Cisco PIX family firewalls and Cisco ASA 5500 Series adaptive security appliances combine next-generation firewall, intrusion defense, and Virtual Private Network functionality in an economical, single-cabinet package. Both product families have been superseded by Cisco's ASA 5500-X family of security appliances with Firepower. (See integration and troubleshooting support for ASA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and previous-generation Cisco ASA 5500 model firewalls are widely deployed and continue to deliver small and mid-size companies a reliable security environment.
PIX and legacy ASA 5500 firewalls deliver robust user and application policy enforcement, mutlivector assault protection, and safe connectivity features. The enhanced knowledge sharing of consolidated protection services in a single platform provides users deploying these integrated solutions the advantages of enhanced security, lower TCO, and smaller management expense.
Cisco PIX firewalls and the ASA 5500 product line join Cisco IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 Series switches, and Cisco 7600 family routers as components of Cisco's flexible, integrated firewall solutions. Based on a scalable, modular approach, every offering is designed with a particular array of options to provide more efficient security to different networking environments. These products can be individually deployed to secure certain areas of a network environment, or can be combined for a layered, defense-in-depth approach based on the design best practices described in the Cisco SAFE Blueprint. Completing the integrated firewall solutions, Cisco has developed a comprehensive security management product portfolio, ranging from Cisco security device and IOS security features and embedded appliance controllers, to standalone management programs, moving to make sure that customers can effectively use their Cisco security infrastructure purchases.
Cisco PIX Security Appliance Series
Cisco PIX Security Appliance Series offer robust user and application policy support, multivector invasion defense, and safe networking features in economical, out-of-the-box solutions. These purpose-built appliances provide a broad range of built-in security and networking capabilities including application-aware firewall services, VoIP and multimedia protection, robust multi-location and remote-connectivity IPcec Virtual Private Network (VPN) connectivity, high availability, intelligent networking services, and flexible management solutions. The Cisco PIX Security Appliance Series product line ranges from compact plug-and-go desktop units for small offices and at home offices to stackable high-bandwidth products with ROI for large business and service-provider customers, PIX firewall appliances provide high levels of security, speed, and reliability for network environments of any size.
Built around a tested, purpose-built software platform that delivers a wealth of security features, Cisco PIX firewalls offer excellent security and have received EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. PIX firewalls offer security for a wide range of VoIP and additional mixed-media conventions such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol, helping businesses to protect installations of a broad range of current and next-generation IP voice and multimedia applications.
PIX firewall appliances offer a variety of configuration, tracking, and troubleshooting options, providing businesses the versatility to utilize the techniques that most closely meet their requirements. Administrative options include centralized, policy-based management tools, integrated web-based management, and support for remote-monitoring standards like SNMP and syslog. The integrated Adaptive Security Device Manager interface offers a world-class web-based management solution that significantly streamlines the deployment, in-place configuration, and monitoring of a single PIX firewall appliance without requiring any additional software other than an ordinary browser and Java applet to be running on an administrator's PC.
IT managers can also remotely configure, monitor, and analyze Cisco PIX firewall appliances using a command-line interface. Secure command-line interface (CLI) communication is possible using a number of techniques including Secure Shell (SSHv2) Protocol, Telnet through IPsec, and out-of-band through a console port. Cisco PIX security appliances also have robust auto-update capabilities, a collection of protected remote-management services that make sure that firewall settings and software images are kept up to date.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls are specially engineered solutions that bring together market-proven, best-of-breed security and VPN services with an adaptive design. The result is a robust, multifunction network security solution better suited to protect small and medium business (SMB) and larger networks and, simultaneously, reduce the overall installation and maintenance costs formerly required for this high level of protection.
Cisco ASA Firewalls build on technology developed for Cisco's PIX 500 family Security Appliance, the IPS 4200 family sensor, and Cisco's VPN 3000 Series concentrator. These solutions enable the Cisco Adaptive Security Appliances Firewall product line to deliver a platform that defends against a wide range of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls deliver program security, network containment, and clean Virtual Private Network functionality across the entire product line. This breadth of security allows defense of any network segment, including the most common attack conduits such as remote sites, locally-connected internal users, and off-site access VPNs.
Cisco ASA firewalls deliver a high-level of application protection via intelligent, application-sensitive inspection engines that analyze network flows at Layers 4-7. This produces a safer network including web, voice, and mobile wireless services. To protect networks from application-layer assaults and to offer businesses greater policing of the applications and protocols used in their networks, Cisco's inspection engines incorporate broad application and protocol knowledge and employ protection enforcement technologies such as protocol anomaly sensing and state tracking. Also included are attack detection and remediation technology such as application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide management of instant messaging and tunneling applications, enabling organizations to police usage policies and recover network bandwidth for important business processes.
While increasing network security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower installation and support expenses. By offering extensive Virtual Private Network and security functions, the Cisco Adaptive Security Appliances 5500 Series firewall can be used as the the only platform for a multitude of environments, enabling product commonality. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as a converged attack-prevention device at the datacenter by leveraging its connectivity control, application inspection, and malware mitigation capabilities. The Cisco ASA 5500 Series firewall can also be deployed as a specialized remote connectivity device using its VPN capabilities. As another option, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves equally well inside the network for interdepartmental access management and to defend against malware inside workers may unwittingly release into the environment. In small company and satellite office networks, the Cisco Adaptive Security Appliances (ASA) firewall acts as a total solution device offering comprehensive threat defense and Virtual Private Network functionality while suiting the budgets and operational models of such situations.
This adaptive one-device, multiple-use design reduces the number of appliances that need to be deployed and managed while offering a standard functional and management environment across all those installations. This approach simplifies the education of configuration, tracking, troubleshooting, and protection personnel. To further reduce maintenance expenses, Cisco ASA 5500 Series firewalls are also exceptionally network aware, enabling these devices to integrate seamlessly into the environment without disrupting authorized traffic and processes.
How Progent Can Assist You with Cisco PIX and ASA Security Appliances
Cisco's ASA 5500 Series adaptive security appliances and PIX firewalls provide an array of configuration, tracking, and troubleshooting options which offer you the ability to set up these security appliances to match your company's requirements. Progent's CCIE certified network consultants can help you to support your existing network infrastructure that includes Cisco ASA or PIX security appliances and that provides protection, fault tolerance, performance, and recoverability. Progent's firewall experts can also help you to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-certified information security experts can assist your business to create a security strategy that makes sense for your environment and can configure your firewall to enforce your security policies. Progent's risk assessment engineers can evaluate the strength of your existing firewall solution and help determine the overall security of your whole IT environment. Progent’s Help Desk support team can provide emergency online troubleshooting for Cisco technology and offer quick access to a Cisco network engineer.
To see additional information concerning Progent's engineering support for Cisco technology, select a topic:
To get in touch with Progent about professional support for Cisco technology, call 1-800-993-9400 or go to Contact Progent.