Cisco's PIX family firewalls and Cisco ASA Series adaptive security appliances integrate next-generation firewall, intrusion defense, and VPN features in a cost-effective, one-box package. Both product lines have been replaced by the ASA 5500-X family of firewalls with Firepower Services. (See configuration and troubleshooting support for ASA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and first-generation Cisco ASA 5500 model adaptive security appliances are widely used and continue to offer small and mid-size companies a reliable security environment.
PIX and legacy ASA 5500 firewalls deliver powerful user and program policy enforcement, mutlivector attack defense, and safe connectivity features. The increased intelligence sharing of integrated security services in a stand-alone package offers customers implementing these aggregated firewalls the advantages of advanced security, reduced cost of ownership, and minimal management expense.
PIX security appliances and the ASA 5500 family combine with Cisco IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 switches, and 7600 Series routers as parts of Cisco's flexible, self-contained firewall solutions. Based on a scalable, modular approach, each offering is designed with a particular array of options to deliver more efficient protection to different networking environments. These products can be individually deployed to protect certain facets of a connectivity environment, or can be combined for a layered, defense-in-depth strategy following the architecture best practices outlined in the Cisco SAFE framework. Completing the modular firewall product line, Cisco provides a complete security management product portfolio, spanning Cisco security device and Cisco IOS security features and embedded device controllers, to standalone management programs, moving to make sure that customers can effectively use their Cisco protection infrastructure purchases.
Cisco PIX Firewalls
PIX Security Appliance Series deliver robust policy enforcement, multivector invasion defense, and safe connectivity features in affordable, simple-to-configure solutions. These specialized devices provide a wealth of integrated protection and connectivity services including application-aware firewall features, VoIP and multimedia protection, robust multi-location and remote-connectivity IP Security (IPsec) Virtual Private Network networking, fault tolerance, smart networking services, and versatile management solutions. The PIX firewall product line spans compact plug-and-go appliances for small offices or home offices to stackable gigabit appliances with ROI for large business and service-provider environments, PIX firewall appliances provide high levels of protection, performance, and availability for networks of all sizes.
Built around a tested, specialized OS that offers rich protection services, PIX firewall appliances provide excellent security and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IPsec qualification. PIX firewalls offer security for a broad range of VoIP and other mixed-media standards including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and MGCP, enabling businesses to safeguard deployments of a broad array of contemporary and upcoming Voice over IP and mixed-media applications.
Cisco PIX firewall appliances offer a wealth of setup, monitoring, and analysis features, giving businesses the flexibility to use the techniques that most closely match their requirements. Administrative options include common, policy-based management utilities, integrated web-accessible administration, and support for remote-monitoring protocols such as SNMP and syslog. The integrated ASDM interface offers a world-class web-based management solution that significantly streamlines the installation, ongoing configuration, and monitoring of a single Cisco PIX firewall appliance without requiring any extra utility beyond a standard browser and Java plug-in to be installed on an administrator's PC.
Administrators can also remotely set up, monitor, and troubleshoot Cisco PIX firewalls via a command-line interface. Secure CLI interface access is possible using several methods such as Secure Shell (SSHv2) Protocol, Telnet through IPsec, and out-of-band via a console port. Cisco PIX security appliances also include dependable auto-update capabilities, a set of secure remote-management services that make sure that firewall configurations and software images are kept current.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls are specially engineered solutions that bring together market-proven, best-of-breed protection and Virtual Private Network services with a flexible architecture. The result is a powerful, versatile network security solution better able to protect small and midsize company and enterprise networks and, simultaneously, reduce the total installation and operations expenses previously required for this high level of protection.
Cisco Adaptive Security Appliances Firewalls leverage technology behind the Cisco PIX 500 family firewall, the IPS 4200 Series sensor, and the Cisco VPN 3000 family concentrator. These solutions enable the Cisco Adaptive Security Appliances (ASA) Firewall family to offer a platform that stops a wide range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide application security, local containment, and clean Virtual Private Network functionality throughout the entire product line. This broad scope of protection enables defense of any network area, including the most typical attack conduits like remote sites, locally-attached internal users, and off-site access VPNs.
Cisco Adaptive Security Appliances 5500 Series firewalls deliver strong application security via smart, application-aware inspection engines that examine network flows at Layers 4-7. This produces a safer network covering web, voice, and mobile wireless access. To defend environments from application-layer attacks and to offer businesses greater control over the programs and protocols utilized in their networks, these inspection engines integrate broad application and protocol knowledge and rely on protection enforcement solutions such as protocol anomaly detection and application and protocol state monitoring. Also incorporated are assault detection and remediation technology such as application and protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver management of instant messaging and tunneling applications, allowing organizations to police usage policies and preserve bandwidth for vital business applications.
While improving network security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also decrease installation and support expenses. By offering broad VPN and protection functions, the Cisco Adaptive Security Appliances firewall can be used as the the only platform for many environments, enabling platform standardization. The Cisco Adaptive Security Appliances (ASA) firewall can be used as a consolidated threat-protection appliance at a central location by taking advantage of its connectivity control, application inspection, and worm, virus, and other malware remediation capabilities. The Cisco ASA firewall can also be used as a specialized remote access solution using its VPN capabilities. As another option, the Cisco Adaptive Security Appliances firewall performs capably in the network interior for interdepartmental connectivity control and to defend against malicious assaults inside users might unknowingly release into the environment. In small company and branch office networks, the Cisco Adaptive Security Appliances firewall acts as a total solution platform providing complete threat prevention and VPN functionality while fitting within the cost structure and performance demands of these deployments.
This adaptive one-platform, many-use approach reduces the total number of appliances that must be deployed and maintained while providing a common functional and administrative environment across all installations. This architecture simplifies the education of configuration, monitoring, troubleshooting, and protection staff. To further minimize operations expenses, Cisco ASA firewalls are also highly network conscious, enabling these devices to integrate gracefully into the network without interfering with legitimate traffic and applications.
How Progent's Consultants Can Assist You with Cisco Firewalls
Cisco's ASA Series adaptive security appliances and PIX firewalls incorporate a wealth of setup, monitoring, and analysis options which offer you the ability to deploy these firewalls to match your company's requirements. Progent's CCIE certified network professionals can assist you to maintain your current network infrastructure that includes Cisco ASA or PIX firewall technology and that offers protection, fault tolerance, throughput, and recoverability. Progent's firewall experts can also help you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-certified information security professionals can help your business to develop a security policy appropriate for your environment and can configure your firewall to enforce your security policies. Progent's security assessment consultants can assess the effectiveness of your current firewall solution and help determine the overall security of your entire information system environment. Progentís Help Desk Call Center can provide urgent online troubleshooting for Cisco technology and offer fast access to a Cisco CCIE expert.
To find out additional information about Progent's professional expertise for Cisco solutions, select a subject:
To get in touch with Progent about engineering assistance for Cisco networking, call 1-800-993-9400 or see Contact Progent.