Cisco's PIX security appliances and Cisco ASA Series firewalls integrate comprehensive firewall, intrusion defense, and VPN technologies in an affordable, single-cabinet format. Both of these product lines have been superseded by the ASA 5500-X family of security appliances with Firepower. (See integration and debugging help with ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and previous-generation ASA 5500 Series adaptive security appliances are widely used and continue to offer small and mid-size organizations a viable firewall solution.
Cisco PIC and legacy ASA 5500 firewalls offer robust client and application policy support, mutlivector attack protection, and safe access features. The enhanced intelligence sharing of consolidated security features in a stand-alone package offers customers implementing these integrated firewalls the advantages of enhanced security, lower TCO, and minimal management costs.
Cisco PIX firewalls and Cisco's ASA 5500 Series combine with IOS Firewall, the FWSM for Catalyst 6500 family switches, and Cisco 7600 family routers as parts of Cisco's versatile, self-contained firewall solutions. Based on a scalable, modular approach, every device is equipped with a specific array of options to deliver more efficient protection to a variety of networking situations. These solutions can be independently installed to protect specific areas of a network environment, or can be grouped for a layered, protection-in-depth approach based on the architecture leading practices outlined in Cisco's SAFE Blueprint. Rounding out the integrated firewall product line, Cisco provides a comprehensive security management portfolio, ranging from Cisco security appliance and Cisco IOS security components and embedded appliance controllers, to self-contained management utilities, moving to ensure that customers can effectively manage their Cisco protection infrastructure purchases.
Cisco PIX Security Appliance Series
PIX Security Appliance Series offer robust user and application policy support, multi-source attack defense, and secure networking features in cost-effective, out-of-the-box modules. These purpose-built devices offer a broad range of integrated security and connectivity services including process-aware firewall features, Voice over IP and multimedia protection, robust site-to-site and remote-access IPcec VPN networking, fault tolerance, smart networking services, and flexible management solutions. The PIX firewall Appliance family spans compact plug-and-play devices for small offices or at home offices to stackable gigabit appliances with ROI for enterprise and ISP customers, PIX Security Appliance Series deliver high levels of security, speed, and availability for network environments of all sizes.
Built around a tested, specialized OS that delivers rich security features, Cisco PIX firewalls provide excellent protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. PIX security appliances offer security for a wide range of VoIP and other mixed-media conventions including H.323 Version 4, SIP, SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, enabling businesses to protect installations of a wide range of contemporary and upcoming IP voice and video applications.
PIX firewalls offer a variety of configuration, tracking, and analysis options, providing IT managers the flexibility to use the methods that most closely meet their needs. Management solutions include common, policy-based management utilities, integrated web-based administration, and compatibility with remote-tracking standards like Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a powerful web-accessible control solution that greatly simplifies the deployment, in-place configuration, and tracking of a single Cisco PIX firewall without the need of any extra software other than an ordinary browser and Java plug-in to be installed on an administrator's computer.
Administrators can also remotely set up, monitor, and troubleshoot PIX security appliances using a CLI interface. Secure command-line interface communication is available using a number of methods including Secure Shell (SSHv2) Protocol, Telnet through IPsec, and out-of-band via a console port. Cisco PIX firewall appliances also have dependable automatic-update features, a collection of protected remote-management options that make sure that firewall settings and software images are always current.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco ASA 5500 Series Firewalls are specially engineered devices that incorporate advanced, best-of-breed security and VPN services plus an adaptive architecture. The result is a powerful, versatile network protection solution better able to defend small and midsize business (SMB) and larger networks and, simultaneously, reduce the total deployment and maintenance costs formerly associated with this enhanced level of protection.
Cisco ASA Firewalls leverage engineering behind Cisco's PIX 500 family Security Appliance, the Cisco IPS 4200 sensor, and the VPN 3000 family concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to deliver a platform that stops a broad range of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls provide program security, local containment, and safe VPN connectivity across Cisco's product line. This broad scope of protection allows the guarding of any network area, which includes the most typical attack conduits such as remote locations, LAN-connected internal users, and remote access VPNs.
Cisco Adaptive Security Appliances firewalls deliver a high-level of application security via intelligent, application-aware inspection engines that examine traffic at Layers 4-7. This results in a better protected network covering web, voice, and mobile wireless access. To defend environments from application-layer assaults and to give businesses greater control over the applications and protocols utilized in their networks, Cisco's inspection engines incorporate broad application and protocol knowledgebases and rely on protection enforcement technologies that include anomaly detection and application and protocol state tracking. Also included are attack sensing and mitigation techniques such as application/protocol command filters and content verification. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide management of IM and tunneling applications, allowing businesses to enforce usage policies and free up network bandwidth for vital business applications.
While improving security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also decrease installation and support expenses. By offering extensive VPN and protection functions, the Cisco ASA 5500 Series firewall can be used as the the only platform for a multitude of uses, allowing product standardization. The Cisco ASA 5500 Series firewall can be used as a consolidated threat-prevention appliance at a central location by taking advantage of its access control, process inspection, and worm, virus, and other malware mitigation technologies. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can also be used as a specialized remote access device utilizing its VPN features. Alternatively, the Cisco Adaptive Security Appliances 5500 Series firewall serves capably in the network interior for inter-office connectivity management and to defend against malware internal users might inadvertently introduce into the environment. For small company and branch office environments, the Cisco Adaptive Security Appliances 5500 Series firewall acts as a total solution platform offering comprehensive threat defense and Virtual Private Network services while fitting within the cost structure and performance demands of these deployments.
This versatile one-device, multiple-solution approach reduces the number of devices that need to be deployed and maintained while providing a common operating and management system across all deployments. This approach simplifies the training of setup, tracking, support, and protection personnel. To further reduce operations expenses, Cisco Adaptive Security Appliances 5500 Series firewalls are also highly network conscious, enabling these devices to insert seamlessly into the environment without disrupting legitimate data flow and applications.
How Progent's Consultants Can Assist Your Business with Cisco PIX and ASA Firewalls
Cisco's ASA Series firewalls and PIX security appliances provide a wealth of configuration, monitoring, and analysis options which give you the ability to deploy these firewalls to match your business needs. Progent's CCIE certified network professionals can show you how to maintain your existing infrastructure that incorporates Cisco ASA or PIX security appliances and that provides security, fault tolerance, performance, and recoverability. Progent can also help you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-premier IS security experts can assist you to develop a security policy appropriate for your situation and can set up your security appliance to enforce your security strategy. Progent's security evaluation professionals can assess the effectiveness of your current firewall solution and validate the overall security of your entire IS environment. Progentís Technical Response Center (TRC) can deliver emergency remote troubleshooting for Cisco products and offer fast access to a Cisco CCIE expert.
To find out more details concerning Progent's consulting support for Cisco technology, select a topic:
If you wish to get in touch with Progent about technical assistance for Cisco networking, phone 1-800-993-9400 or visit Contact Progent.