Cisco's PIX family security appliances and Cisco ASA Series firewalls combine comprehensive firewall, intrusion protection, and Virtual Private Network (VPN) functionality in an economical, single-cabinet format. Both of these product families have been replaced by Cisco's ASA 5500-X line of security appliances with Firepower. (Refer to configuration and troubleshooting help with ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation Cisco ASA 5500 model adaptive security appliances are widely deployed and continue to provide small and mid-size companies a viable security environment.
Cisco PIC and legacy ASA 5500 firewalls deliver powerful user and application policy enforcement, mutlivector assault defense, and secure access services. The enhanced knowledge sharing of integrated protection features in a single platform provides users implementing these aggregated solutions the benefits of advanced protection, lower TCO, and smaller management expense.
PIX firewalls and the ASA 5500 family combine with Cisco IOS Firewall, the FWSM for Cisco Catalyst 6500 switches, and Cisco 7600 routers as parts of Cisco's versatile, integrated firewall solutions. Based on a scalable, building-block platform, each device is equipped with a specific array of options to deliver more efficient protection to a variety of network situations. These solutions can be individually installed to secure specific areas of a network infrastructure, or can be grouped for a systematic, defense-in-depth approach following the architecture leading practices outlined in Cisco's SAFE Blueprint. Rounding out the modular firewall solutions, Cisco provides a comprehensive security management product portfolio, ranging from Cisco security appliance and IOS Software security features and embedded device controllers, to standalone management utilities, moving to make sure that customers can effectively use their Cisco protection infrastructure investments.
PIX Security Appliance Series
Cisco PIX firewalls deliver reliable user and application policy enforcement, multi-source invasion protection, and secure connectivity features in cost-effective, out-of-the-box modules. These purpose-built devices offer a broad range of integrated security and networking capabilities including application-aware firewall services, Voice over IP and multimedia security, robust multi-location and remote-access IP Security (IPsec) Virtual Private Network (VPN) networking, high availability, smart networking features, and versatile administration solutions. The Cisco PIX Security Appliance Series family spans small plug-and-play appliances for small or at home offices to stackable high-bandwidth appliances with ROI for enterprise and service-provider customers, PIX Security Appliance Series deliver dependable security, performance, and reliability for environments of any size.
Based around a hardened, purpose-built software platform that delivers a wealth of security features, PIX firewall appliances provide a high level of security and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security certification. Cisco PIX firewall appliances offer protection for a broad array of VoIP and other mixed-media conventions including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol (MGCP), helping businesses to protect installations of a broad range of current and upcoming IP voice and mixed-media applications.
Cisco PIX firewall appliances offer a variety of configuration, monitoring, and analysis features, providing businesses the flexibility to utilize the techniques that best meet their requirements. Management solutions include centralized, policy-based administration tools, integrated web-accessible management, and support for remote-tracking protocols like SNMP and syslog. The integrated Adaptive Security Device Manager interface offers a world-class web-based control solution that greatly streamlines the installation, in-place modification, and tracking of a single PIX security appliance without the need of any additional software other than a standard web browser and Java plug-in to be running on an administrator's PC.
IT managers can furthermore remotely set up, track, and troubleshoot Cisco PIX security appliances using a command-line interface (CLI). Secure command-line interface communication is available through several methods including Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band via a console port. PIX firewall appliances also include robust auto-update capabilities, a collection of protected remote-administration services that ensure security settings and software images are always current.
Cisco ASA Firewalls
Cisco ASA Firewalls are purpose-built solutions that bring together market-proven, best-of-breed protection and VPN services plus a flexible architecture. The result is a robust, multifunction network protection appliance better able to defend small and medium business (SMB) and larger networks and, simultaneously, reduce the overall deployment and operations costs previously required for this high degree of security.
Cisco ASA Firewalls leverage engineering behind Cisco's PIX 500 family firewall, Cisco's IPS 4200 Series sensor, and the VPN 3000 Series concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) Firewall product line to offer a firewall that stops a wide range of threats. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver program security, local containment and control, and safe Virtual Private Network connectivity throughout the entire product portfolio. This broad scope of security allows the guarding of any network segment, including the most common attack vectors like remote sites, locally-attached internal users, and off-site access Virtual Private Networks.
Cisco ASA firewalls deliver robust application protection through intelligent, application-aware inspection engines that analyze traffic at Layers 4-7. This produces a more secure environment including web, voice, and mobile wireless services. To defend networks from application-layer assaults and to offer businesses greater control over the applications and protocols utilized in their networks, Cisco's inspection engines incorporate extensive application and protocol knowledgebases and rely on security enforcement technologies such as protocol anomaly detection and state monitoring. Also incorporated are assault sensing and mitigation techniques such as application/protocol command filters and content verification. Cisco ASA firewall inspection engines also deliver management of IM and peer-to-peer file sharing, allowing organizations to enforce usage policies and conserve bandwidth for crucial business applications.
While improving network protection, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower installation and support expenses. By offering extensive VPN and protection services, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as the the only platform for many uses, allowing platform standardization. The Cisco Adaptive Security Appliances 5500 Series firewall can be used as a converged attack-protection appliance at a central location by taking advantage of its access control, application inspection, and worm, virus, and other malware remediation capabilities. The Cisco Adaptive Security Appliances firewall can also be deployed as a specialized remote access device utilizing its VPN capabilities. As another option, the Cisco ASA firewall performs equally well in the network interior for interdepartmental access control and to guard against malware inside users might unwittingly introduce into the environment. In small business and satellite office networks, the Cisco Adaptive Security Appliances (ASA) firewall serves as an all-in-one device providing comprehensive threat defense and VPN functionality while fitting within the budgets and performance models of these situations.
This adaptive single-device, multiple-solution approach minimizes the number of appliances that need to be installed and maintained while providing a common functional and management environment across all those installations. This approach simplifies the training of configuration, tracking, troubleshooting, and protection staff. To further minimize maintenance costs, Cisco Adaptive Security Appliances firewalls are also exceptionally network aware, allowing these devices to insert seamlessly into the environment without disrupting authorized traffic and processes.
How Progent's Cisco Certified Experts Can Assist Your Business with Cisco Firewalls
Cisco ASA 5500 Series firewalls and PIX firewalls provide a wealth of configuration, tracking, and analysis features which offer you the ability to configure these firewalls to match your business requirements. Progent's CCIE authorized network experts can assist you to maintain your existing infrastructure that includes Cisco ASA and/or PIX security appliances and that offers protection, resilience, performance, and manageability. Progent can also assist your organization to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-certified information security experts can help your business to create a security policy that makes sense for your environment and can set up your PIX or ASA firewall to enforce your security policies. Progent's security evaluation engineers can evaluate the strength of your existing firewall solution and validate the overall security of your whole IT network. Progentís Help Desk Call Center can deliver urgent remote troubleshooting for Cisco technology and can give you quick access to a Cisco CCIE network engineer.
For more details about Progent's consulting support for Cisco products, select a topic:
To get in touch with Progent about technical expertise for Cisco networking, phone 1-800-993-9400 or see Contact Progent.