Cisco's PIX family firewalls and Cisco ASA 5500 Series adaptive security appliances combine next-generation firewall, intrusion protection, and Virtual Private Network (VPN) technologies in a cost-effective, one-cabinet format. Both of these product families have been replaced by Cisco's ASA 5500-X family of security appliances with Firepower. (Refer to integration and troubleshooting expertise for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and earlier-generation Cisco ASA 5500 Series firewalls are extensively used and continue to provide small and mid-size companies a reliable firewall environment.
PIX and legacy ASA 5500 firewalls deliver powerful client and application policy support, mutlivector assault protection, and safe connectivity services. The increased intelligence sharing of consolidated security services in a stand-alone package provides users implementing these aggregated solutions the advantages of advanced security, lower TCO, and minimal management expense.
Cisco PIX security appliances and Cisco's ASA 5500 product line combine with IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 switches, and 7600 Series routers as parts of Cisco's flexible, self-contained firewall product. Based on an expandable, building-block platform, each offering is equipped with a particular array of options to deliver better protection to a variety of networking environments. These solutions can be independently deployed to protect certain areas of a network environment, or can be grouped for a layered, defense-in-depth strategy following the architecture best practices outlined in the Cisco SAFE Blueprint. Rounding out the modular firewall solutions, Cisco provides a complete security management offering, ranging from Cisco security appliance and IOS Software security components and embedded device managers, to standalone management programs, moving to ensure that businesses can effectively manage their Cisco security infrastructure investments.
Cisco PIX Security Appliance Series
Cisco PIX Security Appliance Series offer robust user and application policy enforcement, multivector invasion protection, and secure networking features in cost-effective, easy-to-deploy modules. These purpose-built devices provide a broad range of integrated security and connectivity capabilities such as application-aware firewall features, VoIP and multimedia protection, robust multi-location and remote-access IPcec Virtual Private Network connectivity, excellent resiliency, smart networking services, and versatile administration solutions. The Cisco PIX firewall product line spans small plug-and-play desktop units for small or home offices to modular gigabit appliances with investment protection for large business and service-provider environments, Cisco PIX Security Appliance Series deliver high levels of protection, performance, and availability for network environments of any size.
Based around a hardened, specialized operating system that delivers a wealth of security features, PIX firewalls offer excellent protection and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IPsec qualification. Cisco PIX firewalls offer security for a wide array of VoIP and other multimedia standards including H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol (MGCP), helping organizations to protect installations of a wide range of current and next-generation VoIP and mixed-media applications.
Cisco PIX firewall appliances offer a wealth of setup, monitoring, and troubleshooting options, providing IT managers the flexibility to use the techniques that most closely meet their needs. Management options include centralized, policy-based management tools, integrated web-accessible management, and support for remote-tracking protocols like Simple Network Management Protocol and syslog. The integrated ASDM interface offers a powerful web-based control solution that greatly simplifies the installation, ongoing modification, and monitoring of a single PIX firewall appliance without the need of any additional software beyond an ordinary web browser and Java plug-in to be installed on an administrator's PC.
Administrators can furthermore remotely configure, track, and analyze PIX firewalls using a command-line interface. Secure CLI interface access is possible through several methods including Secure Shell Protocol, Telnet over IPsec, and out-of-band through a console port. PIX firewalls also have dependable automatic-update capabilities, a collection advanced secure remote-administration services that ensure firewall settings and software images are kept current.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls are purpose-built solutions that incorporate advanced, industry-leading security and Virtual Private Network services with a flexible architecture. The result is a powerful, multifunction network protection solution better able to protect small and medium business and enterprise networks and, at the same time, lower the total installation and maintenance costs previously associated with this high level of security.
Cisco Adaptive Security Appliances 5500 Series Firewalls build on technology behind the PIX 500 Series firewall, Cisco's IPS 4200 sensor, and the Cisco VPN 3000 model concentrator. These technologies enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to offer a platform that defends against a broad range of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls provide program security, network containment, and safe VPN connectivity across Cisco's product portfolio. This broad scope of security allows the guarding of any network section, which includes the most typical attack vectors like remote locations, LAN-connected internal users, and remote access Virtual Private Networks.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver strong application security through intelligent, application-aware inspection processes that examine traffic at Layers 4-7. This produces a more secure network including web, voice, and mobile wireless access. To protect networks from application-layer attacks and to give organizations greater control over the applications and protocols used in their networks, Cisco's inspection engines integrate extensive application and protocol knowledgebases and employ protection enforcement technologies that include anomaly sensing and state monitoring. Also included are assault sensing and remediation techniques including application/protocol command filters and URL deobfuscation. Cisco ASA 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, enabling businesses to police usage policies and free up network bandwidth for critical business applications.
While improving network security, Cisco ASA firewalls also decrease installation and support expenses. By providing extensive VPN and protection services, the Cisco ASA 5500 Series firewall can be used as the single device for many uses, allowing product standardization. The Cisco Adaptive Security Appliances 5500 Series firewall can be deployed as a converged attack-prevention device at a central location by leveraging its connectivity control, process inspection, and worm, virus, and other malware remediation capabilities. The Cisco ASA firewall can also be used as a dedicated remote connectivity device using its Virtual Private Network features. As another option, the Cisco ASA firewall serves equally well inside the network for interdepartmental access management and to defend against malicious assaults internal workers may unknowingly release into the network. For small business and satellite office environments, the Cisco Adaptive Security Appliances firewall acts as a total solution platform offering comprehensive threat defense and VPN functionality while fitting within the cost structure and operational models of such deployments.
This versatile one-platform, many-solution design minimizes the number of appliances that need to be deployed and managed while offering a common operating and administrative system across all those deployments. This approach simplifies the training of configuration, monitoring, support, and protection personnel. To further reduce operations expenses, Cisco Adaptive Security Appliances firewalls are also highly network aware, allowing these devices to integrate gracefully into the environment without interfering with legitimate data flow and applications.
How Progent's Consultants Can Help Your Business with Cisco PIX and ASA Firewalls
Cisco's ASA Series adaptive security appliances and PIX security appliances incorporate a wealth of configuration, monitoring, and analysis features that give you the ability to configure these security appliances to match your business requirements. Progent's CCIE authorized network professionals can help you to support your current infrastructure that incorporates Cisco ASA and/or PIX firewalls and that provides protection, resilience, throughput, and manageability. Progent can also assist you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-premier information security professionals can assist you to develop a security policy appropriate for your situation and can configure your PIX or ASA firewall to enforce your security strategy. Progent's risk evaluation consultants can assess the strength of your existing firewall solution and help determine the security of your entire IS network. Progentís Technical Response Center (TRC) can provide emergency online troubleshooting for Cisco products and offer fast access to a Cisco CCIE network engineer.
To learn more information concerning Progent's consulting expertise for Cisco solutions, choose a topic:
If you wish to ask Progent about professional help for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.