Cisco's PIX firewalls and Cisco ASA Series adaptive security appliances combine comprehensive firewall, intrusion defense, and Virtual Private Network (VPN) functionality in a cost-effective, one-cabinet package. Both of these product families have been superseded by Cisco's ASA 5500-X line of security appliances with Firepower Services. (See configuration and troubleshooting expertise for ASA 5500-X firewalls with Firepower Services.) Still, PIX and first-generation ASA 5500 model firewalls are extensively deployed and continue to offer small and mid-size companies a reliable security solution.
Cisco PIC and the original ASA 5500 firewalls deliver powerful client and program policy enforcement, mutlivector attack defense, and safe access services. The enhanced knowledge sharing of consolidated protection features in a single package provides customers deploying these aggregated solutions the benefits of advanced protection, reduced cost of ownership, and minimal maintenance costs.
Cisco PIX security appliances and Cisco's ASA 5500 family combine with IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 family switches, and Cisco 7600 Series routers as parts of Cisco's flexible, self-contained firewall line. Engineered with a scalable, building-block platform, each device is designed with a particular feature set to provide more efficient protection to different networking situations. These products can be individually installed to protect certain facets of a connectivity environment, or can be combined for a systematic, protection-in-depth strategy following the architecture leading practices described in Cisco's SAFE Blueprint. Completing the integrated firewall solutions, Cisco has developed a comprehensive security management catalog, spanning Cisco security device and IOS security components and embedded appliance controllers, to standalone management programs, helping to ensure that customers can productively manage their Cisco protection infrastructure investments.
Cisco PIX Firewall Appliances
Cisco PIX firewalls offer robust user and application policy enforcement, multi-source invasion protection, and safe connectivity features in economical, out-of-the-box solutions. These purpose-built appliances offer a wealth of integrated protection and connectivity services such as application-aware firewall features, Voice over IP and multimedia protection, reliable multi-site and remote-access IPcec Virtual Private Network connectivity, high availability, smart networking services, and versatile administration solutions. The Cisco PIX firewall Appliance family spans compact plug-and-go desktop units for small and at home offices to modular high-bandwidth appliances with ROI for enterprise and ISP customers, Cisco PIX firewalls provide dependable protection, performance, and availability for network environments of all sizes.
Based around a hardened, specialized software platform that offers a wealth of security features, Cisco PIX firewalls provide a high level of security and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security qualification. PIX firewall appliances offer protection for a wide array of Voice over IP and other multimedia conventions such as H.323 Version 4, Session Initiation Protocol (SIP), SCCP, RTSP, and MGCP, helping organizations to protect installations of a broad array of contemporary and next-generation Voice over IP and mixed-media applications.
Cisco PIX security appliances feature a variety of configuration, tracking, and analysis options, giving IT managers the flexibility to utilize the methods that most closely meet their requirements. Administrative options include common, policy-based management utilities, integrated web-based management, and compatibility with remote-monitoring protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM system provides a powerful web-accessible management solution that greatly streamlines the deployment, ongoing configuration, and tracking of a specific Cisco PIX firewall appliance without requiring any extra software other than an ordinary web browser and Java applet to be running on a manager's PC.
IT managers can also remotely set up, track, and analyze Cisco PIX security appliances using a command-line interface. Secure command-line interface (CLI) communication is available using several techniques including Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. PIX firewall appliances also include robust automatic-update features, a collection advanced secure remote-administration services that ensure firewall settings and software images are kept current.
Cisco Adaptive Security Appliances (ASA) Firewalls
Cisco Adaptive Security Appliances Firewalls are specially engineered solutions that bring together market-proven, industry-leading protection and VPN support plus a flexible architecture. The result is a robust, multifunction network protection solution better suited to protect small and medium company and enterprise networks and, at the same time, lower the total installation and operations costs formerly required for this enhanced degree of protection.
Cisco Adaptive Security Appliances (ASA) Firewalls leverage technology developed for the Cisco PIX 500 Series firewall, the IPS 4200 Series sensor, and Cisco's VPN 3000 Series concentrator. These technologies converge on the Cisco ASA 5500 Series Firewall product line to deliver a firewall that stops a wide range of attacks. Cisco Adaptive Security Appliances Firewalls deliver application security, network containment, and safe Virtual Private Network functionality across the entire product line. This breadth of protection allows defense of any network area, including the most common attack conduits like remote locations, locally-connected inside users, and remote access VPNs.
Cisco Adaptive Security Appliances (ASA) firewalls provide a high-level of application protection via smart, application-sensitive inspection processes that analyze network flows at Layers 4-7. The result is a safer environment including web, voice, and mobile wireless connectivity. To protect environments from application-layer attacks and to give organizations more control over the applications and protocols utilized in their environments, these inspection engines integrate broad application and protocol knowledge and rely on security enforcement technologies that include anomaly sensing and application and protocol state tracking. Also included are attack detection and remediation techniques such as application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver control over IM and peer-to-peer file sharing, enabling organizations to enforce usage policies and recover network bandwidth for important business applications.
While improving security, Cisco ASA 5500 Series firewalls also lower deployment and support expenses. By providing extensive Virtual Private Network and security services, the Cisco Adaptive Security Appliances 5500 Series firewall can be used as the the only platform for many environments, allowing product standardization. The Cisco Adaptive Security Appliances firewall can be used as a converged attack-protection appliance at a central location by taking advantage of its connectivity control, process inspection, and worm, virus, and other malware remediation technologies. The Cisco ASA 5500 Series firewall can also be deployed as a specialized remote access solution using its Virtual Private Network capabilities. Alternatively, the Cisco ASA firewall operates equally well inside the network for inter-office access management and to guard against malware inside users may inadvertently release into the environment. For small business and satellite office networks, the Cisco Adaptive Security Appliances 5500 Series firewall acts as a total solution platform offering comprehensive intrusion defense and VPN services while fitting within the budgets and performance demands of such situations.
This adaptive one-platform, multiple-use design minimizes the number of devices that must be deployed and managed while providing a common operating and administrative system across all installations. This architecture simplifies the education of setup, tracking, troubleshooting, and security personnel. To further minimize maintenance expenses, Cisco Adaptive Security Appliances firewalls are also exceptionally network conscious, enabling them to integrate gracefully into the network without interfering with legitimate traffic and applications.
How Progent's Consultants Can Help You with Cisco Firewalls
Cisco's ASA Series firewalls and PIX family firewalls incorporate an array of setup, tracking, and analysis features which give you the ability to configure these security appliances to match your company's requirements. Progent's CCIE authorized network professionals can help you to maintain your current network infrastructure that includes Cisco ASA and/or PIX security appliances and that provides security, fault tolerance, performance, and recoverability. Progent's firewall experts can also assist you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-certified information security professionals can assist you to create a security policy appropriate for your situation and can set up your firewall to enforce your security strategy. Progent's risk assessment consultants can evaluate the effectiveness of your existing firewall solution and validate the overall security of your entire IS environment. Progent’s Technical Response Center (TRC) can deliver urgent online troubleshooting for Cisco products and offer fast access to a Cisco expert.
For additional details concerning Progent's consulting help for Cisco products, choose a subject:
To ask Progent about consulting help for Cisco networking, phone 1-800-993-9400 or visit Contact Progent.