Cisco's PIX security appliances and ASA 5500 Series firewalls combine next-generation firewall, intrusion protection, and Virtual Private Network technologies in an affordable, single-box format. Both product families have been replaced by Cisco's ASA 5500-X family of firewalls with Firepower Services. (See integration and debugging help with Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and earlier-generation Cisco ASA 5500 Series firewalls are extensively deployed and continue to offer small and mid-size organizations a viable firewall solution.
PIX and the original ASA 5500 firewalls offer powerful client and program policy enforcement, mutlivector attack defense, and safe access services. The enhanced intelligence sharing of consolidated security features in a single platform offers customers implementing these aggregated firewalls the advantages of enhanced protection, reduced cost of ownership, and minimal maintenance costs.
PIX security appliances and Cisco's ASA 5500 Series combine with IOS Firewall, the FWSM for Cisco Catalyst 6500 Series switches, and Cisco 7600 Series routers as parts of Cisco's flexible, integrated firewall line. Engineered with an expandable, building-block platform, each device is designed with a specific feature set to provide more efficient security to different network environments. These products can be individually deployed to secure specific facets of the network infrastructure, or can be combined for a systematic, defense-in-depth strategy following the architecture best practices described in the Cisco SAFE Blueprint. Completing the modular firewall product line, Cisco provides a comprehensive security management portfolio, spanning Cisco security device and Cisco IOS Software security components and built-in appliance controllers, to self-contained management programs, helping to make sure that customers can productively manage their Cisco protection solution purchases.
PIX Firewall Appliances
Cisco PIX Security Appliance Series offer robust policy support, multivector attack protection, and safe connectivity features in cost-effective, simple-to-configure modules. These purpose-built devices offer a broad range of built-in protection and connectivity services including process-aware firewall services, VoIP and multimedia security, robust multi-site and remote-access IP Security VPN connectivity, excellent resiliency, intelligent networking features, and flexible management solutions. The PIX firewall product line ranges from small plug-and-go appliances for small or at home offices to modular gigabit products with investment protection for enterprise and service-provider customers, PIX Security Appliance Series provide dependable protection, speed, and availability for network environments of all sizes.
Built around a hardened, purpose-built software platform that offers a wealth of security services, Cisco PIX security appliances provide excellent protection and have been awarded EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. Cisco PIX firewalls offer security for a wide array of Voice over IP and additional multimedia standards such as H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping businesses to protect installations of a wide array of contemporary and upcoming Voice over IP and video applications.
PIX firewalls feature a wealth of setup, monitoring, and troubleshooting options, providing IT managers the versatility to utilize the techniques that best match their needs. Administrative solutions include centralized, policy-based management utilities, integrated web-accessible administration, and support for remote-monitoring protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM interface offers a world-class web-accessible management platform that greatly simplifies the installation, in-place configuration, and tracking of a specific Cisco PIX security appliance without the need of any additional utility beyond a standard browser and Java applet to be running on an administrator's PC.
Administrators can furthermore remotely configure, track, and troubleshoot PIX security appliances via a CLI interface. Secure CLI interface access is possible using several methods such as SSHv2 Protocol, Telnet over IP Security, and out-of-band through a console port. Cisco PIX firewalls also have dependable auto-update features, a set of protected remote-administration options that make sure that firewall configurations and software images are kept current.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are specially engineered devices that incorporate market-proven, industry-leading protection and Virtual Private Network support plus an adaptive architecture. The end product is a robust, versatile network protection appliance better suited to defend small and midsize business (SMB) and enterprise networks and, at the same time, lower the overall deployment and operations costs formerly associated with this enhanced level of protection.
Cisco ASA Firewalls build on technology developed for the Cisco PIX 500 Series firewall, the IPS 4200 family sensor, and the VPN 3000 family concentrator. These technologies converge on the Cisco ASA 5500 Series Firewall family to offer a firewall that defends against a wide range of attacks. Cisco Adaptive Security Appliances Firewalls provide application protection, network containment and control, and clean VPN functionality across the entire product portfolio. This breadth of security allows the guarding of any network area, including the most common threat conduits like remote sites, LAN-attached inside users, and off-site connected Virtual Private Networks.
Cisco ASA 5500 Series firewalls provide robust application security via smart, application-aware inspection processes that analyze traffic at Layers 4-7. This produces a safer network including web, voice, and mobile wireless connectivity. To defend networks from application-layer assaults and to give businesses more policing of the programs and protocols utilized in their networks, Cisco's inspection engines incorporate broad application and protocol knowledgebases and rely on protection enforcement solutions such as anomaly detection and state tracking. Also included are attack detection and remediation technology such as application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide control over IM and peer-to-peer file sharing, enabling organizations to police usage policies and free up bandwidth for critical business processes.
At the same time as increasing network protection, Cisco Adaptive Security Appliances (ASA) firewalls also decrease deployment and support expenses. By offering extensive VPN and protection functions, the Cisco Adaptive Security Appliances 5500 Series firewall can be a single device for a multitude of environments, enabling product standardization. The Cisco Adaptive Security Appliances (ASA) firewall can be deployed as a consolidated threat-protection appliance at the datacenter by leveraging its connectivity control, application inspection, and worm, virus, and other malware mitigation technologies. The Cisco Adaptive Security Appliances firewall can also be used as a dedicated remote access device utilizing its Virtual Private Network features. As an alternative, the Cisco Adaptive Security Appliances (ASA) firewall serves capably inside the network for interdepartmental access control and to guard against worms, viruses, and other malicious code inside workers may inadvertently introduce into the network. For small business and branch office environments, the Cisco ASA 5500 Series firewall serves as a total solution platform providing comprehensive threat prevention and VPN functionality while suiting the cost structure and operational demands of such situations.
This adaptive one-device, many-use design minimizes the number of appliances that must be deployed and managed while offering a common operating and management environment across all those deployments. This approach simplifies the training of configuration, monitoring, troubleshooting, and security staff. To further minimize operations expenses, Cisco ASA firewalls are also highly network aware, allowing these devices to insert seamlessly into the network without disrupting legitimate traffic and processes.
How Progent's Consultants Can Assist You with Cisco Firewalls
Cisco ASA Series firewalls and PIX family firewalls provide a wealth of configuration, monitoring, and analysis options which give you the ability to set up these security appliances to align optimally with your business requirements. Progent's CCIE certified network experts can help you to support your existing network infrastructure that incorporates Cisco ASA or PIX firewalls and that provides protection, fault tolerance, performance, and manageability. Progent's firewall experts can also assist you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified IS security experts can help your business to create a security policy appropriate for your environment and can configure your PIX or ASA firewall to enforce your security strategy. Progent's security evaluation experts can assess the effectiveness of your current firewall solution and help determine the security of your entire IT environment. Progentís Help Desk support team can provide emergency remote troubleshooting for Cisco products and offer quick access to a Cisco expert.
For more details concerning Progent's professional expertise for Cisco products, select a topic:
To contact Progent about consulting expertise for Cisco products, call 1-800-993-9400 or visit Contact Progent.