Cisco's PIX family firewalls and ASA Series firewalls integrate next-generation firewall, intrusion protection, and VPN functionality in a cost-effective, single-box package. Both product lines have been replaced by the ASA 5500-X line of security appliances with Firepower. (Refer to integration and troubleshooting help with Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and earlier-generation ASA 5500 Series firewalls are widely used and continue to deliver small and mid-size companies a reliable firewall environment.
Cisco PIC and the original ASA 5500 firewalls deliver robust client and application policy support, mutlivector assault defense, and secure connectivity services. The enhanced knowledge sharing of consolidated security services in a single package provides customers deploying these integrated solutions the benefits of enhanced security, lower TCO, and smaller maintenance expense.
PIX firewalls and Cisco's ASA 5500 product line combine with Cisco IOS Firewall, the Firewall Services Module for Catalyst 6500 family switches, and 7600 family routers as parts of Cisco's versatile, self-contained firewall solutions. Engineered with an expandable, building-block platform, each offering is equipped with a specific array of options to provide better protection to different networking environments. These solutions can be individually installed to protect certain areas of a network infrastructure, or can be grouped for a systematic, protection-in-depth approach following the architecture best practices described in Cisco's SAFE framework. Completing the integrated firewall product line, Cisco provides a comprehensive security management portfolio, spanning Cisco security device and Cisco IOS Software security components and embedded appliance managers, to standalone management applications, helping to make sure that businesses can productively use their Cisco protection solution investments.
Cisco PIX Firewall Appliances
PIX firewalls offer reliable policy enforcement, multi-source invasion defense, and secure connectivity features in economical, easy-to-deploy modules. These purpose-built appliances provide a broad range of built-in security and connectivity services including process-aware firewall services, Voice over IP (VoIP) and multimedia protection, reliable multi-site and remote-access IPcec VPN networking, high availability, smart networking features, and flexible management options. The Cisco PIX firewall family spans compact plug-and-go desktop units for small or home offices to stackable gigabit appliances with investment protection for enterprise and service-provider customers, PIX firewalls provide dependable protection, speed, and availability for network environments of all sizes.
Based around a hardened, specialized operating system that offers a wealth of protection features, Cisco PIX security appliances offer excellent security and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec certification. Cisco PIX firewalls provide security for a wide range of VoIP and other multimedia standards such as H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol, enabling businesses to safeguard installations of a wide array of contemporary and next-generation Voice over IP and video applications.
PIX firewall appliances offer a variety of configuration, monitoring, and analysis features, providing IT managers the versatility to use the methods that most closely match their needs. Management solutions include common, policy-based administration tools, integrated web-based management, and support for remote-monitoring standards such as Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager interface provides a powerful web-accessible control solution that significantly simplifies the deployment, in-place configuration, and monitoring of a single Cisco PIX firewall appliance without the need of any extra software other than an ordinary browser and Java applet to be running on an administrator's PC.
Administrators can furthermore remotely set up, monitor, and troubleshoot PIX firewall appliances via a command-line interface (CLI). Secure command-line interface communication is available using several methods such as Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. PIX firewalls also include dependable auto-update capabilities, a set of protected remote-administration services that make sure that security settings and software images are always current.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco ASA 5500 Series Firewalls are specially engineered devices that bring together advanced, best-of-breed protection and VPN services plus a flexible architecture. The result is a robust, multifunction network protection appliance better able to defend small and midsize company and enterprise networks and, at the same time, reduce the overall deployment and operations costs formerly required for this high degree of security.
Cisco Adaptive Security Appliances Firewalls leverage technology developed for the Cisco PIX 500 Security Appliance, the IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) Firewall family to deliver a firewall that stops a wide range of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls provide program security, local containment and control, and clean VPN functionality throughout the entire product line. This broad scope of security allows the guarding of any network area, which includes the most typical attack vectors such as remote sites, locally-connected internal users, and off-site connected Virtual Private Networks.
Cisco Adaptive Security Appliances firewalls provide strong application protection through smart, application-sensitive inspection processes that examine traffic at Layers 4-7. This results in a better protected network covering web, voice, and mobile wireless services. To protect environments from application-layer attacks and to give organizations more control over the programs and protocols used in their environments, Cisco's inspection engines incorporate broad application and protocol knowledgebases and rely on security enforcement technologies that include anomaly sensing and application and protocol state monitoring. Also included are assault sensing and mitigation techniques including application and protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver management of IM and tunneling applications, enabling businesses to police usage policies and recover network bandwidth for crucial business applications.
While improving network protection, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower installation and operational costs. By offering extensive Virtual Private Network and security functions, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be a the only platform for many environments, enabling platform commonality. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be deployed as a consolidated threat-protection device at the datacenter by leveraging its connectivity control, application inspection, and malware remediation technologies. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can also be used as a specialized remote connectivity device utilizing its VPN capabilities. As an alternative, the Cisco Adaptive Security Appliances firewall operates capably in the network interior for interdepartmental connectivity control and to guard against malicious assaults internal users might unknowingly release into the environment. In small business and branch office environments, the Cisco ASA 5500 Series firewall serves as a total solution platform providing complete threat prevention and Virtual Private Network functionality while fitting within the cost structure and performance models of such situations.
This adaptive one-platform, multiple-solution approach reduces the number of appliances that must be installed and managed while providing a standard operating and management system throughout all those installations. This approach simplifies the education of setup, tracking, troubleshooting, and protection personnel. To further minimize maintenance expenses, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also exceptionally network conscious, allowing these devices to insert seamlessly into the network without interfering with legitimate data flow and applications.
How Progent's Cisco Certified Experts Can Assist Your Business with Cisco Firewalls
Cisco's ASA Series adaptive security appliances and PIX security appliances provide a wealth of configuration, tracking, and troubleshooting options which offer you the ability to deploy these firewalls to match your company's requirements. Progent's CCIE certified network professionals can assist you to support your current network infrastructure that includes Cisco ASA and/or PIX security appliances and that provides protection, fault tolerance, throughput, and recoverability. Progent's firewall experts can also help you to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-certified IS security engineers can assist you to create a security policy appropriate for your environment and can configure your PIX or ASA firewall to enforce your security strategy. Progent's risk evaluation experts can evaluate the effectiveness of your current firewall solution and validate the security of your whole information system network. Progentís Help Desk support team can provide emergency remote technical support for Cisco technology and offer fast access to a Cisco CCIE expert.
To find out additional information concerning Progent's engineering expertise for Cisco networking products, select a topic:
If you wish to ask Progent about engineering support for Cisco technology, call 1-800-993-9400 or see Contact Progent.