Cisco's PIX firewalls and ASA 5500 Series adaptive security appliances combine next-generation firewall, intrusion defense, and VPN features in an affordable, single-cabinet format. Both of these product families have been superseded by Cisco's ASA 5500-X family of firewalls with Firepower Services. (See integration and troubleshooting expertise for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and previous-generation ASA 5500 model adaptive security appliances are extensively used and continue to deliver small and mid-size companies a reliable firewall solution.
Cisco PIC and the original ASA 5500 firewalls deliver robust client and program policy support, mutlivector attack defense, and secure access services. The enhanced knowledge sharing of integrated protection services in a single package offers customers deploying these integrated firewalls the advantages of enhanced security, reduced cost of ownership, and smaller maintenance costs.
PIX firewalls and the ASA 5500 Series combine with Cisco IOS Firewall, the Firewall Services Module (FWSM) for Cisco Catalyst 6500 switches, and 7600 Series routers as parts of Cisco's flexible, self-contained firewall product. Based on an expandable, building-block platform, each device is equipped with a specific array of options to provide better protection to a variety of network situations. These products can be independently deployed to protect certain areas of the network environment, or can be grouped for a layered, protection-in-depth approach based on the architecture leading practices described in the Cisco SAFE framework. Completing the modular firewall solutions, Cisco has developed a comprehensive security management portfolio, ranging from Cisco security appliance and IOS security features and built-in device controllers, to self-contained management applications, moving to make sure that customers can productively use their Cisco protection infrastructure purchases.
Cisco PIX Security Appliance Series
Cisco PIX firewall appliances deliver reliable user and application policy support, multi-source invasion protection, and safe connectivity services in affordable, easy-to-deploy modules. These purpose-built devices offer a broad range of built-in protection and networking services such as process-aware firewall features, Voice over IP (VoIP) and multimedia protection, robust multi-site and remote-access IP Security (IPsec) VPN connectivity, fault tolerance, intelligent networking services, and versatile management solutions. The Cisco PIX firewall product line ranges from compact plug-and-go desktop units for small or at home offices to stackable high-bandwidth appliances with ROI for large business and ISP customers, PIX firewalls deliver high levels of security, performance, and reliability for networks of any size.
Built upon a tested, purpose-built OS that delivers a wealth of protection services, PIX security appliances provide excellent security and have earned EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. PIX security appliances provide protection for a broad array of Voice over IP and additional mixed-media standards such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), RTSP, and MGCP, enabling businesses to safeguard deployments of a wide array of current and next-generation IP voice and mixed-media applications.
PIX security appliances feature a wealth of setup, tracking, and troubleshooting options, giving IT managers the flexibility to utilize the techniques that best meet their requirements. Administrative options include common, policy-based administration tools, integrated web-based management, and support for remote-monitoring standards like SNMP and syslog. The integrated Adaptive Security Device Manager interface provides a powerful web-based management platform that greatly simplifies the deployment, in-place configuration, and tracking of a specific PIX firewall without the need of any extra software other than a standard browser and Java plug-in to be running on an administrator's computer.
IT managers can also remotely configure, monitor, and troubleshoot Cisco PIX security appliances using a command-line interface. Safe CLI interface access is available through a number of techniques such as SSHv2 Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewall appliances also have robust automatic-update features, a set advanced protected remote-administration services that make sure that security settings and software images are kept current.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco ASA Firewalls are specially engineered devices that incorporate advanced, best-of-breed security and VPN support with an adaptive design. The result is a powerful, multifunction network security appliance better suited to protect small and medium business (SMB) and larger networks and, simultaneously, reduce the total deployment and maintenance expenses previously associated with this enhanced level of security.
Cisco Adaptive Security Appliances 5500 Series Firewalls build on engineering developed for Cisco's PIX 500 Security Appliance, the IPS 4200 sensor, and the VPN 3000 model concentrator. These solutions converge on the Cisco ASA Firewall product line to deliver a firewall that defends against a broad range of threats. Cisco ASA Firewalls deliver application security, network containment, and clean VPN functionality throughout Cisco's product line. This breadth of security allows defense of any network section, including the most common threat vectors such as remote sites, LAN-attached inside users, and remote connected VPNs.
Cisco Adaptive Security Appliances 5500 Series firewalls deliver strong application protection through smart, application-sensitive inspection engines that analyze traffic at Layers 4-7. The result is a safer network including web, voice, and mobile wireless access. To protect networks from application-layer attacks and to offer businesses more policing of the applications and protocols utilized in their environments, Cisco's inspection engines incorporate extensive application and protocol knowledgebases and rely on security enforcement solutions that include protocol anomaly sensing and state tracking. Also included are assault detection and remediation techniques such as application and protocol command filters and URL deobfuscation. Cisco ASA firewall inspection engines also deliver management of instant messaging and peer-to-peer file sharing, allowing businesses to police usage policies and preserve network bandwidth for important business processes.
While increasing network protection, Cisco Adaptive Security Appliances 5500 Series firewalls also lower deployment and support expenses. By offering extensive VPN and security functions, the Cisco Adaptive Security Appliances firewall can be a single device for many uses, enabling platform commonality. The Cisco Adaptive Security Appliances (ASA) firewall can be deployed as a converged threat-protection appliance at the datacenter by taking advantage of its access control, application inspection, and malicious assault remediation technologies. The Cisco ASA firewall can also be deployed as a dedicated remote access solution utilizing its VPN features. Alternatively, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall operates equally well in the network interior for interdepartmental connectivity management and to guard against worms, viruses, and other malicious code internal users might unwittingly introduce into the environment. For small business and branch office environments, the Cisco Adaptive Security Appliances 5500 Series firewall acts as an all-in-one device providing complete intrusion defense and Virtual Private Network services while suiting the cost structure and operational models of such deployments.
This adaptive single-device, many-use design reduces the total number of appliances that must be deployed and managed while offering a standard operating and administrative system throughout all deployments. This architecture streamlines the education of setup, monitoring, support, and security staff. To further minimize maintenance expenses, Cisco Adaptive Security Appliances firewalls are also exceptionally network aware, enabling these devices to insert gracefully into the network without interfering with legitimate data flow and applications.
How Progent's Cisco Certified Experts Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco ASA 5500 Series adaptive security appliances and PIX family security appliances provide a wealth of configuration, tracking, and analysis features which give you the ability to set up these security appliances to align optimally with your business needs. Progent's CCIE certified network consultants can assist you to support your existing network infrastructure that includes Cisco ASA and/or PIX firewall technology and that provides security, fault tolerance, throughput, and manageability. Progent can also assist you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-premier IS security experts can help you to create a security policy that makes sense for your business and can set up your security appliance to support your security strategy. Progent's security evaluation professionals can assess the effectiveness of your existing firewall deployment and help determine the security of your whole information system network. Progentís Technical Response Center can deliver urgent online technical support for Cisco products and offer fast access to a Cisco expert.
To learn additional details about Progent's engineering help for Cisco networking products, pick a topic:
If you wish to get in touch with Progent about professional assistance for Cisco products, phone 1-800-993-9400 or see Contact Progent.