Cisco's PIX security appliances and Cisco ASA 5500 Series adaptive security appliances combine comprehensive firewall, intrusion protection, and VPN features in a cost-effective, one-box package. Both of these product families have been superseded by Cisco's ASA 5500-X series of security appliances with Firepower. (Refer to integration and troubleshooting expertise for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and previous-generation ASA 5500 model firewalls are widely used and continue to offer small and mid-size organizations a viable security environment.
PIX and legacy ASA 5500 firewalls deliver robust user and application policy support, mutlivector attack defense, and secure access features. The enhanced intelligence sharing of consolidated security services in a stand-alone platform provides customers deploying these aggregated firewalls the benefits of advanced security, reduced TCO, and smaller management costs.
Cisco PIX security appliances and the ASA 5500 family join Cisco IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 family switches, and Cisco 7600 routers as parts of Cisco's versatile, self-contained firewall line. Engineered with a scalable, building-block platform, every offering is designed with a particular feature set to provide more efficient security to different networking situations. These products can be independently installed to protect certain facets of a network environment, or can be grouped for a layered, defense-in-depth strategy following the architecture leading practices outlined in the Cisco SAFE Blueprint. Completing the modular firewall solutions, Cisco provides a comprehensive security management catalog, ranging from Cisco security device and IOS security components and embedded appliance controllers, to standalone management utilities, helping to make sure that customers can productively manage their Cisco protection solution purchases.
Cisco PIX Firewalls
Cisco PIX Security Appliance Series deliver robust user and application policy support, multivector invasion defense, and safe connectivity services in economical, simple-to-configure modules. These specialized appliances offer a broad range of integrated security and connectivity services including process-aware firewall features, Voice over IP and multimedia security, robust site-to-site and remote-connectivity IP Security (IPsec) VPN connectivity, fault tolerance, smart networking features, and flexible management options. The PIX firewall Appliance product line ranges from small plug-and-go desktop units for small or home offices to stackable gigabit appliances with ROI for enterprise and service-provider customers, Cisco PIX firewall appliances provide high levels of protection, speed, and reliability for environments of any size.
Built around a tested, specialized operating system that offers rich security services, PIX firewall appliances offer excellent security and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec qualification. PIX security appliances offer security for a wide range of VoIP and other mixed-media standards such as H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and MGCP, enabling organizations to safeguard deployments of a broad range of current and upcoming VoIP and video applications.
Cisco PIX firewalls offer a variety of setup, tracking, and analysis options, providing IT managers the versatility to use the methods that best match their needs. Management options include centralized, policy-based management utilities, integrated web-accessible management, and support for remote-tracking protocols like SNMP and syslog. The integrated ASDM interface provides a powerful web-based control platform that greatly streamlines the deployment, ongoing configuration, and monitoring of a single PIX firewall appliance without requiring any extra software beyond a standard browser and Java applet to be running on a manager's computer.
IT managers can also remotely set up, track, and analyze Cisco PIX firewall appliances via a command-line interface. Safe command-line interface communication is possible through a number of methods such as Secure Shell (SSHv2) Protocol, Telnet through IPsec, and out-of-band via a console port. PIX firewalls also have dependable automatic-update features, a collection advanced protected remote-administration services that ensure firewall settings and software images are kept current.
Cisco ASA 5500 Series Firewalls
Cisco ASA 5500 Series Firewalls are purpose-built solutions that bring together market-proven, industry-leading security and VPN support plus an adaptive design. The end product is a robust, multifunction network security appliance better suited to defend small and medium business (SMB) and enterprise networks and, simultaneously, reduce the total deployment and maintenance costs previously required for this enhanced degree of security.
Cisco ASA Firewalls build on engineering developed for the PIX 500 family firewall, the Cisco IPS 4200 Series sensor, and the VPN 3000 Series concentrator. These solutions enable the Cisco ASA Firewall product line to deliver a platform that stops a broad range of threats. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver application protection, local containment and control, and safe Virtual Private Network connectivity across Cisco's product line. This broad scope of protection allows defense of any network area, including the most common threat conduits such as remote locations, locally-connected internal users, and remote access Virtual Private Networks.
Cisco ASA firewalls provide a high-level of application protection via intelligent, application-aware inspection engines that examine network flows at Layers 4-7. This results in a safer environment including web, voice, and mobile wireless access. To defend networks against application-layer assaults and to offer businesses more policing of the applications and protocols used in their networks, these inspection engines integrate extensive application and protocol knowledgebases and rely on security enforcement solutions such as protocol anomaly detection and application and protocol state monitoring. Also incorporated are assault detection and remediation techniques such as application/protocol command filtering and content verification. Cisco ASA firewall inspection engines also deliver control over IM and tunneling applications, allowing businesses to police usage policies and preserve network bandwidth for crucial business applications.
While improving security, Cisco Adaptive Security Appliances (ASA) firewalls also lower installation and support costs. By providing extensive VPN and security services, the Cisco Adaptive Security Appliances 5500 Series firewall can be used as the the only platform for a multitude of uses, allowing product standardization. The Cisco ASA firewall can be deployed as a consolidated attack-protection appliance at a central location by leveraging its connectivity control, application inspection, and worm, virus, and other malware remediation capabilities. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can also be deployed as a dedicated remote connectivity device using its Virtual Private Network features. As another option, the Cisco ASA firewall performs capably inside the network for inter-office connectivity management and to guard against worms, viruses, and other malicious code inside users may unwittingly introduce into the environment. For small company and branch office environments, the Cisco Adaptive Security Appliances firewall serves as an all-in-one device providing comprehensive threat prevention and Virtual Private Network services while suiting the budgets and operational models of such deployments.
This versatile one-platform, multiple-solution approach minimizes the total number of appliances that need to be installed and managed while offering a common functional and management system throughout all installations. This approach simplifies the training of setup, tracking, troubleshooting, and security personnel. To further reduce operations costs, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also highly network aware, enabling them to integrate seamlessly into the network without disrupting legitimate traffic and processes.
How Progent's Cisco Certified Experts Can Assist You with Cisco Firewalls
Cisco's ASA Series adaptive security appliances and PIX family firewalls provide an array of setup, monitoring, and troubleshooting features which offer you the flexibility to deploy these firewalls to align optimally with your business needs. Progent's CCIE certified network professionals can help you to maintain your existing infrastructure that incorporates Cisco ASA and/or PIX firewalls and that offers protection, fault tolerance, performance, and manageability. Progent can also assist you to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified information security experts can help you to develop a security policy appropriate for your business and can configure your firewall to support your security policies. Progent's security assessment professionals can evaluate the strength of your current firewall solution and help determine the security of your whole IT network. Progentís Technical Response Center can deliver urgent online technical support for Cisco technology and can give you fast access to a Cisco CCIE network engineer.
To see additional details concerning Progent's engineering expertise for Cisco technology, choose a topic:
If you wish to ask Progent about technical assistance for Cisco products, call 1-800-993-9400 or go to Contact Progent.