Cisco PIX family firewalls and ASA 5500 Series adaptive security appliances integrate next-generation firewall, intrusion protection, and Virtual Private Network features in a cost-effective, single-box package. Both of these product lines have been replaced by the ASA 5500-X family of firewalls with Firepower Services. (Refer to integration and debugging expertise for Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and earlier-generation Cisco ASA 5500 model firewalls are extensively deployed and continue to deliver small and mid-size organizations a reliable security environment.
Cisco PIC and legacy ASA 5500 firewalls offer powerful user and application policy enforcement, mutlivector assault defense, and safe access services. The enhanced intelligence sharing of integrated security services in a stand-alone platform offers customers deploying these aggregated firewalls the benefits of enhanced protection, lower TCO, and minimal management costs.
Cisco PIX security appliances and Cisco's ASA 5500 Series combine with IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 family switches, and 7600 routers as parts of Cisco's flexible, integrated firewall product. Engineered with an expandable, building-block platform, every device is designed with a specific feature set to provide better protection to a variety of network situations. These products can be individually installed to secure specific facets of the connectivity infrastructure, or can be combined for a systematic, protection-in-depth strategy following the architecture leading practices described in the Cisco SAFE framework. Completing the modular firewall solutions, Cisco has developed a complete security management product portfolio, ranging from Cisco security appliance and IOS Software security components and embedded appliance controllers, to standalone management applications, moving to ensure that customers can productively manage their Cisco security solution investments.
Cisco PIX Security Appliance Series
PIX firewall appliances offer reliable user and application policy enforcement, multi-source attack defense, and safe connectivity services in cost-effective, easy-to-deploy modules. These specialized devices offer a wealth of built-in security and networking capabilities such as application-aware firewall features, Voice over IP (VoIP) and multimedia protection, robust multi-location and remote-access IP Security (IPsec) VPN connectivity, fault tolerance, smart networking services, and flexible management options. The PIX firewall Appliance family ranges from small plug-and-play desktop units for small or home offices to modular gigabit appliances with ROI for enterprise and ISP environments, PIX Security Appliance Series deliver dependable security, performance, and availability for networks of all sizes.
Based upon a tested, specialized operating system that offers rich security features, Cisco PIX firewall appliances provide excellent protection and have received EAL 4 status and ICSA Labs Firewall and IPsec certification. Cisco PIX firewall appliances offer protection for a broad array of VoIP and other mixed-media standards such as H.323 Version 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping organizations to safeguard deployments of a broad range of contemporary and next-generation Voice over IP and mixed-media applications.
Cisco PIX security appliances offer a wealth of configuration, tracking, and troubleshooting options, giving businesses the flexibility to utilize the methods that best meet their requirements. Management options include common, policy-based administration tools, integrated web-based administration, and compatibility with remote-monitoring standards like SNMP and syslog. The integrated ASDM interface offers a powerful web-accessible management solution that significantly streamlines the installation, ongoing modification, and monitoring of a single Cisco PIX security appliance without requiring any additional software beyond a standard browser and Java plug-in to be installed on an administrator's PC.
IT managers can furthermore remotely configure, monitor, and analyze PIX firewalls using a command-line interface (CLI). Secure CLI interface communication is possible using several techniques including SSHv2 Protocol, Telnet over IPsec, and out-of-band via a console port. Cisco PIX security appliances also have robust auto-update capabilities, a collection of secure remote-administration services that make sure that security configurations and software images are always up to date.
Cisco Adaptive Security Appliances (ASA) Firewalls
Cisco ASA 5500 Series Firewalls are specially engineered devices that bring together advanced, industry-leading protection and Virtual Private Network support plus an adaptive architecture. The result is a powerful, multifunction network security appliance better able to protect small and medium business (SMB) and enterprise networks and, at the same time, lower the total installation and maintenance expenses previously associated with this high degree of protection.
Cisco Adaptive Security Appliances (ASA) Firewalls build on technology behind Cisco's PIX 500 family Security Appliance, the IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These solutions converge on the Cisco Adaptive Security Appliances 5500 Series Firewall family to deliver a firewall that stops a broad range of threats. Cisco Adaptive Security Appliances 5500 Series Firewalls provide application protection, local containment, and clean Virtual Private Network functionality throughout the entire product line. This broad scope of protection allows defense of any network segment, which includes the most common attack vectors such as remote sites, locally-attached internal users, and remote connected Virtual Private Networks.
Cisco Adaptive Security Appliances firewalls deliver a high-level of application protection via smart, application-sensitive inspection engines that analyze traffic at Layers 4-7. This results in a more secure environment including web, voice, and mobile wireless services. To protect networks against application-layer attacks and to offer organizations more control over the programs and protocols used in their environments, Cisco's inspection engines integrate extensive application and protocol knowledge and employ protection enforcement technologies such as protocol anomaly sensing and state tracking. Also included are assault detection and mitigation technology such as application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide control over IM and tunneling applications, allowing organizations to enforce usage policies and preserve bandwidth for vital business applications.
While improving network security, Cisco Adaptive Security Appliances firewalls also lower deployment and support costs. By offering extensive VPN and security functions, the Cisco ASA 5500 Series firewall can be used as the single device for many environments, enabling product standardization. The Cisco Adaptive Security Appliances 5500 Series firewall can be deployed as a converged attack-protection device at the datacenter by taking advantage of its access control, process inspection, and worm, virus, and other malware mitigation capabilities. The Cisco Adaptive Security Appliances (ASA) firewall can also be used as a dedicated remote access solution using its VPN capabilities. As an alternative, the Cisco Adaptive Security Appliances 5500 Series firewall performs capably inside the network for interdepartmental access control and to defend against malware inside workers might inadvertently release into the network. In small business and satellite office environments, the Cisco ASA 5500 Series firewall acts as a total solution platform offering complete threat defense and Virtual Private Network functionality while fitting within the cost structure and operational demands of such situations.
This adaptive one-platform, multiple-use design reduces the total number of appliances that must be deployed and maintained while offering a standard operating and management system across all installations. This approach streamlines the education of configuration, tracking, support, and security personnel. To further reduce operations expenses, Cisco ASA firewalls are also exceptionally network aware, allowing them to integrate gracefully into the network without interfering with authorized data flow and applications.
How Progent's Consultants Can Assist You with Cisco PIX and ASA Firewalls
Cisco ASA 5500 Series adaptive security appliances and PIX security appliances provide a wealth of setup, monitoring, and analysis options which offer you the flexibility to configure these firewalls to match your company's needs. Progent's CCIE certified network experts can assist you to maintain your existing network infrastructure that includes Cisco ASA or PIX security appliances and that offers security, fault tolerance, throughput, and manageability. Progent can also assist your organization to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-premier information security consultants can help your business to develop a security strategy that makes sense for your situation and can set up your PIX or ASA firewall to support your security policies. Progent's security evaluation engineers can evaluate the effectiveness of your current firewall solution and validate the security of your entire information system environment. Progentís Technical Response Center can deliver emergency remote technical support for Cisco technology and can give you quick access to a Cisco expert.
To find out additional information about Progent's engineering support for Cisco products, select a subject:
To get in touch with Progent about professional expertise for Cisco products, phone 1-800-993-9400 or visit Contact Progent.