Cisco's PIX security appliances and ASA Series firewalls integrate next-generation firewall, intrusion defense, and Virtual Private Network (VPN) functionality in an affordable, single-cabinet format. Both product families have been superseded by Cisco's ASA 5500-X series of security appliances with Firepower Services. (Refer to configuration and troubleshooting expertise for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and previous-generation Cisco ASA 5500 Series adaptive security appliances are widely used and continue to provide small and mid-size companies a viable firewall solution.
Cisco PIC and the original ASA 5500 firewalls offer powerful user and program policy support, mutlivector assault protection, and safe access services. The increased knowledge sharing of consolidated security services in a single package offers customers implementing these aggregated firewalls the benefits of advanced security, lower TCO, and minimal management expense.
PIX firewalls and Cisco's ASA 5500 family join IOS Firewall, the FWSM for Catalyst 6500 family switches, and Cisco 7600 Series routers as components of Cisco's versatile, self-contained firewall line. Based on an expandable, modular platform, every device is designed with a particular array of options to deliver more efficient protection to a variety of network environments. These solutions can be independently installed to protect certain facets of a network infrastructure, or can be grouped for a layered, defense-in-depth approach based on the design best practices described in Cisco's SAFE framework. Completing the modular firewall solutions, Cisco provides a complete security management offering, ranging from Cisco security appliance and Cisco IOS Software security components and embedded device managers, to standalone management applications, moving to ensure that customers can productively use their Cisco protection solution purchases.
Cisco PIX Firewalls
PIX firewalls offer robust policy enforcement, multi-source attack protection, and secure connectivity features in affordable, easy-to-deploy solutions. These specialized appliances offer a broad range of built-in security and connectivity services including application-aware firewall services, Voice over IP and multimedia security, reliable multi-site and remote-access IP Security Virtual Private Network (VPN) connectivity, fault tolerance, intelligent networking features, and flexible administration solutions. The Cisco PIX firewall Appliance family spans small plug-and-go appliances for small or at home offices to stackable high-bandwidth products with investment protection for large business and ISP environments, PIX firewalls deliver dependable security, performance, and availability for environments of all sizes.
Based around a hardened, specialized OS that offers a wealth of security features, PIX firewalls offer a high level of security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security certification. PIX firewall appliances provide protection for a wide array of Voice over IP and other mixed-media standards such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and MGCP, enabling organizations to safeguard deployments of a wide range of contemporary and next-generation IP voice and video applications.
Cisco PIX security appliances feature a variety of configuration, tracking, and troubleshooting options, giving IT managers the versatility to utilize the methods that best meet their requirements. Management options include common, policy-based administration tools, integrated web-accessible administration, and support for remote-tracking protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface provides a world-class web-based management platform that greatly streamlines the installation, ongoing modification, and tracking of a single PIX security appliance without requiring any extra software other than a standard browser and Java plug-in to be running on an administrator's PC.
Administrators can furthermore remotely configure, track, and troubleshoot Cisco PIX firewalls via a command-line interface. Secure command-line interface (CLI) access is available through several techniques including SSHv2 Protocol, Telnet over IP Security, and out-of-band through a console port. PIX firewalls also have dependable auto-update features, a set advanced secure remote-management options that ensure security configurations and software images are always up to date.
Cisco Adaptive Security Appliances (ASA) Firewalls
Cisco ASA Firewalls are specially engineered devices that incorporate advanced, industry-leading protection and Virtual Private Network services with an adaptive design. The end product is a robust, multifunction network security appliance better suited to defend small and medium business and larger networks and, at the same time, reduce the total installation and maintenance costs previously required for this high level of protection.
Cisco ASA firewalls provide strong application protection through smart, application-aware inspection processes that examine traffic at Layers 4-7. This produces a safer network including web, voice, and mobile wireless access. To protect environments from application-layer attacks and to offer businesses more control over the programs and protocols utilized in their networks, these inspection engines incorporate extensive application and protocol knowledgebases and employ protection enforcement solutions such as anomaly detection and application and protocol state monitoring. Also included are attack detection and mitigation technology such as application and protocol command filters and URL deobfuscation. Cisco ASA firewall inspection engines also provide management of instant messaging and tunneling applications, allowing businesses to police usage policies and free up network bandwidth for crucial business processes.
While increasing security, Cisco ASA 5500 Series firewalls also lower deployment and support expenses. By offering broad Virtual Private Network and protection services, the Cisco Adaptive Security Appliances 5500 Series firewall can be a the only platform for a multitude of environments, allowing platform commonality. The Cisco ASA firewall can be deployed as a consolidated threat-protection appliance at the datacenter by taking advantage of its access control, application inspection, and malicious assault remediation capabilities. The Cisco ASA 5500 Series firewall can also be used as a specialized remote connectivity solution using its VPN capabilities. As another option, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall operates capably in the network interior for inter-office connectivity management and to guard against worms, viruses, and other malicious code inside workers may inadvertently introduce into the environment. For small business and branch office networks, the Cisco ASA 5500 Series firewall serves as an all-in-one platform providing comprehensive intrusion defense and Virtual Private Network services while fitting within the cost structure and operational models of such deployments.
This versatile single-platform, multiple-use design reduces the number of appliances that must be installed and maintained while offering a common functional and management environment across all those installations. This architecture streamlines the training of configuration, tracking, troubleshooting, and security personnel. To further minimize maintenance costs, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also exceptionally network conscious, allowing these devices to insert seamlessly into the network without disrupting authorized data flow and processes.
How Progent Can Assist Your Business with Cisco Firewalls
Cisco's ASA Series firewalls and PIX family firewalls provide a wealth of configuration, monitoring, and troubleshooting options that offer you the flexibility to configure these firewalls to match your business needs. Progent's CCIE certified network professionals can assist you to support your existing network infrastructure that includes Cisco ASA or PIX security appliances and that provides security, fault tolerance, performance, and manageability. Progent's firewall experts can also help you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-premier IS security experts can assist you to develop a security policy appropriate for your business and can set up your firewall to support your security strategy. Progent's risk assessment professionals can evaluate the strength of your current firewall solution and audit the security of your entire IT environment. Progent's Help Desk Call Center can provide emergency online troubleshooting for Cisco products and offer quick access to a Cisco CCIE expert.
To find out more information concerning Progent's professional help for Cisco technology, pick a subject: