Cisco PIX security appliances and ASA 5500 Series adaptive security appliances integrate next-generation firewall, intrusion defense, and Virtual Private Network features in an economical, one-box package. Both product families have been superseded by the ASA 5500-X series of security appliances with Firepower. (See integration and troubleshooting help with ASA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and earlier-generation ASA 5500 model adaptive security appliances are extensively used and continue to offer small and mid-size organizations a reliable firewall environment.
Cisco PIC and the original ASA 5500 firewalls offer powerful client and application policy support, mutlivector assault defense, and secure connectivity services. The enhanced intelligence sharing of consolidated protection services in a single package provides customers implementing these aggregated firewalls the benefits of enhanced protection, reduced TCO, and smaller management expense.
PIX security appliances and the ASA 5500 product line join Cisco IOS Firewall, the FWSM for Catalyst 6500 Series switches, and Cisco 7600 routers as components of Cisco's versatile, integrated firewall line. Based on a scalable, building-block approach, each offering is equipped with a specific array of options to deliver more efficient security to a variety of network situations. These solutions can be individually installed to secure certain facets of the network infrastructure, or can be combined for a layered, defense-in-depth approach based on the architecture leading practices described in the Cisco SAFE framework. Rounding out the integrated firewall solutions, Cisco has developed a complete security management product portfolio, spanning Cisco security device and IOS Software security features and embedded appliance controllers, to self-contained management programs, moving to make sure that customers can productively use their Cisco security solution investments.
PIX firewalls deliver reliable user and application policy enforcement, multi-source attack defense, and secure networking features in cost-effective, simple-to-configure solutions. These specialized appliances provide a wealth of integrated security and connectivity services including process-aware firewall features, Voice over IP and multimedia security, robust multi-location and remote-access IP Security (IPsec) VPN networking, excellent resiliency, intelligent networking features, and flexible management options. The PIX firewall Appliance family ranges from compact plug-and-go appliances for small and home offices to stackable gigabit appliances with ROI for enterprise and service-provider customers, Cisco PIX Security Appliance Series provide high levels of security, performance, and reliability for network environments of all sizes.
Based upon a tested, specialized operating system that offers rich security services, Cisco PIX firewall appliances provide excellent protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security (IPsec) certification. PIX security appliances provide security for a wide range of Voice over IP and other mixed-media standards including H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol, helping businesses to protect deployments of a wide array of current and next-generation Voice over IP and multimedia applications.
PIX firewalls offer a variety of setup, tracking, and troubleshooting options, providing businesses the flexibility to use the techniques that best meet their needs. Management options include common, policy-based administration utilities, integrated web-based administration, and support for remote-monitoring protocols like SNMP and syslog. The integrated ASDM system offers a powerful web-accessible control platform that greatly streamlines the deployment, in-place configuration, and monitoring of a specific PIX security appliance without the need of any additional software beyond a standard browser and Java plug-in to be running on a manager's computer.
IT managers can furthermore remotely set up, monitor, and troubleshoot PIX firewalls using a command-line interface (CLI). Secure CLI interface communication is available through several methods such as SSHv2 Protocol, Telnet through IPsec, and out-of-band via a console port. Cisco PIX firewall appliances also have robust automatic-update capabilities, a set advanced protected remote-administration options that make sure that firewall configurations and software images are kept current.
Cisco ASA Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are purpose-built devices that bring together advanced, best-of-breed protection and Virtual Private Network services with a flexible architecture. The end product is a robust, versatile network security solution better suited to protect small and midsize company and larger networks and, at the same time, lower the total deployment and operations expenses formerly associated with this enhanced degree of protection.
Cisco ASA Firewalls build on engineering developed for the PIX 500 Security Appliance, the Cisco IPS 4200 sensor, and the Cisco VPN 3000 Series concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to deliver a platform that defends against a broad range of threats. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver application security, local containment, and safe VPN functionality throughout the entire product portfolio. This broad scope of protection allows the guarding of any network section, including the most typical threat vectors such as remote locations, LAN-attached internal users, and off-site connected Virtual Private Networks.
Cisco Adaptive Security Appliances (ASA) firewalls deliver robust application security through intelligent, application-sensitive inspection processes that examine network flows at Layers 4-7. The result is a better protected network covering web, voice, and mobile wireless services. To defend environments against application-layer attacks and to give organizations greater policing of the programs and protocols used in their environments, these inspection engines integrate extensive application and protocol knowledgebases and employ security enforcement solutions that include anomaly sensing and application and protocol state tracking. Also incorporated are attack sensing and remediation technology such as application and protocol command filtering and content verification. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver management of IM and tunneling applications, enabling businesses to enforce usage policies and preserve network bandwidth for vital business applications.
While increasing security, Cisco ASA 5500 Series firewalls also lower installation and operational expenses. By offering broad Virtual Private Network and security services, the Cisco Adaptive Security Appliances (ASA) firewall can be a the only platform for many uses, allowing product standardization. The Cisco ASA firewall can be deployed as a consolidated attack-prevention appliance at the datacenter by leveraging its access control, process inspection, and malicious assault mitigation technologies. The Cisco ASA 5500 Series firewall can also be used as a dedicated remote connectivity device utilizing its VPN features. As another option, the Cisco Adaptive Security Appliances (ASA) firewall serves capably in the network interior for interdepartmental access management and to defend against malware inside users might inadvertently introduce into the network. In small business and branch office networks, the Cisco Adaptive Security Appliances 5500 Series firewall serves as an all-in-one device offering complete intrusion defense and VPN services while suiting the cost structure and operational models of such deployments.
This adaptive single-platform, multiple-use approach reduces the number of appliances that must be deployed and managed while offering a standard operating and management environment throughout all those installations. This approach simplifies the training of setup, tracking, support, and security personnel. To further reduce maintenance expenses, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also exceptionally network aware, enabling them to integrate seamlessly into the network without disrupting legitimate data flow and processes.
How Progent's Consultants Can Help You with Cisco PIX and ASA Security Appliances
Cisco ASA Series firewalls and PIX family security appliances provide an array of configuration, tracking, and troubleshooting features that give you the ability to set up these security appliances to align optimally with your company's requirements. Progent's CCIE certified network consultants can show you how to support your existing infrastructure that includes Cisco ASA or PIX firewall technology and that offers protection, resilience, performance, and manageability. Progent's firewall experts can also help your organization to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-certified information security engineers can assist your business to create a security policy that makes sense for your business and can set up your PIX or ASA firewall to enforce your security strategy. Progent's security evaluation experts can assess the effectiveness of your existing firewall solution and audit the security of your entire IT network. Progentís Technical Response Center can deliver emergency online troubleshooting for Cisco products and offer quick access to a Cisco CCIE network engineer.
To learn additional information concerning Progent's professional support for Cisco technology, choose a subject:
To get in touch with Progent about technical expertise for Cisco technology, phone 1-800-993-9400 or see Contact Progent.