Cisco's PIX firewalls and ASA Series adaptive security appliances combine comprehensive firewall, intrusion protection, and Virtual Private Network functionality in an affordable, one-cabinet package. Both of these product families have been superseded by Cisco's ASA 5500-X line of firewalls with Firepower Services. (See configuration and troubleshooting help with Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and previous-generation Cisco ASA 5500 model adaptive security appliances are extensively deployed and continue to deliver small and mid-size organizations a viable firewall environment.
Cisco PIC and the original ASA 5500 firewalls deliver robust user and application policy enforcement, mutlivector assault defense, and safe access services. The enhanced intelligence sharing of consolidated security services in a single package offers users implementing these aggregated firewalls the advantages of advanced security, lower cost of ownership, and minimal maintenance costs.
Cisco PIX firewalls and Cisco's ASA 5500 family combine with Cisco IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 family switches, and 7600 Series routers as parts of Cisco's flexible, integrated firewall solutions. Engineered with an expandable, building-block platform, each offering is designed with a specific array of options to provide more efficient security to a variety of networking situations. These solutions can be individually deployed to protect certain facets of a network infrastructure, or can be combined for a layered, protection-in-depth strategy following the architecture best practices described in Cisco's SAFE Blueprint. Rounding out the integrated firewall product line, Cisco provides a comprehensive security management catalog, ranging from Cisco security appliance and IOS Software security components and built-in device controllers, to standalone management applications, helping to ensure that customers can productively use their Cisco protection infrastructure investments.
PIX firewall appliances offer robust policy enforcement, multivector attack defense, and secure connectivity services in affordable, out-of-the-box solutions. These specialized appliances offer a wealth of integrated security and networking services such as process-aware firewall features, Voice over IP (VoIP) and multimedia security, reliable multi-site and remote-connectivity IP Security (IPsec) Virtual Private Network (VPN) networking, excellent resiliency, intelligent networking services, and flexible administration solutions. The Cisco PIX Security Appliance Series family ranges from compact plug-and-play desktop units for small and at home offices to stackable gigabit appliances with ROI for enterprise and ISP environments, PIX firewall appliances deliver high levels of security, speed, and availability for network environments of all sizes.
Built around a hardened, specialized OS that delivers a wealth of protection services, PIX firewall appliances offer excellent protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security certification. Cisco PIX security appliances provide security for a wide range of Voice over IP and other mixed-media standards including H.323 Version 4, SIP, SCCP, RTSP, and Media Gateway Control Protocol, helping organizations to safeguard installations of a wide range of current and upcoming Voice over IP and multimedia applications.
PIX firewalls offer a wealth of setup, tracking, and troubleshooting features, providing IT managers the flexibility to utilize the methods that most closely match their needs. Management solutions include centralized, policy-based management utilities, integrated web-based administration, and support for remote-tracking protocols such as SNMP and syslog. The integrated Adaptive Security Device Manager interface provides a world-class web-accessible control solution that significantly simplifies the deployment, in-place modification, and tracking of a specific PIX firewall appliance without requiring any additional utility beyond a standard web browser and Java applet to be running on an administrator's PC.
IT managers can also remotely set up, track, and troubleshoot Cisco PIX firewalls via a command-line interface. Safe command-line interface (CLI) access is available using a number of methods including SSHv2 Protocol, Telnet through IP Security, and out-of-band through a console port. Cisco PIX firewall appliances also have robust automatic-update features, a set of secure remote-management services that ensure firewall configurations and software images are always up to date.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are specially engineered solutions that incorporate advanced, best-of-breed security and Virtual Private Network support with a flexible architecture. The end product is a powerful, versatile network security solution better suited to protect small and medium business (SMB) and larger networks and, simultaneously, reduce the total installation and operations expenses formerly required for this enhanced level of security.
Cisco Adaptive Security Appliances Firewalls leverage technology behind the Cisco PIX 500 Series Security Appliance, the Cisco IPS 4200 Intrusion Prevention System, and the VPN 3000 model concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) Firewall family to deliver a platform that defends against a broad range of threats. Cisco Adaptive Security Appliances (ASA) Firewalls deliver application security, local containment, and safe Virtual Private Network functionality across the entire product portfolio. This breadth of protection enables defense of any network segment, including the most typical attack conduits such as remote sites, locally-connected internal users, and off-site connected VPNs.
Cisco ASA 5500 Series firewalls provide robust application protection through intelligent, application-sensitive inspection engines that analyze traffic at Layers 4-7. The result is a more secure network covering web, voice, and mobile wireless connectivity. To protect environments against application-layer attacks and to offer organizations more control over the applications and protocols used in their networks, these inspection engines integrate broad application and protocol knowledge and rely on security enforcement solutions that include protocol anomaly detection and state monitoring. Also incorporated are attack sensing and mitigation technology such as application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver management of IM and peer-to-peer file sharing, allowing organizations to police usage policies and recover bandwidth for vital business processes.
At the same time as improving network security, Cisco Adaptive Security Appliances firewalls also lower installation and operational costs. By offering broad Virtual Private Network and protection functions, the Cisco Adaptive Security Appliances firewall can be used as the single device for many uses, enabling product commonality. The Cisco ASA firewall can be used as a consolidated threat-protection appliance at the datacenter by leveraging its connectivity control, application inspection, and worm, virus, and other malware mitigation capabilities. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can also be deployed as a specialized remote connectivity solution using its VPN features. Alternatively, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall performs equally well inside the network for interdepartmental access management and to guard against worms, viruses, and other malicious code inside workers might unwittingly release into the environment. For small company and satellite office environments, the Cisco ASA firewall acts as a total solution platform providing comprehensive intrusion prevention and Virtual Private Network functionality while fitting within the budgets and performance demands of such situations.
This versatile one-device, many-use approach minimizes the number of devices that need to be installed and managed while providing a standard operating and management system across all deployments. This approach simplifies the training of setup, monitoring, support, and protection staff. To further reduce operations expenses, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also exceptionally network aware, enabling them to integrate gracefully into the network without disrupting authorized traffic and applications.
How Progent Can Assist Your Business with Cisco Firewalls
Cisco's ASA Series adaptive security appliances and PIX family security appliances incorporate an array of configuration, monitoring, and troubleshooting options that give you the flexibility to deploy these firewalls to align optimally with your company's needs. Progent's CCIE certified network consultants can assist you to maintain your current network infrastructure that includes Cisco ASA or PIX firewall technology and that provides security, fault tolerance, throughput, and recoverability. Progent can also assist your organization to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-premier IS security experts can help you to develop a security strategy appropriate for your situation and can configure your firewall to enforce your security policies. Progent's risk evaluation experts can evaluate the strength of your current firewall deployment and help determine the overall security of your entire IS environment. Progentís Technical Response Center (TRC) can deliver emergency remote troubleshooting for Cisco technology and offer fast access to a Cisco CCIE expert.
To find out additional details about Progent's engineering expertise for Cisco products, choose a topic:
If you wish to ask Progent about professional help for Cisco products, call 1-800-993-9400 or visit Contact Progent.