Cisco PIX firewalls and ASA 5500 Series adaptive security appliances combine comprehensive firewall, intrusion defense, and Virtual Private Network (VPN) features in an affordable, single-cabinet format. Both of these product lines have been superseded by Cisco's ASA 5500-X line of firewalls with Firepower. (See integration and debugging help with Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and earlier-generation Cisco ASA 5500 model firewalls are extensively used and continue to deliver small and mid-size organizations a viable firewall environment.
Cisco PIC and legacy ASA 5500 firewalls deliver robust client and application policy enforcement, mutlivector attack protection, and safe access features. The enhanced knowledge sharing of consolidated protection services in a stand-alone package provides users deploying these aggregated firewalls the advantages of enhanced protection, lower cost of ownership, and smaller maintenance costs.
PIX security appliances and the ASA 5500 Series join Cisco IOS Firewall, the FWSM for Catalyst 6500 family switches, and 7600 family routers as components of Cisco's flexible, integrated firewall solutions. Engineered with an expandable, modular approach, each device is designed with a specific array of options to provide better security to different networking environments. These products can be independently deployed to protect specific facets of the connectivity infrastructure, or can be grouped for a layered, defense-in-depth approach following the architecture leading practices outlined in the Cisco SAFE framework. Completing the modular firewall solutions, Cisco provides a comprehensive security management offering, ranging from Cisco security appliance and Cisco IOS security features and built-in device managers, to standalone management applications, helping to ensure that customers can productively use their Cisco security solution purchases.
Cisco PIX firewalls deliver reliable user and application policy support, multivector invasion defense, and secure networking services in cost-effective, easy-to-deploy modules. These purpose-built devices offer a wealth of built-in security and connectivity services including process-aware firewall services, Voice over IP and multimedia security, reliable multi-site and remote-access IP Security (IPsec) Virtual Private Network (VPN) connectivity, excellent resiliency, smart networking services, and versatile management solutions. The Cisco PIX Security Appliance Series product line ranges from compact plug-and-go devices for small offices or at home offices to stackable gigabit appliances with investment protection for large business and ISP customers, PIX firewalls provide dependable security, speed, and availability for network environments of all sizes.
Based upon a tested, purpose-built OS that delivers rich security features, PIX firewalls provide a high level of protection and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security (IPsec) certification. Cisco PIX security appliances provide security for a wide array of VoIP and additional mixed-media standards including H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol (MGCP), helping organizations to safeguard installations of a wide range of contemporary and upcoming VoIP and mixed-media applications.
Cisco PIX firewall appliances offer a variety of setup, monitoring, and analysis features, giving IT managers the versatility to use the methods that best match their needs. Administrative options include common, policy-based management utilities, integrated web-based management, and compatibility with remote-tracking protocols such as SNMP and syslog. The integrated ASDM system provides a powerful web-accessible control platform that significantly simplifies the installation, ongoing configuration, and tracking of a single PIX security appliance without requiring any additional software other than an ordinary browser and Java applet to be installed on a manager's PC.
Administrators can furthermore remotely set up, monitor, and troubleshoot Cisco PIX security appliances using a CLI interface. Secure command-line interface (CLI) access is possible using a number of techniques including Secure Shell Protocol, Telnet through IP Security, and out-of-band through a console port. PIX firewalls also include robust auto-update features, a set of protected remote-administration options that make sure that security configurations and software images are kept up to date.
Cisco ASA 5500 Series Firewalls
Cisco ASA Firewalls are purpose-built devices that bring together market-proven, best-of-breed protection and Virtual Private Network support plus an adaptive architecture. The result is a powerful, multifunction network security appliance better able to protect small and midsize company and larger networks and, simultaneously, lower the total deployment and operations costs previously required for this enhanced degree of security.
Cisco Adaptive Security Appliances 5500 Series Firewalls build on engineering developed for Cisco's PIX 500 Security Appliance, the IPS 4200 Series sensor, and the Cisco VPN 3000 Series concentrator. These technologies converge on the Cisco Adaptive Security Appliances Firewall family to deliver a firewall that stops a wide range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver program security, network containment and control, and clean Virtual Private Network functionality across the entire product line. This breadth of security enables the guarding of any network section, which includes the most typical threat vectors like remote locations, LAN-attached internal users, and off-site connected Virtual Private Networks.
Cisco ASA 5500 Series firewalls deliver strong application protection through smart, application-aware inspection engines that examine traffic at Layers 4-7. This results in a safer network covering web, voice, and mobile wireless services. To defend networks from application-layer attacks and to give organizations greater control over the programs and protocols used in their environments, these inspection engines integrate extensive application and protocol knowledgebases and employ security enforcement solutions that include protocol anomaly sensing and application and protocol state monitoring. Also included are assault sensing and mitigation techniques such as application/protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide control over IM and peer-to-peer file sharing, enabling organizations to enforce usage policies and recover network bandwidth for important business applications.
At the same time as improving network protection, Cisco Adaptive Security Appliances 5500 Series firewalls also lower installation and operational costs. By providing broad Virtual Private Network and security services, the Cisco Adaptive Security Appliances (ASA) firewall can be a the only platform for many environments, enabling product commonality. The Cisco ASA 5500 Series firewall can be used as a converged threat-protection device at a central location by taking advantage of its access control, process inspection, and malware mitigation capabilities. The Cisco Adaptive Security Appliances 5500 Series firewall can also be used as a dedicated remote connectivity device using its VPN features. As an alternative, the Cisco Adaptive Security Appliances 5500 Series firewall operates equally well inside the network for inter-office access management and to guard against worms, viruses, and other malicious code inside users may unknowingly introduce into the network. For small company and branch office networks, the Cisco Adaptive Security Appliances firewall serves as an all-in-one platform offering comprehensive threat defense and VPN services while suiting the cost structure and operational demands of these situations.
This adaptive one-device, many-solution approach minimizes the number of devices that need to be installed and managed while offering a standard functional and administrative system across all those deployments. This approach simplifies the education of setup, monitoring, troubleshooting, and security staff. To further minimize maintenance costs, Cisco Adaptive Security Appliances firewalls are also exceptionally network aware, enabling these devices to integrate seamlessly into the environment without disrupting legitimate traffic and applications.
How Progent Can Assist You with Cisco Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX family security appliances incorporate an array of configuration, monitoring, and analysis options which offer you the flexibility to configure these firewalls to match your business needs. Progent's CCIE authorized network professionals can help you to maintain your current network infrastructure that incorporates Cisco ASA or PIX security appliances and that offers protection, resilience, throughput, and manageability. Progent can also help you to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-certified information security professionals can assist you to develop a security strategy appropriate for your situation and can set up your PIX or ASA firewall to support your security policies. Progent's risk assessment consultants can evaluate the strength of your existing firewall deployment and validate the overall security of your entire information system environment. Progentís Help Desk Call Center can deliver urgent online technical support for Cisco products and offer quick access to a Cisco expert.
To learn more information concerning Progent's professional support for Cisco solutions, select a subject:
In order to ask Progent about technical help for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.