Cisco PIX firewalls and Cisco ASA Series firewalls integrate comprehensive firewall, intrusion protection, and VPN features in an economical, one-box format. Both product lines have been replaced by Cisco's ASA 5500-X line of security appliances with Firepower. (Refer to integration and debugging expertise for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and earlier-generation Cisco ASA 5500 Series firewalls are extensively deployed and continue to deliver small and mid-size companies a viable firewall solution.
Cisco PIC and the original ASA 5500 firewalls deliver robust user and program policy enforcement, mutlivector assault defense, and safe connectivity features. The increased knowledge sharing of integrated security services in a stand-alone platform offers users implementing these integrated firewalls the advantages of advanced protection, reduced cost of ownership, and minimal maintenance costs.
PIX firewalls and the ASA 5500 Series join IOS Firewall, the FWSM for Cisco Catalyst 6500 family switches, and 7600 Series routers as components of Cisco's flexible, integrated firewall product. Engineered with an expandable, building-block approach, each offering is designed with a particular array of options to provide more efficient security to different network environments. These products can be individually deployed to secure specific facets of a connectivity environment, or can be combined for a systematic, defense-in-depth approach following the design best practices described in the Cisco SAFE framework. Rounding out the modular firewall solutions, Cisco has developed a comprehensive security management portfolio, spanning Cisco security device and IOS Software security components and built-in appliance controllers, to standalone management programs, helping to make sure that businesses can productively use their Cisco protection infrastructure investments.
Cisco PIX Security Appliance Series
PIX Security Appliance Series offer robust policy support, multi-source attack protection, and secure networking services in affordable, out-of-the-box solutions. These specialized devices offer a broad range of built-in security and networking services including process-aware firewall services, VoIP and multimedia protection, robust multi-site and remote-connectivity IP Security (IPsec) VPN networking, high availability, intelligent networking services, and flexible administration options. The Cisco PIX firewall product line ranges from small plug-and-play desktop units for small offices and at home offices to stackable gigabit products with investment protection for enterprise and ISP environments, PIX firewall appliances provide dependable security, performance, and reliability for networks of all sizes.
Built upon a hardened, purpose-built software platform that offers rich security services, Cisco PIX firewall appliances provide excellent security and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security (IPsec) certification. Cisco PIX security appliances provide protection for a broad range of Voice over IP and other multimedia standards such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol, helping organizations to protect deployments of a wide range of current and next-generation Voice over IP and multimedia applications.
PIX firewalls offer a wealth of setup, tracking, and analysis features, providing businesses the versatility to utilize the methods that most closely match their requirements. Administrative solutions include centralized, policy-based management utilities, integrated web-based management, and compatibility with remote-monitoring standards such as SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a world-class web-based management solution that significantly simplifies the installation, in-place modification, and tracking of a specific PIX security appliance without the need of any extra utility other than an ordinary browser and Java applet to be running on an administrator's PC.
Administrators can furthermore remotely set up, track, and analyze PIX firewalls via a CLI interface. Secure CLI interface communication is possible using a number of techniques including SSHv2 Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. Cisco PIX firewalls also include dependable auto-update features, a set advanced protected remote-administration services that make sure that firewall settings and software images are kept up to date.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are purpose-built devices that bring together market-proven, industry-leading security and Virtual Private Network support plus an adaptive design. The result is a powerful, multifunction network security solution better suited to protect small and midsize business and larger networks and, at the same time, reduce the overall deployment and maintenance expenses formerly required for this high level of security.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver robust application security via smart, application-sensitive inspection processes that examine traffic at Layers 4-7. The result is a better protected environment covering web, voice, and mobile wireless services. To defend environments from application-layer attacks and to give organizations greater control over the programs and protocols used in their environments, Cisco's inspection engines integrate extensive application and protocol knowledgebases and rely on protection enforcement technologies that include anomaly detection and state monitoring. Also included are assault sensing and remediation techniques including application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide management of instant messaging and tunneling applications, allowing organizations to police usage policies and preserve network bandwidth for critical business applications.
At the same time as increasing network security, Cisco ASA firewalls also lower installation and operational expenses. By offering extensive VPN and security functions, the Cisco Adaptive Security Appliances 5500 Series firewall can be a the only platform for a multitude of environments, allowing product commonality. The Cisco Adaptive Security Appliances 5500 Series firewall can be deployed as a converged threat-protection appliance at a central location by leveraging its connectivity control, application inspection, and malware mitigation capabilities. The Cisco Adaptive Security Appliances 5500 Series firewall can also be used as a dedicated remote access device utilizing its Virtual Private Network features. Alternatively, the Cisco Adaptive Security Appliances (ASA) firewall serves equally well inside the network for inter-office access management and to defend against malware inside workers may unknowingly release into the network. In small company and branch office environments, the Cisco Adaptive Security Appliances 5500 Series firewall serves as an all-in-one device providing comprehensive threat defense and Virtual Private Network services while fitting within the budgets and operational models of these situations.
This adaptive one-platform, multiple-solution approach minimizes the total number of devices that must be deployed and maintained while offering a standard functional and management system across all deployments. This approach simplifies the education of setup, tracking, troubleshooting, and security personnel. To further reduce operations costs, Cisco ASA 5500 Series firewalls are also exceptionally network conscious, enabling these devices to insert seamlessly into the network without disrupting legitimate data flow and processes.
How Progent's Consultants Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco's ASA 5500 Series adaptive security appliances and PIX family security appliances incorporate a wealth of configuration, tracking, and troubleshooting options that give you the ability to configure these security appliances to match your business requirements. Progent's CCIE certified network professionals can show you how to support your current network infrastructure that includes Cisco ASA or PIX firewalls and that offers protection, fault tolerance, performance, and recoverability. Progent can also assist you to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-certified IS security professionals can assist you to create a security strategy that makes sense for your environment and can set up your security appliance to enforce your security policies. Progent's security evaluation professionals can evaluate the effectiveness of your current firewall solution and validate the security of your entire IS network. Progent's Help Desk Call Center can provide emergency remote technical support for Cisco products and can give you quick access to a Cisco CCIE expert.
For more details concerning Progent's engineering support for Cisco technology, select a topic: