To further reduce operations expenses, Cisco ASA 5500 Series firewalls are also highly network aware, allowing these devices to integrate seamlessly into the environment without interfering with authorized traffic and applications.
How Progent's Cisco Certified Experts Can Assist You with Cisco Firewalls
Cisco ASA Series adaptive security appliances and PIX firewalls provide a wealth of setup, monitoring, and analysis options that give you the flexibility to configure these firewalls to align optimally with your company's needs. Progent's CCIE authorized network professionals can help you to support your existing infrastructure that incorporates Cisco ASA and/or PIX firewalls and that provides protection, resilience, throughput, and manageability. Progent can also assist your organization to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-certified IS security experts can assist you to develop a security policy appropriate for your business and can configure your PIX or ASA firewall to support your security policies. Progent's risk assessment engineers can evaluate the effectiveness of your existing firewall solution and help determine the security of your entire IS environment. Progentís Technical Response Center can deliver urgent remote troubleshooting for Cisco products and offer fast access to a Cisco network engineer.
For additional information about Progent's consulting support for Cisco products, select a topic:
In order to get in touch with Progent about engineering help for Cisco products, call 1-800-993-9400 or go to Contact Progent.