Cisco PIX firewalls and Cisco ASA 5500 Series adaptive security appliances integrate next-generation firewall, intrusion defense, and Virtual Private Network functionality in an affordable, single-box format. Both of these product lines have been superseded by Cisco's ASA 5500-X series of firewalls with Firepower Services. (See configuration and debugging expertise for ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation ASA 5500 model adaptive security appliances are widely deployed and continue to offer small and mid-size companies a reliable firewall solution.
PIX and legacy ASA 5500 firewalls deliver powerful user and program policy enforcement, mutlivector attack protection, and secure connectivity features. The increased knowledge sharing of consolidated protection features in a stand-alone platform offers customers implementing these aggregated firewalls the advantages of enhanced security, lower TCO, and minimal maintenance costs.
PIX security appliances and Cisco's ASA 5500 product line combine with IOS Firewall, the Firewall Services Module for Catalyst 6500 Series switches, and 7600 family routers as components of Cisco's flexible, integrated firewall product. Engineered with a scalable, building-block approach, each device is equipped with a specific array of options to deliver more efficient security to a variety of networking situations. These products can be independently installed to secure specific areas of the network environment, or can be combined for a layered, defense-in-depth approach based on the architecture leading practices outlined in the Cisco SAFE Blueprint. Rounding out the integrated firewall product line, Cisco provides a complete security management offering, spanning Cisco security appliance and Cisco IOS Software security features and built-in appliance managers, to self-contained management programs, moving to ensure that businesses can productively use their Cisco security infrastructure investments.
Cisco PIX Firewalls
PIX Security Appliance Series offer robust policy enforcement, multi-source attack defense, and secure connectivity features in cost-effective, out-of-the-box modules. These purpose-built appliances offer a broad range of built-in protection and connectivity services such as process-aware firewall features, Voice over IP (VoIP) and multimedia protection, reliable multi-site and remote-connectivity IP Security (IPsec) Virtual Private Network (VPN) networking, fault tolerance, smart networking services, and flexible management options. The PIX Security Appliance Series product line spans compact plug-and-play appliances for small or at home offices to modular high-bandwidth appliances with investment protection for enterprise and ISP customers, Cisco PIX firewall appliances provide high levels of security, performance, and availability for network environments of all sizes.
Built upon a tested, purpose-built operating system that offers rich protection features, Cisco PIX security appliances provide a high level of security and have earned EAL 4 status and ICSA Labs Firewall and IP Security certification. PIX firewall appliances offer protection for a wide array of VoIP and additional mixed-media conventions including H.323 Version 4, SIP, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol, enabling organizations to safeguard deployments of a wide range of current and upcoming IP voice and multimedia applications.
Cisco PIX security appliances feature a variety of setup, monitoring, and analysis options, giving businesses the versatility to utilize the techniques that best match their needs. Management solutions include centralized, policy-based management tools, integrated web-accessible management, and support for remote-tracking protocols like Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager system provides a powerful web-based control solution that greatly simplifies the installation, ongoing configuration, and monitoring of a single Cisco PIX security appliance without requiring any extra software other than an ordinary browser and Java applet to be installed on an administrator's computer.
IT managers can furthermore remotely set up, monitor, and troubleshoot Cisco PIX security appliances using a command-line interface (CLI). Safe command-line interface (CLI) access is possible through a number of techniques such as Secure Shell Protocol, Telnet over IPsec, and out-of-band through a console port. PIX firewall appliances also have robust auto-update features, a collection advanced protected remote-management options that ensure firewall settings and software images are always up to date.
Cisco Adaptive Security Appliances Firewalls
Cisco ASA Firewalls are specially engineered solutions that incorporate advanced, industry-leading security and Virtual Private Network services plus an adaptive design. The result is a robust, versatile network security appliance better able to protect small and midsize business (SMB) and larger networks and, at the same time, reduce the overall deployment and maintenance costs previously required for this high level of protection.
Cisco Adaptive Security Appliances (ASA) firewalls provide strong application protection through intelligent, application-aware inspection engines that analyze network flows at Layers 4-7. This produces a better protected network covering web, voice, and mobile wireless services. To protect environments from application-layer assaults and to offer businesses greater control over the applications and protocols used in their networks, these inspection engines integrate broad application and protocol knowledgebases and employ security enforcement solutions that include anomaly detection and application and protocol state tracking. Also incorporated are attack sensing and mitigation technology including application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, enabling organizations to enforce usage policies and preserve network bandwidth for crucial business processes.
While improving network security, Cisco Adaptive Security Appliances (ASA) firewalls also decrease deployment and support expenses. By providing broad VPN and protection services, the Cisco Adaptive Security Appliances (ASA) firewall can be a the only platform for a multitude of uses, enabling product standardization. The Cisco Adaptive Security Appliances firewall can be used as a converged attack-prevention appliance at a central location by leveraging its connectivity control, application inspection, and worm, virus, and other malware remediation technologies. The Cisco Adaptive Security Appliances 5500 Series firewall can also be deployed as a specialized remote access solution utilizing its Virtual Private Network features. As an alternative, the Cisco ASA 5500 Series firewall serves capably in the network interior for interdepartmental connectivity control and to guard against worms, viruses, and other malicious code internal users may unwittingly release into the network. In small business and branch office networks, the Cisco ASA 5500 Series firewall serves as a total solution device offering comprehensive intrusion defense and Virtual Private Network functionality while suiting the cost structure and operational demands of these situations.
This versatile one-device, many-solution design reduces the total number of appliances that need to be installed and managed while offering a common operating and administrative environment across all installations. This architecture simplifies the education of setup, monitoring, support, and protection personnel. To further minimize maintenance expenses, Cisco Adaptive Security Appliances 5500 Series firewalls are also exceptionally network aware, enabling these devices to insert seamlessly into the environment without disrupting legitimate traffic and processes.
How Progent's Cisco Certified Experts Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco's ASA Series adaptive security appliances and PIX family security appliances provide a wealth of configuration, monitoring, and troubleshooting features which give you the ability to set up these firewalls to match your business requirements. Progent's CCIE authorized network consultants can show you how to support your current network infrastructure that incorporates Cisco ASA or PIX firewalls and that provides protection, resilience, performance, and recoverability. Progent's firewall experts can also assist you to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-certified information security experts can help you to develop a security strategy that makes sense for your business and can configure your PIX or ASA firewall to support your security strategy. Progent's security evaluation engineers can evaluate the strength of your existing firewall deployment and audit the security of your entire information system environment. Progent's Help Desk support team can deliver emergency online technical support for Cisco products and can give you quick access to a Cisco expert.
To see more information about Progent's engineering help for Cisco solutions, select a topic: