Cisco's PIX family security appliances and Cisco ASA 5500 Series firewalls integrate comprehensive firewall, intrusion defense, and VPN features in an economical, one-box package. Both product lines have been replaced by Cisco's ASA 5500-X series of security appliances with Firepower. (See configuration and troubleshooting expertise for ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation Cisco ASA 5500 Series adaptive security appliances are widely used and continue to provide small and mid-size organizations a viable security solution.
PIX and legacy ASA 5500 firewalls offer powerful user and program policy support, mutlivector attack defense, and safe access features. The enhanced intelligence sharing of consolidated security services in a stand-alone package offers users deploying these integrated firewalls the advantages of advanced protection, reduced cost of ownership, and minimal management costs.
PIX firewalls and Cisco's ASA 5500 Series join Cisco IOS Firewall, the FWSM for Cisco Catalyst 6500 family switches, and Cisco 7600 routers as parts of Cisco's versatile, self-contained firewall solutions. Engineered with an expandable, building-block approach, each device is equipped with a particular feature set to deliver more efficient security to different network situations. These products can be individually deployed to secure certain facets of the network infrastructure, or can be combined for a layered, protection-in-depth approach based on the architecture leading practices described in Cisco's SAFE Blueprint. Completing the modular firewall solutions, Cisco has developed a complete security management portfolio, ranging from Cisco security device and IOS security features and built-in appliance managers, to self-contained management programs, moving to make sure that businesses can effectively manage their Cisco security solution purchases.
Cisco PIX Firewalls
Cisco PIX firewalls offer robust policy enforcement, multi-source invasion defense, and secure networking features in economical, easy-to-deploy solutions. These purpose-built devices offer a broad range of built-in protection and connectivity capabilities such as process-aware firewall features, VoIP and multimedia security, robust multi-site and remote-connectivity IP Security VPN networking, fault tolerance, smart networking features, and versatile administration solutions. The Cisco PIX firewall Appliance product line spans compact plug-and-play devices for small or home offices to modular high-bandwidth products with investment protection for large business and ISP customers, PIX firewalls provide dependable security, performance, and reliability for network environments of all sizes.
Based around a tested, specialized OS that delivers a wealth of protection services, Cisco PIX firewall appliances provide excellent protection and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec qualification. Cisco PIX firewalls provide protection for a wide range of VoIP and other multimedia standards such as H.323 Version 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, enabling organizations to safeguard deployments of a broad range of contemporary and next-generation Voice over IP and video applications.
Cisco PIX security appliances feature a wealth of setup, tracking, and analysis options, providing IT managers the flexibility to utilize the techniques that best meet their requirements. Administrative solutions include common, policy-based administration tools, integrated web-accessible management, and compatibility with remote-tracking standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM system provides a world-class web-accessible control platform that greatly simplifies the installation, in-place modification, and tracking of a single Cisco PIX security appliance without the need of any additional software other than a standard web browser and Java plug-in to be installed on a manager's PC.
Administrators can also remotely configure, monitor, and analyze Cisco PIX firewalls using a command-line interface. Secure command-line interface (CLI) communication is available using several methods such as Secure Shell (SSHv2) Protocol, Telnet through IPsec, and out-of-band via a console port. PIX firewalls also include robust automatic-update features, a set advanced protected remote-management services that make sure that security configurations and software images are always up to date.
Cisco Adaptive Security Appliances (ASA) Firewalls
Cisco ASA Firewalls are specially engineered devices that incorporate market-proven, best-of-breed security and VPN support plus an adaptive architecture. The end product is a powerful, versatile network protection solution better suited to defend small and midsize company and larger networks and, at the same time, lower the total deployment and maintenance expenses previously required for this high degree of security.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls leverage engineering developed for the Cisco PIX 500 Security Appliance, Cisco's IPS 4200 family sensor, and Cisco's VPN 3000 family concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to deliver a platform that stops a broad range of threats. Cisco ASA Firewalls deliver program protection, local containment, and clean VPN connectivity across Cisco's product line. This breadth of security allows defense of any network segment, including the most common threat conduits like remote sites, LAN-connected internal users, and off-site access Virtual Private Networks.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide robust application security through intelligent, application-aware inspection engines that analyze traffic at Layers 4-7. This produces a better protected environment including web, voice, and mobile wireless connectivity. To protect networks from application-layer assaults and to offer businesses more control over the programs and protocols utilized in their networks, Cisco's inspection engines integrate extensive application and protocol knowledge and employ security enforcement solutions such as protocol anomaly sensing and application and protocol state tracking. Also included are attack detection and remediation techniques including application/protocol command filters and content verification. Cisco Adaptive Security Appliances firewall inspection engines also provide management of IM and peer-to-peer file sharing, allowing organizations to police usage policies and preserve network bandwidth for crucial business applications.
At the same time as improving network security, Cisco Adaptive Security Appliances firewalls also lower installation and support costs. By providing broad Virtual Private Network and protection services, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as the single device for many environments, allowing platform standardization. The Cisco ASA 5500 Series firewall can be used as a consolidated threat-prevention appliance at the datacenter by taking advantage of its connectivity control, application inspection, and malware remediation technologies. The Cisco Adaptive Security Appliances (ASA) firewall can also be used as a specialized remote access device using its Virtual Private Network capabilities. As an alternative, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves equally well in the network interior for inter-office connectivity control and to guard against malicious assaults inside users may inadvertently introduce into the network. In small company and satellite office environments, the Cisco Adaptive Security Appliances (ASA) firewall serves as a total solution platform providing complete intrusion prevention and Virtual Private Network functionality while fitting within the budgets and performance demands of such deployments.
This versatile single-device, many-use approach reduces the total number of devices that must be installed and managed while providing a standard functional and administrative system throughout all installations. This architecture streamlines the education of setup, monitoring, support, and protection personnel. To further minimize operations costs, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also exceptionally network conscious, allowing these devices to insert gracefully into the environment without interfering with legitimate traffic and processes.
How Progent Can Help You with Cisco PIX and ASA Security Appliances
Cisco ASA Series firewalls and PIX security appliances provide an array of setup, monitoring, and troubleshooting features which offer you the flexibility to deploy these firewalls to match your company's needs. Progent's CCIE certified network consultants can help you to maintain your current infrastructure that includes Cisco ASA or PIX firewall technology and that provides security, resilience, performance, and manageability. Progent's firewall experts can also assist you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-certified information security consultants can help your business to create a security policy appropriate for your business and can configure your PIX or ASA firewall to enforce your security policies. Progent's security assessment engineers can assess the strength of your existing firewall solution and help determine the overall security of your whole IS environment. Progentís Technical Response Center can deliver emergency remote troubleshooting for Cisco technology and can give you quick access to a Cisco CCIE expert.
To find out more information concerning Progent's engineering assistance for Cisco solutions, pick a subject:
In order to ask Progent about engineering help for Cisco products, phone 1-800-993-9400 or visit Contact Progent.