Cisco PIX firewalls and ASA Series adaptive security appliances combine next-generation firewall, intrusion defense, and Virtual Private Network (VPN) features in a cost-effective, single-cabinet package. Both of these product families have been superseded by the ASA 5500-X family of security appliances with Firepower Services. (Refer to configuration and troubleshooting expertise for Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and earlier-generation Cisco ASA 5500 model firewalls are extensively used and continue to deliver small and mid-size organizations a reliable security solution.
PIX and the original ASA 5500 firewalls deliver robust client and program policy enforcement, mutlivector assault defense, and safe connectivity features. The enhanced intelligence sharing of consolidated protection features in a stand-alone package provides customers deploying these integrated solutions the advantages of advanced protection, reduced TCO, and smaller maintenance costs.
PIX security appliances and the ASA 5500 product line combine with IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 Series switches, and 7600 family routers as parts of Cisco's flexible, self-contained firewall solutions. Based on a scalable, building-block approach, every offering is equipped with a specific feature set to deliver more efficient security to different networking situations. These solutions can be independently deployed to secure certain facets of the connectivity environment, or can be grouped for a systematic, defense-in-depth strategy following the design best practices described in the Cisco SAFE framework. Rounding out the modular firewall product line, Cisco has developed a comprehensive security management offering, ranging from Cisco security appliance and Cisco IOS security components and built-in appliance managers, to standalone management applications, helping to make sure that businesses can productively manage their Cisco security solution purchases.
PIX Firewall Appliances
PIX firewalls offer reliable policy enforcement, multi-source invasion defense, and secure connectivity features in cost-effective, simple-to-configure solutions. These specialized devices offer a broad range of integrated security and networking capabilities including application-aware firewall features, Voice over IP and multimedia protection, robust multi-location and remote-connectivity IP Security Virtual Private Network (VPN) networking, high availability, intelligent networking services, and versatile administration options. The PIX firewall product line ranges from small plug-and-play desktop units for small offices and home offices to modular gigabit appliances with investment protection for enterprise and ISP customers, PIX firewall appliances deliver dependable protection, performance, and reliability for networks of any size.
Based around a tested, purpose-built software platform that delivers a wealth of protection services, PIX firewalls offer a high level of security and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security (IPsec) qualification. PIX security appliances provide security for a broad array of VoIP and other multimedia conventions including H.323 v. 4, SIP, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and MGCP, helping organizations to safeguard deployments of a broad array of contemporary and next-generation VoIP and video applications.
Cisco PIX firewall appliances offer a variety of setup, monitoring, and troubleshooting options, providing IT managers the flexibility to use the techniques that best match their needs. Administrative solutions include common, policy-based administration tools, integrated web-accessible administration, and support for remote-monitoring protocols such as Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a world-class web-based management solution that significantly streamlines the installation, in-place configuration, and monitoring of a single Cisco PIX firewall without the need of any additional software beyond a standard browser and Java applet to be installed on an administrator's computer.
Administrators can furthermore remotely configure, monitor, and troubleshoot Cisco PIX security appliances using a command-line interface. Safe command-line interface communication is possible through several techniques such as Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewalls also include dependable auto-update capabilities, a set advanced secure remote-administration options that make sure that firewall configurations and software images are always current.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco ASA 5500 Series Firewalls are specially engineered devices that incorporate market-proven, best-of-breed security and VPN services with an adaptive design. The end product is a robust, multifunction network protection solution better able to protect small and medium business and larger networks and, simultaneously, lower the overall deployment and maintenance costs previously associated with this high level of protection.
Cisco ASA 5500 Series Firewalls leverage engineering developed for the Cisco PIX 500 firewall, the Cisco IPS 4200 Series Intrusion Prevention System, and the Cisco VPN 3000 Series concentrator. These solutions enable the Cisco Adaptive Security Appliances (ASA) Firewall product line to deliver a firewall that stops a broad range of threats. Cisco ASA 5500 Series Firewalls deliver program security, local containment, and clean Virtual Private Network functionality throughout the entire product portfolio. This breadth of protection enables defense of any network area, including the most common threat vectors like remote sites, locally-connected inside users, and remote access VPNs.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide a high-level of application protection via intelligent, application-aware inspection engines that examine network flows at Layers 4-7. This results in a safer network including web, voice, and mobile wireless access. To defend networks from application-layer attacks and to give organizations greater control over the programs and protocols used in their networks, these inspection engines incorporate broad application and protocol knowledgebases and employ protection enforcement solutions that include protocol anomaly sensing and application and protocol state monitoring. Also incorporated are assault sensing and mitigation technology including application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also provide management of instant messaging and tunneling applications, allowing businesses to police usage policies and recover bandwidth for critical business processes.
While improving network protection, Cisco Adaptive Security Appliances firewalls also lower deployment and support expenses. By offering broad VPN and security services, the Cisco Adaptive Security Appliances firewall can be a single device for many environments, enabling product commonality. The Cisco Adaptive Security Appliances firewall can be deployed as a consolidated threat-protection device at a central location by leveraging its connectivity control, application inspection, and malware remediation technologies. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can also be used as a dedicated remote connectivity solution utilizing its Virtual Private Network features. As an alternative, the Cisco Adaptive Security Appliances 5500 Series firewall serves equally well in the network interior for interdepartmental access control and to guard against worms, viruses, and other malicious code inside workers may unwittingly introduce into the network. In small business and branch office networks, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall acts as a total solution platform offering comprehensive threat defense and VPN functionality while fitting within the cost structure and performance models of these deployments.
This adaptive one-platform, multiple-use design minimizes the total number of devices that need to be installed and managed while providing a common functional and administrative system throughout all deployments. This architecture streamlines the training of configuration, monitoring, troubleshooting, and security staff. To further minimize maintenance costs, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also highly network conscious, enabling them to insert seamlessly into the network without interfering with authorized traffic and processes.
How Progent's Consultants Can Help Your Business with Cisco Firewalls
Cisco ASA 5500 Series adaptive security appliances and PIX firewalls incorporate an array of setup, monitoring, and troubleshooting options which offer you the ability to set up these security appliances to align optimally with your business requirements. Progent's CCIE authorized network experts can show you how to support your current network infrastructure that incorporates Cisco ASA or PIX firewall technology and that provides protection, resilience, throughput, and recoverability. Progent can also assist you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-premier information security engineers can help your business to create a security strategy that makes sense for your environment and can configure your firewall to enforce your security strategy. Progent's risk evaluation engineers can evaluate the strength of your existing firewall deployment and audit the security of your entire IT environment. Progentís Help Desk Call Center can provide urgent remote troubleshooting for Cisco products and can give you fast access to a Cisco network engineer.
To see more details about Progent's professional help for Cisco technology, pick a topic:
To ask Progent about consulting help for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.