Cisco PIX family firewalls and ASA Series firewalls integrate comprehensive firewall, intrusion protection, and VPN functionality in an affordable, single-cabinet package. Both of these product families have been superseded by Cisco's ASA 5500-X series of firewalls with Firepower. (Refer to integration and debugging help with ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation Cisco ASA 5500 model adaptive security appliances are extensively deployed and continue to deliver small and mid-size organizations a reliable firewall environment.
Cisco PIC and legacy ASA 5500 firewalls offer robust user and application policy support, mutlivector assault defense, and secure access services. The enhanced knowledge sharing of consolidated security services in a stand-alone platform offers users implementing these integrated firewalls the benefits of advanced protection, reduced cost of ownership, and smaller maintenance expense.
PIX firewalls and Cisco's ASA 5500 family join IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 family switches, and Cisco 7600 family routers as components of Cisco's versatile, self-contained firewall solutions. Engineered with a scalable, building-block platform, every device is equipped with a particular feature set to provide more efficient protection to a variety of network environments. These products can be individually installed to protect specific facets of a connectivity infrastructure, or can be combined for a systematic, protection-in-depth strategy following the architecture best practices described in Cisco's SAFE Blueprint. Rounding out the integrated firewall solutions, Cisco has developed a complete security management catalog, ranging from Cisco security appliance and IOS Software security components and embedded device managers, to self-contained management programs, helping to make sure that businesses can effectively manage their Cisco protection solution investments.
PIX Firewalls
PIX firewalls deliver reliable user and application policy enforcement, multi-source invasion protection, and safe networking features in economical, out-of-the-box modules. These purpose-built devices offer a wealth of integrated protection and networking services such as process-aware firewall features, Voice over IP and multimedia security, robust multi-site and remote-connectivity IPcec VPN networking, excellent resiliency, smart networking features, and flexible management solutions. The Cisco PIX firewall product line spans compact plug-and-go desktop units for small or at home offices to stackable gigabit products with investment protection for large business and ISP environments, Cisco PIX firewall appliances provide dependable security, performance, and reliability for network environments of any size.
Based around a tested, specialized operating system that offers rich security features, Cisco PIX firewall appliances provide excellent security and have been awarded EAL 4 status and ICSA Labs Firewall and IP Security certification. PIX firewalls offer protection for a wide range of VoIP and other multimedia standards including H.323 v. 4, SIP, SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, enabling organizations to safeguard deployments of a broad array of current and next-generation IP voice and video applications.
PIX firewalls feature a wealth of setup, monitoring, and analysis options, giving businesses the flexibility to use the methods that best meet their needs. Management options include common, policy-based administration tools, integrated web-based management, and compatibility with remote-monitoring standards such as Simple Network Management Protocol and syslog. The integrated ASDM system provides a powerful web-based management platform that significantly streamlines the installation, in-place modification, and tracking of a single Cisco PIX security appliance without requiring any extra software beyond an ordinary browser and Java plug-in to be running on a manager's PC.
Administrators can also remotely configure, monitor, and analyze PIX firewalls using a command-line interface (CLI). Secure command-line interface access is possible using several techniques such as Secure Shell Protocol, Telnet through IP Security, and out-of-band through a console port. Cisco PIX firewall appliances also have dependable auto-update features, a collection of secure remote-administration options that make sure that security configurations and software images are always up to date.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco ASA 5500 Series Firewalls are specially engineered devices that incorporate market-proven, best-of-breed security and Virtual Private Network support with a flexible design. The end product is a robust, multifunction network security solution better able to protect small and medium business and larger networks and, at the same time, lower the overall deployment and maintenance expenses formerly associated with this high degree of protection.
Cisco Adaptive Security Appliances firewalls provide robust application protection through smart, application-sensitive inspection engines that examine traffic at Layers 4-7. The result is a more secure environment including web, voice, and mobile wireless access. To protect environments from application-layer assaults and to offer organizations greater control over the applications and protocols utilized in their networks, Cisco's inspection engines integrate broad application and protocol knowledge and employ protection enforcement technologies that include anomaly detection and application and protocol state monitoring. Also included are attack sensing and mitigation technology including application/protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver management of IM and peer-to-peer file sharing, allowing organizations to police usage policies and conserve network bandwidth for vital business processes.
At the same time as improving security, Cisco ASA 5500 Series firewalls also decrease deployment and operational costs. By offering broad Virtual Private Network and protection services, the Cisco Adaptive Security Appliances 5500 Series firewall can be used as the the only platform for many uses, enabling platform commonality. The Cisco ASA 5500 Series firewall can be deployed as a consolidated attack-prevention appliance at the datacenter by taking advantage of its connectivity control, process inspection, and malware mitigation technologies. The Cisco Adaptive Security Appliances (ASA) firewall can also be used as a specialized remote access solution using its VPN features. As an alternative, the Cisco Adaptive Security Appliances firewall operates capably in the network interior for interdepartmental connectivity management and to defend against malware inside workers might unwittingly introduce into the network. In small business and branch office environments, the Cisco Adaptive Security Appliances 5500 Series firewall acts as an all-in-one platform offering comprehensive intrusion defense and Virtual Private Network functionality while fitting within the budgets and operational models of these deployments.
This versatile single-platform, multiple-solution design reduces the total number of devices that need to be deployed and managed while providing a standard operating and administrative environment across all those installations. This architecture simplifies the education of configuration, monitoring, support, and protection staff. To further minimize operations expenses, Cisco Adaptive Security Appliances 5500 Series firewalls are also exceptionally network aware, enabling them to insert seamlessly into the network without interfering with legitimate data flow and applications.
How Progent's Cisco Certified Experts Can Help You with Cisco PIX and ASA Firewalls
Cisco's ASA Series firewalls and PIX family firewalls incorporate a wealth of setup, monitoring, and analysis options which give you the ability to set up these firewalls to align optimally with your company's needs. Progent's CCIE certified network experts can help you to support your current network infrastructure that incorporates Cisco ASA or PIX security appliances and that offers security, fault tolerance, performance, and recoverability. Progent's firewall experts can also help you to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-premier information security experts can help your business to create a security strategy that makes sense for your situation and can set up your firewall to support your security policies. Progent's risk assessment consultants can evaluate the effectiveness of your existing firewall deployment and help determine the security of your entire information system network. Progent’s Technical Response Center can provide urgent online troubleshooting for Cisco products and can give you quick access to a Cisco expert.
To see additional information about Progent's engineering support for Cisco solutions, pick a topic: