Cisco PIX family security appliances and ASA Series adaptive security appliances combine comprehensive firewall, intrusion protection, and Virtual Private Network (VPN) features in an affordable, single-box format. Both product families have been superseded by the ASA 5500-X series of security appliances with Firepower Services. (See integration and troubleshooting expertise for Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and first-generation ASA 5500 Series adaptive security appliances are widely used and continue to offer small and mid-size companies a viable firewall environment.
PIX and legacy ASA 5500 firewalls deliver robust client and application policy enforcement, mutlivector attack protection, and secure connectivity services. The enhanced knowledge sharing of consolidated security features in a stand-alone platform provides customers implementing these integrated firewalls the benefits of enhanced protection, lower TCO, and minimal management expense.
Cisco PIX firewalls and the ASA 5500 family combine with IOS Firewall, the Firewall Services Module for Catalyst 6500 family switches, and Cisco 7600 routers as components of Cisco's versatile, integrated firewall solutions. Engineered with an expandable, building-block platform, every offering is equipped with a specific array of options to deliver more efficient security to a variety of network situations. These solutions can be independently installed to protect certain areas of the network infrastructure, or can be combined for a systematic, defense-in-depth strategy following the design leading practices described in Cisco's SAFE framework. Completing the modular firewall solutions, Cisco has developed a comprehensive security management catalog, spanning Cisco security device and IOS Software security features and embedded appliance managers, to self-contained management programs, moving to make sure that customers can effectively manage their Cisco protection solution purchases.
Cisco PIX firewalls offer robust user and application policy support, multi-source invasion defense, and secure connectivity features in cost-effective, simple-to-configure solutions. These specialized devices offer a wealth of built-in security and connectivity capabilities such as application-aware firewall services, VoIP and multimedia security, robust multi-location and remote-connectivity IPcec VPN networking, high availability, smart networking services, and versatile administration solutions. The PIX Security Appliance Series family spans small plug-and-play desktop units for small or at home offices to modular gigabit appliances with ROI for large business and service-provider customers, PIX firewalls provide high levels of security, speed, and availability for environments of any size.
Built upon a tested, specialized operating system that offers a wealth of security services, PIX security appliances offer excellent protection and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IPsec certification. Cisco PIX security appliances provide security for a broad range of Voice over IP and other multimedia standards such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol, enabling businesses to safeguard installations of a broad array of current and next-generation Voice over IP and multimedia applications.
PIX firewall appliances feature a wealth of configuration, monitoring, and troubleshooting features, giving businesses the flexibility to utilize the techniques that most closely meet their requirements. Administrative options include centralized, policy-based management utilities, integrated web-accessible administration, and compatibility with remote-monitoring protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM system offers a world-class web-accessible control solution that significantly simplifies the deployment, ongoing configuration, and tracking of a single Cisco PIX firewall appliance without requiring any additional software beyond an ordinary browser and Java applet to be running on a manager's computer.
Administrators can furthermore remotely configure, monitor, and analyze Cisco PIX firewalls using a CLI interface. Secure CLI interface access is possible using a number of methods including SSHv2 Protocol, Telnet through IPsec, and out-of-band via a console port. PIX firewalls also include robust auto-update features, a collection advanced secure remote-administration services that make sure that firewall configurations and software images are kept up to date.
Cisco ASA Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are specially engineered solutions that incorporate market-proven, industry-leading security and VPN support plus a flexible architecture. The result is a powerful, multifunction network security appliance better able to protect small and medium company and larger networks and, simultaneously, reduce the total installation and maintenance costs previously associated with this high level of security.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on engineering developed for the Cisco PIX 500 family Security Appliance, Cisco's IPS 4200 Series sensor, and Cisco's VPN 3000 Series concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) Firewall product line to offer a firewall that defends against a broad range of threats. Cisco ASA 5500 Series Firewalls provide application security, local containment, and clean VPN functionality across the entire product portfolio. This breadth of security enables defense of any network area, including the most typical attack vectors such as remote locations, LAN-connected inside users, and remote access VPNs.
Cisco Adaptive Security Appliances 5500 Series firewalls deliver a high-level of application security via smart, application-aware inspection engines that examine traffic at Layers 4-7. This produces a better protected network including web, voice, and mobile wireless connectivity. To defend networks against application-layer attacks and to offer businesses greater policing of the programs and protocols utilized in their environments, Cisco's inspection engines integrate extensive application and protocol knowledgebases and rely on protection enforcement solutions such as anomaly sensing and state monitoring. Also included are attack sensing and mitigation techniques including application/protocol command filtering and URL deobfuscation. Cisco ASA 5500 Series firewall inspection engines also deliver control over IM and peer-to-peer file sharing, allowing organizations to enforce usage policies and conserve network bandwidth for important business processes.
While increasing network protection, Cisco Adaptive Security Appliances (ASA) firewalls also decrease deployment and operational expenses. By offering broad Virtual Private Network and protection services, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be a the only platform for a multitude of environments, allowing product standardization. The Cisco Adaptive Security Appliances firewall can be used as a converged attack-protection appliance at a central location by taking advantage of its connectivity control, application inspection, and malware remediation capabilities. The Cisco ASA firewall can also be deployed as a dedicated remote access solution using its VPN features. Alternatively, the Cisco Adaptive Security Appliances 5500 Series firewall operates equally well inside the network for inter-office access control and to defend against malware internal workers might unwittingly release into the network. For small business and branch office environments, the Cisco Adaptive Security Appliances 5500 Series firewall acts as a total solution platform offering comprehensive intrusion defense and Virtual Private Network functionality while suiting the cost structure and performance demands of such deployments.
This adaptive single-device, many-solution approach minimizes the number of appliances that must be installed and managed while offering a standard operating and administrative environment throughout all deployments. This architecture simplifies the education of configuration, monitoring, support, and protection staff. To further reduce operations costs, Cisco ASA 5500 Series firewalls are also exceptionally network aware, enabling these devices to insert seamlessly into the network without interfering with legitimate data flow and processes.
How Progent's Consultants Can Help You with Cisco Firewalls
Cisco's ASA Series firewalls and PIX family firewalls incorporate a wealth of configuration, monitoring, and troubleshooting options which give you the flexibility to deploy these security appliances to match your company's requirements. Progent's CCIE authorized network experts can assist you to maintain your current network infrastructure that incorporates Cisco ASA or PIX firewall technology and that offers protection, fault tolerance, performance, and manageability. Progent's firewall experts can also assist your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-certified IS security engineers can assist your business to develop a security strategy appropriate for your environment and can set up your firewall to support your security policies. Progent's security assessment consultants can assess the effectiveness of your current firewall solution and validate the security of your whole information system network. Progentís Technical Response Center (TRC) can provide urgent online technical support for Cisco technology and can give you quick access to a Cisco CCIE expert.
To see additional details concerning Progent's consulting help for Cisco products, pick a topic:
In order to get in touch with Progent about technical assistance for Cisco technology, call 1-800-993-9400 or visit Contact Progent.