Cisco's PIX firewalls and ASA Series adaptive security appliances combine next-generation firewall, intrusion defense, and Virtual Private Network (VPN) features in an affordable, single-box format. Both product families have been superseded by Cisco's ASA 5500-X series of security appliances with Firepower Services. (See configuration and debugging support for ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and earlier-generation ASA 5500 Series adaptive security appliances are widely deployed and continue to deliver small and mid-size organizations a viable security environment.
Cisco PIC and the original ASA 5500 firewalls deliver robust client and application policy enforcement, mutlivector attack protection, and secure connectivity services. The enhanced knowledge sharing of integrated protection features in a single platform provides customers deploying these aggregated firewalls the advantages of advanced security, lower cost of ownership, and smaller management expense.
PIX firewalls and Cisco's ASA 5500 family combine with IOS Firewall, the FWSM for Cisco Catalyst 6500 family switches, and 7600 Series routers as components of Cisco's versatile, integrated firewall line. Engineered with a scalable, modular approach, every device is designed with a particular feature set to provide better protection to a variety of network situations. These solutions can be individually installed to secure specific facets of a connectivity environment, or can be grouped for a systematic, defense-in-depth strategy following the architecture best practices described in Cisco's SAFE Blueprint. Rounding out the modular firewall product line, Cisco provides a comprehensive security management portfolio, ranging from Cisco security device and IOS Software security components and embedded device managers, to self-contained management utilities, helping to ensure that businesses can productively manage their Cisco security infrastructure investments.
PIX Security Appliance Series
PIX Security Appliance Series offer reliable user and application policy enforcement, multi-source invasion protection, and safe networking features in economical, out-of-the-box modules. These specialized appliances offer a wealth of built-in protection and connectivity services such as process-aware firewall services, VoIP and multimedia protection, reliable multi-location and remote-access IP Security (IPsec) Virtual Private Network connectivity, fault tolerance, smart networking features, and flexible administration options. The PIX Security Appliance Series family ranges from small plug-and-go appliances for small or at home offices to stackable high-bandwidth products with ROI for large business and ISP environments, PIX firewall appliances deliver high levels of protection, speed, and availability for environments of all sizes.
Based upon a hardened, specialized OS that offers rich security services, Cisco PIX firewall appliances provide excellent protection and have received EAL 4 status and ICSA Labs Firewall and IPsec qualification. PIX security appliances offer protection for a broad array of VoIP and other mixed-media conventions such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and MGCP, enabling businesses to safeguard deployments of a broad range of contemporary and upcoming Voice over IP and mixed-media applications.
PIX firewalls offer a wealth of setup, tracking, and analysis features, providing IT managers the versatility to use the methods that best match their needs. Management options include common, policy-based administration utilities, integrated web-based management, and support for remote-tracking protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM interface offers a world-class web-accessible management solution that significantly simplifies the deployment, in-place configuration, and tracking of a specific PIX firewall appliance without the need of any extra utility beyond an ordinary web browser and Java applet to be installed on an administrator's PC.
Administrators can also remotely set up, track, and troubleshoot PIX security appliances via a command-line interface (CLI). Secure command-line interface communication is available through several methods including Secure Shell (SSHv2) Protocol, Telnet over IP Security, and out-of-band via a console port. PIX security appliances also have dependable automatic-update capabilities, a collection advanced secure remote-administration options that ensure security settings and software images are kept current.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco ASA 5500 Series Firewalls are purpose-built devices that bring together market-proven, industry-leading security and Virtual Private Network services plus an adaptive design. The result is a robust, versatile network security solution better able to protect small and midsize business (SMB) and larger networks and, at the same time, reduce the total deployment and maintenance costs previously associated with this enhanced level of security.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on technology behind the PIX 500 family firewall, the IPS 4200 family sensor, and the VPN 3000 Series concentrator. These technologies converge on the Cisco ASA Firewall product line to offer a platform that stops a broad range of attacks. Cisco ASA 5500 Series Firewalls provide program protection, network containment, and safe Virtual Private Network connectivity throughout Cisco's product portfolio. This broad scope of security allows the guarding of any network segment, including the most common attack conduits like remote locations, locally-connected inside users, and off-site connected Virtual Private Networks.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide robust application security via intelligent, application-sensitive inspection processes that examine traffic at Layers 4-7. The result is a safer environment covering web, voice, and mobile wireless access. To defend networks from application-layer attacks and to give organizations greater control over the programs and protocols utilized in their networks, these inspection engines integrate extensive application and protocol knowledge and rely on protection enforcement technologies such as anomaly detection and state tracking. Also incorporated are attack detection and remediation techniques including application/protocol command filtering and content verification. Cisco ASA 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, allowing businesses to enforce usage policies and conserve bandwidth for critical business processes.
While increasing security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also decrease deployment and operational expenses. By offering extensive Virtual Private Network and protection services, the Cisco Adaptive Security Appliances (ASA) firewall can be used as the the only platform for many environments, enabling product standardization. The Cisco ASA 5500 Series firewall can be used as a converged attack-protection device at the datacenter by leveraging its access control, application inspection, and malicious assault remediation technologies. The Cisco ASA 5500 Series firewall can also be used as a dedicated remote access device using its Virtual Private Network features. Alternatively, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall performs capably inside the network for inter-office access control and to defend against malicious assaults internal workers might unwittingly release into the network. For small company and branch office networks, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall acts as a total solution device offering complete threat defense and Virtual Private Network services while fitting within the cost structure and performance models of such situations.
This adaptive one-platform, multiple-use design reduces the total number of devices that must be deployed and managed while offering a common operating and management environment throughout all those installations. This architecture simplifies the education of setup, monitoring, support, and security personnel. To further minimize maintenance costs, Cisco Adaptive Security Appliances (ASA) firewalls are also highly network conscious, enabling these devices to integrate gracefully into the network without disrupting legitimate traffic and applications.
How Progent's Cisco Certified Experts Can Help You with Cisco PIX and ASA Security Appliances
Cisco ASA 5500 Series firewalls and PIX firewalls incorporate a wealth of setup, monitoring, and analysis options that offer you the flexibility to configure these security appliances to align optimally with your business requirements. Progent's CCIE authorized network professionals can show you how to support your current network infrastructure that includes Cisco ASA or PIX firewall technology and that provides security, resilience, throughput, and recoverability. Progent can also assist you to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-premier IS security experts can help you to create a security policy that makes sense for your business and can set up your PIX or ASA firewall to enforce your security policies. Progent's security assessment engineers can evaluate the effectiveness of your existing firewall deployment and audit the security of your whole IS network. Progentís Help Desk support team can provide emergency remote technical support for Cisco technology and can give you fast access to a Cisco CCIE network engineer.
To learn more details about Progent's engineering expertise for Cisco products, pick a subject:
If you wish to ask Progent about professional expertise for Cisco products, call 1-800-993-9400 or go to Contact Progent.