Cisco PIX family firewalls and ASA Series adaptive security appliances combine next-generation firewall, intrusion protection, and Virtual Private Network (VPN) functionality in an economical, single-box package. Both product families have been superseded by Cisco's ASA 5500-X line of security appliances with Firepower Services. (See configuration and troubleshooting help with ASA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and previous-generation ASA 5500 Series adaptive security appliances are extensively deployed and continue to deliver small and mid-size companies a reliable security solution.
PIX and the original ASA 5500 firewalls deliver powerful client and program policy support, mutlivector attack defense, and safe connectivity services. The enhanced knowledge sharing of consolidated security services in a stand-alone package provides customers deploying these aggregated solutions the advantages of enhanced protection, reduced TCO, and smaller management costs.
PIX security appliances and the ASA 5500 product line combine with Cisco IOS Firewall, the FWSM for Cisco Catalyst 6500 switches, and Cisco 7600 routers as components of Cisco's flexible, self-contained firewall line. Based on a scalable, building-block approach, each offering is equipped with a specific array of options to provide more efficient protection to a variety of network environments. These solutions can be independently deployed to protect certain areas of a connectivity infrastructure, or can be grouped for a systematic, protection-in-depth approach following the architecture leading practices outlined in Cisco's SAFE framework. Rounding out the modular firewall solutions, Cisco provides a comprehensive security management offering, spanning Cisco security appliance and Cisco IOS Software security components and built-in device controllers, to standalone management utilities, helping to ensure that businesses can effectively use their Cisco protection infrastructure purchases.
PIX Firewall Appliances
Cisco PIX firewalls offer robust user and application policy enforcement, multivector invasion defense, and secure connectivity services in affordable, easy-to-deploy modules. These purpose-built devices provide a broad range of integrated security and connectivity capabilities including application-aware firewall services, Voice over IP (VoIP) and multimedia security, robust multi-location and remote-access IP Security Virtual Private Network networking, excellent resiliency, smart networking features, and flexible administration options. The PIX Security Appliance Series family spans compact plug-and-go desktop units for small or at home offices to modular high-bandwidth appliances with investment protection for large business and service-provider environments, PIX Security Appliance Series deliver high levels of security, performance, and reliability for environments of all sizes.
Built around a tested, specialized software platform that delivers a wealth of protection features, PIX firewall appliances provide a high level of protection and have earned EAL 4 status and ICSA Firewall and IP Security qualification. PIX security appliances provide security for a wide array of VoIP and additional mixed-media conventions such as H.323 v. 4, SIP, SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, helping businesses to safeguard installations of a broad array of current and next-generation Voice over IP and mixed-media applications.
PIX firewalls feature a variety of configuration, monitoring, and analysis features, giving businesses the flexibility to utilize the methods that most closely meet their needs. Management options include centralized, policy-based administration utilities, integrated web-accessible administration, and compatibility with remote-monitoring standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM system offers a world-class web-based control solution that significantly simplifies the deployment, in-place modification, and tracking of a specific Cisco PIX firewall appliance without requiring any extra utility beyond an ordinary browser and Java applet to be installed on a manager's PC.
Administrators can furthermore remotely set up, monitor, and troubleshoot PIX firewall appliances via a command-line interface (CLI). Safe command-line interface communication is possible using several techniques including Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band through a console port. Cisco PIX firewalls also include dependable automatic-update features, a set advanced secure remote-administration services that make sure that firewall configurations and software images are kept current.
Cisco Adaptive Security Appliances (ASA) Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls are specially engineered solutions that incorporate advanced, industry-leading security and VPN services plus an adaptive architecture. The end product is a powerful, multifunction network protection solution better suited to protect small and midsize company and enterprise networks and, simultaneously, reduce the overall installation and maintenance expenses previously associated with this enhanced degree of security.
Cisco ASA Firewalls build on technology developed for Cisco's PIX 500 firewall, the Cisco IPS 4200 Intrusion Prevention System, and Cisco's VPN 3000 Series concentrator. These solutions enable the Cisco ASA 5500 Series Firewall family to offer a firewall that defends against a broad range of threats. Cisco ASA 5500 Series Firewalls deliver program security, local containment and control, and clean Virtual Private Network functionality throughout the entire product portfolio. This broad scope of protection enables the guarding of any network area, which includes the most typical threat conduits such as remote sites, LAN-connected internal users, and remote connected Virtual Private Networks.
Cisco Adaptive Security Appliances 5500 Series firewalls provide robust application security via intelligent, application-aware inspection processes that analyze traffic at Layers 4-7. This produces a more secure network including web, voice, and mobile wireless services. To defend networks against application-layer assaults and to give organizations greater policing of the applications and protocols utilized in their networks, Cisco's inspection engines integrate broad application and protocol knowledge and rely on protection enforcement solutions that include anomaly sensing and state tracking. Also incorporated are attack sensing and mitigation technology such as application/protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide control over IM and tunneling applications, enabling organizations to enforce usage policies and recover bandwidth for critical business applications.
At the same time as increasing network protection, Cisco ASA firewalls also lower deployment and support costs. By providing broad VPN and security services, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as the single device for many environments, enabling product standardization. The Cisco Adaptive Security Appliances 5500 Series firewall can be deployed as a consolidated attack-prevention appliance at the datacenter by taking advantage of its access control, process inspection, and malicious assault mitigation technologies. The Cisco Adaptive Security Appliances firewall can also be used as a dedicated remote access solution using its VPN features. As another option, the Cisco Adaptive Security Appliances (ASA) firewall performs capably inside the network for interdepartmental access management and to guard against malware internal users may unwittingly introduce into the environment. In small business and satellite office environments, the Cisco Adaptive Security Appliances (ASA) firewall acts as an all-in-one device offering complete intrusion defense and VPN services while suiting the budgets and performance models of such situations.
This adaptive single-device, multiple-solution design minimizes the number of appliances that must be installed and managed while offering a standard operating and administrative system across all deployments. This approach simplifies the training of configuration, tracking, troubleshooting, and security staff. To further minimize operations expenses, Cisco Adaptive Security Appliances firewalls are also highly network conscious, allowing these devices to insert seamlessly into the network without disrupting authorized traffic and applications.
How Progent's Cisco Certified Experts Can Help Your Business with Cisco PIX and ASA Security Appliances
Cisco's ASA Series firewalls and PIX security appliances incorporate a wealth of setup, monitoring, and analysis options that give you the flexibility to deploy these firewalls to align optimally with your business requirements. Progent's CCIE authorized network consultants can help you to maintain your current network infrastructure that includes Cisco ASA and/or PIX firewalls and that provides security, resilience, performance, and manageability. Progent's firewall experts can also help you to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-premier information security engineers can help your business to develop a security policy that makes sense for your environment and can set up your PIX or ASA firewall to support your security policies. Progent's security evaluation consultants can evaluate the effectiveness of your existing firewall deployment and validate the security of your whole IT network. Progentís Technical Response Center can provide emergency online troubleshooting for Cisco technology and can give you fast access to a Cisco CCIE network engineer.
To see additional information concerning Progent's engineering assistance for Cisco solutions, pick a subject:
To get in touch with Progent about professional help for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.