Cisco PIX family security appliances and ASA Series adaptive security appliances integrate next-generation firewall, intrusion protection, and VPN technologies in an affordable, single-cabinet package. Both product lines have been replaced by Cisco's ASA 5500-X series of firewalls with Firepower Services. (See configuration and troubleshooting help with ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and earlier-generation Cisco ASA 5500 model firewalls are widely used and continue to deliver small and mid-size companies a viable firewall environment.
Cisco PIC and the original ASA 5500 firewalls offer powerful client and program policy enforcement, mutlivector assault protection, and safe access services. The increased knowledge sharing of integrated protection features in a single package provides users implementing these integrated firewalls the benefits of enhanced protection, reduced TCO, and smaller management expense.
Cisco PIX firewalls and Cisco's ASA 5500 product line join Cisco IOS Firewall, the Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series switches, and 7600 routers as components of Cisco's flexible, self-contained firewall solutions. Based on a scalable, modular approach, each device is equipped with a specific feature set to deliver better protection to a variety of networking situations. These solutions can be independently installed to protect specific facets of the network infrastructure, or can be grouped for a systematic, defense-in-depth strategy following the design best practices described in Cisco's SAFE framework. Completing the modular firewall solutions, Cisco provides a comprehensive security management catalog, ranging from Cisco security device and IOS security components and built-in appliance managers, to standalone management applications, helping to make sure that businesses can productively use their Cisco security infrastructure purchases.
Cisco PIX Firewalls
Cisco PIX firewalls deliver reliable user and application policy support, multi-source attack defense, and secure connectivity features in cost-effective, simple-to-configure modules. These specialized devices provide a wealth of integrated security and networking capabilities including application-aware firewall services, VoIP and multimedia protection, robust multi-site and remote-connectivity IP Security Virtual Private Network (VPN) connectivity, high availability, smart networking features, and flexible management solutions. The Cisco PIX Security Appliance Series product line ranges from compact plug-and-play appliances for small offices or home offices to modular gigabit appliances with ROI for enterprise and service-provider customers, PIX firewalls deliver dependable security, performance, and availability for environments of all sizes.
Based upon a hardened, purpose-built OS that offers a wealth of protection features, PIX security appliances offer excellent security and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security certification. PIX firewall appliances offer protection for a wide range of VoIP and additional mixed-media conventions such as H.323 Version 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, helping organizations to safeguard deployments of a broad range of current and next-generation VoIP and video applications.
Cisco PIX firewall appliances offer a variety of configuration, monitoring, and troubleshooting options, providing IT managers the flexibility to use the techniques that most closely match their needs. Administrative solutions include common, policy-based administration utilities, integrated web-accessible administration, and compatibility with remote-tracking protocols like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a powerful web-based control solution that greatly simplifies the deployment, ongoing configuration, and tracking of a single PIX firewall appliance without requiring any extra utility beyond a standard browser and Java plug-in to be running on a manager's PC.
IT managers can furthermore remotely set up, monitor, and troubleshoot PIX security appliances via a command-line interface (CLI). Secure command-line interface (CLI) communication is available using a number of techniques such as Secure Shell Protocol, Telnet through IP Security, and out-of-band through a console port. PIX security appliances also include dependable automatic-update features, a set of protected remote-administration options that ensure firewall settings and software images are always current.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are specially engineered devices that incorporate advanced, best-of-breed security and Virtual Private Network support plus a flexible architecture. The end product is a robust, multifunction network protection appliance better suited to protect small and medium company and enterprise networks and, at the same time, lower the overall deployment and operations expenses previously associated with this enhanced degree of protection.
Cisco ASA firewalls provide robust application security through intelligent, application-aware inspection engines that examine traffic at Layers 4-7. The result is a more secure environment covering web, voice, and mobile wireless services. To protect networks from application-layer assaults and to give organizations more control over the programs and protocols used in their environments, Cisco's inspection engines incorporate broad application and protocol knowledgebases and employ protection enforcement solutions that include protocol anomaly detection and application and protocol state monitoring. Also included are attack sensing and mitigation technology including application/protocol command filtering and content verification. Cisco Adaptive Security Appliances firewall inspection engines also provide management of IM and tunneling applications, allowing organizations to police usage policies and free up network bandwidth for important business processes.
While increasing network security, Cisco Adaptive Security Appliances firewalls also decrease deployment and support costs. By providing broad Virtual Private Network and security functions, the Cisco Adaptive Security Appliances (ASA) firewall can be used as the single device for many environments, enabling platform standardization. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be deployed as a consolidated threat-protection device at a central location by leveraging its access control, application inspection, and worm, virus, and other malware remediation technologies. The Cisco ASA 5500 Series firewall can also be used as a specialized remote connectivity device utilizing its Virtual Private Network capabilities. As another option, the Cisco ASA 5500 Series firewall serves equally well inside the network for interdepartmental connectivity management and to guard against malicious assaults inside users may unknowingly release into the environment. For small company and satellite office environments, the Cisco Adaptive Security Appliances firewall acts as an all-in-one device providing comprehensive intrusion defense and VPN functionality while suiting the cost structure and operational models of these deployments.
This versatile single-device, multiple-solution design minimizes the total number of appliances that must be installed and managed while offering a common operating and management environment across all those installations. This approach streamlines the training of configuration, tracking, support, and security staff. To further reduce operations expenses, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also exceptionally network aware, enabling these devices to insert gracefully into the environment without disrupting legitimate data flow and applications.
How Progent's Consultants Can Help You with Cisco PIX and ASA Security Appliances
Cisco ASA Series firewalls and PIX family firewalls provide an array of configuration, tracking, and troubleshooting features which give you the flexibility to configure these security appliances to align optimally with your business needs. Progent's CCIE certified network experts can show you how to support your existing infrastructure that incorporates Cisco ASA and/or PIX security appliances and that offers security, fault tolerance, throughput, and manageability. Progent can also help you to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-premier information security engineers can help your business to develop a security policy that makes sense for your environment and can set up your PIX or ASA firewall to enforce your security strategy. Progent's risk assessment engineers can evaluate the strength of your current firewall deployment and help determine the security of your whole IS environment. Progent's Technical Response Center (TRC) can provide urgent online troubleshooting for Cisco products and can give you quick access to a Cisco CCIE expert.
To learn additional information about Progent's engineering support for Cisco solutions, select a topic: