Cisco's PIX security appliances and Cisco ASA 5500 Series firewalls integrate next-generation firewall, intrusion protection, and Virtual Private Network technologies in a cost-effective, single-cabinet format. Both product lines have been replaced by the ASA 5500-X family of security appliances with Firepower Services. (See integration and debugging help with ASA 5500-X firewalls with Firepower Services.) Still, both PIX and first-generation ASA 5500 model firewalls are widely used and continue to deliver small and mid-size organizations a reliable security solution.
PIX and the original ASA 5500 firewalls offer powerful user and application policy enforcement, mutlivector assault protection, and safe access features. The enhanced intelligence sharing of consolidated security features in a single package provides users implementing these integrated solutions the advantages of enhanced protection, lower cost of ownership, and minimal management expense.
PIX firewalls and the ASA 5500 Series combine with Cisco IOS Firewall, the FWSM for Catalyst 6500 family switches, and 7600 family routers as components of Cisco's flexible, integrated firewall solutions. Based on an expandable, building-block approach, every offering is designed with a particular array of options to provide more efficient security to a variety of network situations. These products can be individually deployed to secure specific areas of the network environment, or can be grouped for a systematic, defense-in-depth strategy following the design leading practices described in Cisco's SAFE Blueprint. Completing the integrated firewall product line, Cisco provides a complete security management portfolio, spanning Cisco security device and IOS Software security components and built-in device controllers, to self-contained management programs, helping to ensure that businesses can effectively manage their Cisco protection infrastructure investments.
Cisco PIX Security Appliance Series
Cisco PIX firewalls deliver reliable user and application policy support, multivector attack defense, and safe networking features in economical, easy-to-deploy modules. These specialized appliances offer a broad range of built-in security and networking capabilities such as process-aware firewall features, Voice over IP (VoIP) and multimedia protection, robust multi-location and remote-connectivity IP Security (IPsec) VPN connectivity, high availability, intelligent networking features, and versatile management solutions. The Cisco PIX firewall Appliance product line ranges from compact plug-and-play desktop units for small offices or home offices to modular gigabit appliances with investment protection for enterprise and ISP customers, PIX Security Appliance Series provide high levels of protection, performance, and availability for network environments of any size.
Built around a hardened, specialized operating system that offers rich protection services, Cisco PIX security appliances provide a high level of protection and have been awarded EAL 4 status and ICSA Firewall and IPsec certification. Cisco PIX firewalls provide protection for a wide range of VoIP and other multimedia conventions including H.323 v. 4, SIP, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), enabling organizations to protect deployments of a broad range of contemporary and next-generation IP voice and multimedia applications.
PIX security appliances offer a variety of configuration, monitoring, and troubleshooting features, giving IT managers the flexibility to use the methods that most closely meet their requirements. Management options include common, policy-based management tools, integrated web-accessible management, and support for remote-tracking protocols like Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager interface provides a powerful web-accessible management platform that significantly simplifies the installation, in-place configuration, and tracking of a single PIX firewall appliance without requiring any extra software other than an ordinary web browser and Java plug-in to be installed on an administrator's PC.
IT managers can furthermore remotely configure, track, and troubleshoot Cisco PIX firewall appliances via a CLI interface. Secure command-line interface (CLI) access is available through several techniques such as Secure Shell Protocol, Telnet over IPsec, and out-of-band via a console port. PIX security appliances also include dependable auto-update capabilities, a set of secure remote-administration services that ensure firewall configurations and software images are always up to date.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco ASA 5500 Series Firewalls are specially engineered devices that incorporate advanced, best-of-breed protection and Virtual Private Network services with an adaptive design. The end product is a powerful, multifunction network protection solution better suited to protect small and medium business (SMB) and enterprise networks and, at the same time, lower the total installation and maintenance costs previously required for this enhanced level of protection.
Cisco ASA 5500 Series Firewalls build on technology behind Cisco's PIX 500 Series firewall, the Cisco IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These solutions converge on the Cisco ASA Firewall family to offer a firewall that stops a broad range of threats. Cisco Adaptive Security Appliances Firewalls provide program security, local containment, and safe Virtual Private Network connectivity across the entire product line. This breadth of protection allows the guarding of any network segment, which includes the most common attack vectors like remote sites, locally-attached inside users, and off-site access VPNs.
Cisco ASA firewalls provide strong application security through smart, application-aware inspection engines that examine network flows at Layers 4-7. This produces a more secure network covering web, voice, and mobile wireless connectivity. To defend environments against application-layer attacks and to offer businesses more policing of the programs and protocols utilized in their networks, Cisco's inspection engines integrate broad application and protocol knowledge and rely on security enforcement technologies such as protocol anomaly detection and application and protocol state monitoring. Also incorporated are assault sensing and remediation technology such as application/protocol command filtering and content verification. Cisco ASA firewall inspection engines also deliver control over instant messaging and tunneling applications, enabling businesses to police usage policies and free up bandwidth for important business processes.
At the same time as increasing network security, Cisco Adaptive Security Appliances 5500 Series firewalls also lower deployment and support expenses. By providing extensive Virtual Private Network and protection functions, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as the the only platform for a multitude of uses, allowing product commonality. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be deployed as a converged attack-prevention appliance at the datacenter by taking advantage of its access control, application inspection, and malware remediation capabilities. The Cisco ASA 5500 Series firewall can also be deployed as a specialized remote connectivity solution using its Virtual Private Network features. Alternatively, the Cisco Adaptive Security Appliances (ASA) firewall operates capably in the network interior for interdepartmental access control and to guard against malicious assaults inside users may inadvertently release into the environment. In small company and branch office networks, the Cisco Adaptive Security Appliances (ASA) firewall acts as an all-in-one device offering complete intrusion defense and VPN services while suiting the cost structure and operational demands of such situations.
This versatile single-platform, many-use approach reduces the total number of appliances that need to be installed and managed while offering a common operating and administrative system throughout all installations. This approach simplifies the education of setup, monitoring, support, and protection personnel. To further reduce maintenance costs, Cisco ASA 5500 Series firewalls are also exceptionally network conscious, allowing these devices to integrate gracefully into the network without disrupting legitimate data flow and processes.
How Progent's Cisco Certified Experts Can Help You with Cisco PIX and ASA Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX security appliances incorporate an array of configuration, monitoring, and analysis options that give you the flexibility to configure these security appliances to align optimally with your company's needs. Progent's CCIE certified network consultants can help you to maintain your current network infrastructure that includes Cisco ASA or PIX security appliances and that offers security, fault tolerance, performance, and manageability. Progent can also assist you to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified information security engineers can help your business to create a security policy that makes sense for your situation and can configure your PIX or ASA firewall to enforce your security policies. Progent's security assessment professionals can assess the strength of your existing firewall deployment and help determine the security of your entire information system network. Progentís Technical Response Center can deliver emergency online troubleshooting for Cisco products and can give you quick access to a Cisco CCIE expert.
To learn more information concerning Progent's consulting expertise for Cisco products, choose a topic:
In order to get in touch with Progent about technical expertise for Cisco networking, call 1-800-993-9400 or see Contact Progent.