Cisco's PIX security appliances and Cisco ASA 5500 Series firewalls combine comprehensive firewall, intrusion protection, and Virtual Private Network functionality in an affordable, one-cabinet format. Both of these product families have been superseded by the ASA 5500-X family of firewalls with Firepower. (Refer to integration and debugging support for Cisco AA 5500-X firewalls with Firepower Services.) Still, both PIX and previous-generation Cisco ASA 5500 Series firewalls are widely deployed and continue to offer small and mid-size companies a reliable security environment.
PIX and legacy ASA 5500 firewalls deliver powerful client and application policy support, mutlivector assault protection, and safe connectivity features. The increased knowledge sharing of integrated security services in a stand-alone package offers users deploying these aggregated solutions the advantages of enhanced security, reduced cost of ownership, and smaller management expense.
PIX security appliances and Cisco's ASA 5500 family combine with IOS Firewall, the FWSM for Cisco Catalyst 6500 switches, and Cisco 7600 Series routers as parts of Cisco's versatile, integrated firewall product. Engineered with an expandable, building-block approach, every device is equipped with a specific array of options to provide more efficient security to different networking situations. These products can be individually installed to protect specific facets of the network infrastructure, or can be combined for a layered, defense-in-depth approach following the architecture best practices described in the Cisco SAFE framework. Rounding out the modular firewall product line, Cisco has developed a complete security management portfolio, spanning Cisco security appliance and IOS security features and built-in appliance controllers, to standalone management applications, moving to ensure that customers can effectively use their Cisco security solution investments.
Cisco PIX Firewall Appliances
Cisco PIX Security Appliance Series deliver robust policy enforcement, multivector invasion protection, and secure networking services in affordable, out-of-the-box modules. These specialized appliances offer a broad range of built-in security and networking services including application-aware firewall features, Voice over IP and multimedia protection, reliable multi-location and remote-connectivity IP Security (IPsec) VPN networking, fault tolerance, smart networking features, and flexible administration options. The Cisco PIX firewall family ranges from small plug-and-go desktop units for small offices and at home offices to modular high-bandwidth products with ROI for large business and service-provider environments, Cisco PIX firewalls deliver dependable security, speed, and reliability for network environments of all sizes.
Based upon a hardened, purpose-built software platform that delivers a wealth of security services, Cisco PIX security appliances offer excellent protection and have received EAL 4 status and ICSA Firewall and IPsec qualification. Cisco PIX firewall appliances offer security for a wide array of Voice over IP and additional mixed-media conventions such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol, RTSP, and MGCP, helping businesses to safeguard deployments of a wide array of current and upcoming Voice over IP and video applications.
PIX firewalls offer a wealth of setup, monitoring, and analysis features, providing businesses the versatility to use the techniques that best meet their requirements. Administrative options include common, policy-based administration utilities, integrated web-based management, and support for remote-tracking standards such as Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system offers a world-class web-accessible management platform that greatly simplifies the deployment, in-place configuration, and tracking of a specific PIX firewall without the need of any additional utility beyond an ordinary browser and Java applet to be running on a manager's computer.
Administrators can furthermore remotely set up, track, and troubleshoot Cisco PIX firewall appliances via a command-line interface. Safe command-line interface communication is possible using several methods including Secure Shell Protocol, Telnet over IPsec, and out-of-band via a console port. PIX firewall appliances also have robust automatic-update capabilities, a collection advanced secure remote-management options that ensure security configurations and software images are kept current.
Cisco ASA Firewalls
Cisco Adaptive Security Appliances Firewalls are specially engineered devices that bring together market-proven, best-of-breed security and Virtual Private Network support plus an adaptive architecture. The end product is a powerful, multifunction network protection solution better able to protect small and medium company and enterprise networks and, simultaneously, reduce the total installation and maintenance expenses formerly required for this high degree of protection.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide robust application protection via intelligent, application-aware inspection processes that analyze network flows at Layers 4-7. The result is a safer environment covering web, voice, and mobile wireless services. To protect networks from application-layer assaults and to offer organizations more policing of the programs and protocols utilized in their environments, these inspection engines integrate extensive application and protocol knowledgebases and rely on security enforcement solutions such as protocol anomaly sensing and application and protocol state monitoring. Also included are assault sensing and remediation techniques such as application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also provide management of IM and peer-to-peer file sharing, enabling businesses to enforce usage policies and preserve bandwidth for important business applications.
While increasing network security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also decrease installation and support costs. By offering broad VPN and security functions, the Cisco Adaptive Security Appliances (ASA) firewall can be a single device for a multitude of uses, allowing platform commonality. The Cisco ASA 5500 Series firewall can be used as a consolidated threat-protection appliance at a central location by taking advantage of its connectivity control, application inspection, and malicious assault remediation technologies. The Cisco ASA firewall can also be used as a specialized remote access device using its VPN capabilities. As an alternative, the Cisco Adaptive Security Appliances 5500 Series firewall performs equally well in the network interior for inter-office access management and to defend against worms, viruses, and other malicious code internal users might inadvertently introduce into the network. For small business and satellite office environments, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves as a total solution platform offering complete intrusion defense and VPN services while suiting the budgets and operational models of these deployments.
This versatile single-platform, many-use design reduces the number of devices that must be deployed and managed while providing a standard functional and administrative environment throughout all installations. This approach simplifies the education of setup, tracking, troubleshooting, and security personnel. To further reduce maintenance expenses, Cisco Adaptive Security Appliances (ASA) firewalls are also exceptionally network conscious, allowing them to insert seamlessly into the environment without disrupting legitimate traffic and processes.
How Progent's Consultants Can Help Your Business with Cisco PIX and ASA Firewalls
Cisco's ASA Series adaptive security appliances and PIX firewalls provide an array of setup, tracking, and analysis options which offer you the flexibility to set up these firewalls to match your business needs. Progent's CCIE certified network professionals can assist you to support your existing network infrastructure that incorporates Cisco ASA or PIX firewalls and that offers protection, resilience, performance, and manageability. Progent's firewall experts can also help you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-certified IS security engineers can assist you to develop a security strategy appropriate for your situation and can set up your PIX or ASA firewall to enforce your security strategy. Progent's risk evaluation engineers can assess the effectiveness of your current firewall solution and validate the overall security of your entire information system network. Progent's Technical Response Center can provide urgent remote troubleshooting for Cisco technology and can give you fast access to a Cisco CCIE expert.
For more information concerning Progent's consulting help for Cisco technology, select a subject: