Cisco PIX family security appliances and Cisco ASA Series adaptive security appliances integrate comprehensive firewall, intrusion protection, and Virtual Private Network features in a cost-effective, one-box format. Both product lines have been superseded by the ASA 5500-X family of firewalls with Firepower Services. (Refer to configuration and troubleshooting help with ASA 5500-X firewalls with Firepower Services.) Still, PIX and first-generation ASA 5500 model adaptive security appliances are widely used and continue to deliver small and mid-size organizations a reliable security solution.
Cisco PIC and the original ASA 5500 firewalls offer robust user and program policy enforcement, mutlivector assault defense, and safe connectivity services. The enhanced intelligence sharing of consolidated protection features in a stand-alone package offers users implementing these integrated firewalls the advantages of enhanced security, lower TCO, and minimal management expense.
PIX firewalls and the ASA 5500 Series combine with IOS Firewall, the Firewall Services Module for Catalyst 6500 family switches, and 7600 Series routers as parts of Cisco's versatile, self-contained firewall line. Based on a scalable, building-block platform, every device is equipped with a specific array of options to deliver more efficient protection to a variety of network situations. These products can be independently installed to secure certain areas of the network environment, or can be grouped for a layered, defense-in-depth strategy based on the architecture best practices outlined in the Cisco SAFE framework. Completing the integrated firewall solutions, Cisco has developed a complete security management product portfolio, spanning Cisco security device and IOS Software security features and built-in appliance managers, to self-contained management utilities, helping to ensure that businesses can productively use their Cisco security solution investments.
Cisco PIX Security Appliance Series
PIX firewall appliances deliver robust user and application policy support, multivector attack protection, and safe connectivity services in affordable, simple-to-configure solutions. These specialized appliances offer a broad range of built-in protection and networking services including process-aware firewall features, VoIP and multimedia security, reliable multi-site and remote-connectivity IPcec Virtual Private Network networking, excellent resiliency, intelligent networking services, and versatile management solutions. The Cisco PIX Security Appliance Series family ranges from small plug-and-go devices for small and at home offices to stackable gigabit products with investment protection for large business and ISP environments, PIX firewall appliances deliver high levels of security, speed, and availability for environments of all sizes.
Built upon a hardened, specialized operating system that offers rich protection services, PIX security appliances offer a high level of security and have received EAL 4 status and ICSA Labs Firewall and IPsec certification. Cisco PIX security appliances provide security for a broad range of Voice over IP and additional multimedia standards such as H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and MGCP, enabling businesses to safeguard installations of a broad array of current and next-generation VoIP and mixed-media applications.
Cisco PIX security appliances feature a wealth of configuration, monitoring, and troubleshooting features, providing IT managers the versatility to use the techniques that most closely meet their needs. Administrative options include common, policy-based administration utilities, integrated web-accessible management, and support for remote-monitoring standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM system offers a powerful web-accessible control solution that greatly streamlines the installation, ongoing configuration, and tracking of a single Cisco PIX firewall without the need of any extra utility beyond an ordinary web browser and Java plug-in to be installed on a manager's computer.
Administrators can also remotely set up, track, and analyze Cisco PIX firewalls via a command-line interface (CLI). Safe command-line interface (CLI) communication is available through several methods including Secure Shell Protocol, Telnet over IP Security, and out-of-band via a console port. Cisco PIX security appliances also include dependable automatic-update capabilities, a collection of protected remote-administration options that make sure that firewall configurations and software images are always up to date.
Cisco ASA Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are purpose-built solutions that bring together market-proven, industry-leading security and VPN services with an adaptive architecture. The end product is a powerful, multifunction network protection appliance better able to defend small and medium company and enterprise networks and, at the same time, reduce the overall installation and operations costs formerly required for this enhanced degree of protection.
Cisco ASA Firewalls build on engineering developed for Cisco's PIX 500 firewall, the Cisco IPS 4200 Series Intrusion Prevention System, and the VPN 3000 family concentrator. These solutions enable the Cisco ASA Firewall product line to offer a platform that defends against a broad range of attacks. Cisco Adaptive Security Appliances Firewalls deliver application security, network containment and control, and safe VPN functionality across Cisco's product line. This broad scope of security enables defense of any network segment, including the most typical attack conduits such as remote locations, locally-attached internal users, and off-site access Virtual Private Networks.
Cisco Adaptive Security Appliances (ASA) firewalls provide strong application protection through intelligent, application-aware inspection engines that analyze traffic at Layers 4-7. This results in a better protected environment including web, voice, and mobile wireless connectivity. To defend networks against application-layer attacks and to offer businesses more control over the applications and protocols utilized in their environments, Cisco's inspection engines integrate extensive application and protocol knowledge and rely on security enforcement solutions that include anomaly sensing and state tracking. Also included are attack detection and mitigation techniques including application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver management of instant messaging and tunneling applications, enabling organizations to police usage policies and recover network bandwidth for critical business processes.
At the same time as increasing network protection, Cisco ASA firewalls also lower installation and support expenses. By offering extensive VPN and security services, the Cisco Adaptive Security Appliances (ASA) firewall can be used as the the only platform for a multitude of uses, allowing platform standardization. The Cisco ASA firewall can be deployed as a converged threat-prevention appliance at the datacenter by taking advantage of its connectivity control, application inspection, and malware remediation capabilities. The Cisco Adaptive Security Appliances 5500 Series firewall can also be used as a dedicated remote access device utilizing its Virtual Private Network capabilities. Alternatively, the Cisco ASA 5500 Series firewall serves equally well in the network interior for interdepartmental access management and to guard against worms, viruses, and other malicious code inside workers may inadvertently introduce into the network. For small company and branch office environments, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves as an all-in-one device offering complete threat prevention and VPN services while suiting the cost structure and operational models of such situations.
This adaptive single-platform, many-use design minimizes the number of devices that must be deployed and managed while offering a common operating and management system across all installations. This architecture streamlines the education of configuration, tracking, troubleshooting, and protection personnel. To further minimize maintenance expenses, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also exceptionally network conscious, allowing these devices to insert gracefully into the network without disrupting legitimate data flow and processes.
How Progent Can Assist Your Business with Cisco PIX and ASA Firewalls
Cisco's ASA Series firewalls and PIX family firewalls incorporate a wealth of setup, monitoring, and analysis features which offer you the ability to set up these firewalls to align optimally with your company's needs. Progent's CCIE authorized network consultants can assist you to maintain your existing infrastructure that incorporates Cisco ASA and/or PIX firewall technology and that offers protection, fault tolerance, performance, and manageability. Progent's firewall experts can also help you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-premier information security consultants can assist your business to create a security strategy appropriate for your environment and can configure your security appliance to support your security policies. Progent's risk assessment consultants can assess the effectiveness of your existing firewall deployment and audit the overall security of your whole IS network. Progentís Technical Response Center (TRC) can provide emergency online technical support for Cisco products and offer quick access to a Cisco CCIE expert.
For additional details concerning Progent's engineering assistance for Cisco solutions, choose a topic:
In order to get in touch with Progent about engineering help for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.