Cisco's PIX family security appliances and ASA 5500 Series firewalls combine next-generation firewall, intrusion defense, and Virtual Private Network functionality in a cost-effective, one-box package. Both product lines have been superseded by Cisco's ASA 5500-X family of firewalls with Firepower Services. (See configuration and troubleshooting help with Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and previous-generation ASA 5500 model firewalls are widely deployed and continue to offer small and mid-size organizations a reliable firewall environment.
PIX and legacy ASA 5500 firewalls offer robust user and application policy support, mutlivector attack defense, and safe connectivity services. The increased knowledge sharing of consolidated protection services in a single package provides customers implementing these aggregated solutions the benefits of advanced security, reduced TCO, and smaller management costs.
PIX firewalls and the ASA 5500 product line join Cisco IOS Firewall, the Firewall Services Module (FWSM) for Cisco Catalyst 6500 family switches, and 7600 family routers as components of Cisco's versatile, self-contained firewall line. Engineered with an expandable, building-block approach, each device is equipped with a particular feature set to provide more efficient security to different network environments. These products can be individually installed to protect specific areas of a network environment, or can be grouped for a systematic, protection-in-depth strategy based on the architecture best practices outlined in Cisco's SAFE framework. Rounding out the integrated firewall product line, Cisco provides a complete security management product portfolio, ranging from Cisco security appliance and Cisco IOS security components and embedded device controllers, to self-contained management applications, moving to ensure that customers can productively manage their Cisco protection solution investments.
PIX Firewall Appliances
Cisco PIX Security Appliance Series offer reliable policy enforcement, multi-source attack defense, and secure connectivity features in cost-effective, simple-to-configure modules. These specialized devices offer a broad range of built-in protection and connectivity services including process-aware firewall features, Voice over IP (VoIP) and multimedia security, robust multi-location and remote-access IP Security Virtual Private Network connectivity, high availability, smart networking services, and flexible management solutions. The Cisco PIX Security Appliance Series family ranges from small plug-and-go desktop units for small or at home offices to stackable gigabit appliances with investment protection for enterprise and service-provider customers, Cisco PIX Security Appliance Series deliver dependable protection, speed, and reliability for networks of all sizes.
Based upon a tested, specialized software platform that offers a wealth of security services, Cisco PIX firewall appliances offer a high level of security and have been awarded EAL 4 status and ICSA Firewall and IP Security certification. PIX security appliances provide protection for a wide range of VoIP and additional multimedia standards including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping businesses to protect installations of a broad range of contemporary and upcoming IP voice and video applications.
Cisco PIX firewalls offer a variety of setup, tracking, and troubleshooting features, giving IT managers the versatility to use the techniques that most closely meet their needs. Administrative options include centralized, policy-based management tools, integrated web-based management, and support for remote-monitoring standards such as SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a powerful web-based control platform that greatly streamlines the deployment, in-place configuration, and monitoring of a single PIX firewall appliance without requiring any extra software beyond a standard web browser and Java applet to be installed on an administrator's computer.
IT managers can also remotely set up, track, and analyze PIX firewalls using a command-line interface (CLI). Secure CLI interface communication is available using several techniques such as Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. PIX firewalls also have robust auto-update features, a collection of secure remote-management services that ensure security settings and software images are always up to date.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are purpose-built solutions that bring together market-proven, industry-leading security and Virtual Private Network services with a flexible design. The result is a robust, versatile network protection solution better able to defend small and medium business (SMB) and enterprise networks and, at the same time, reduce the total deployment and maintenance expenses formerly associated with this enhanced level of protection.
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage engineering developed for the Cisco PIX 500 family Security Appliance, the Cisco IPS 4200 Series sensor, and Cisco's VPN 3000 family concentrator. These technologies enable the Cisco Adaptive Security Appliances Firewall family to offer a platform that stops a wide range of attacks. Cisco ASA Firewalls provide program protection, network containment, and safe VPN functionality throughout the entire product line. This broad scope of security enables defense of any network section, which includes the most common threat conduits such as remote locations, locally-attached internal users, and remote access Virtual Private Networks.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide strong application security through smart, application-aware inspection processes that analyze network flows at Layers 4-7. The result is a safer environment covering web, voice, and mobile wireless services. To protect networks against application-layer assaults and to give businesses greater policing of the applications and protocols used in their networks, these inspection engines integrate broad application and protocol knowledge and employ protection enforcement solutions that include protocol anomaly sensing and application and protocol state tracking. Also incorporated are attack detection and remediation technology including application and protocol command filters and URL deobfuscation. Cisco ASA 5500 Series firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, allowing businesses to enforce usage policies and preserve bandwidth for crucial business processes.
At the same time as increasing security, Cisco Adaptive Security Appliances (ASA) firewalls also decrease deployment and operational expenses. By providing broad Virtual Private Network and protection services, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be a single device for many uses, allowing platform standardization. The Cisco ASA firewall can be deployed as a converged attack-protection appliance at the datacenter by leveraging its access control, process inspection, and malware mitigation technologies. The Cisco Adaptive Security Appliances 5500 Series firewall can also be used as a dedicated remote connectivity solution utilizing its Virtual Private Network features. As another option, the Cisco Adaptive Security Appliances firewall performs equally well in the network interior for interdepartmental access management and to defend against worms, viruses, and other malicious code internal users might unknowingly release into the network. For small company and satellite office networks, the Cisco Adaptive Security Appliances firewall acts as an all-in-one device providing complete threat defense and VPN functionality while fitting within the cost structure and operational models of such situations.
This versatile one-platform, multiple-use approach minimizes the total number of devices that must be deployed and maintained while providing a standard functional and management environment throughout all installations. This architecture simplifies the training of configuration, tracking, support, and protection staff. To further minimize operations expenses, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also exceptionally network aware, enabling these devices to integrate gracefully into the environment without interfering with authorized traffic and applications.
How Progent's Consultants Can Assist Your Business with Cisco PIX and ASA Firewalls
Cisco's ASA Series adaptive security appliances and PIX security appliances incorporate a wealth of configuration, tracking, and analysis features which give you the flexibility to configure these firewalls to align optimally with your company's needs. Progent's CCIE authorized network experts can help you to maintain your existing network infrastructure that includes Cisco ASA and/or PIX security appliances and that provides security, fault tolerance, performance, and manageability. Progent can also assist you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified information security professionals can help you to develop a security strategy that makes sense for your environment and can set up your security appliance to support your security strategy. Progent's risk assessment engineers can evaluate the strength of your existing firewall solution and audit the security of your whole information system environment. Progentís Help Desk Call Center can provide emergency remote troubleshooting for Cisco technology and can give you quick access to a Cisco expert.
To find out additional information about Progent's consulting help for Cisco solutions, select a subject:
In order to ask Progent about consulting help for Cisco networking, call 1-800-993-9400 or see Contact Progent.