Cisco PIX security appliances and ASA 5500 Series firewalls combine comprehensive firewall, intrusion defense, and Virtual Private Network (VPN) functionality in a cost-effective, single-box format. Both product lines have been replaced by Cisco's ASA 5500-X series of security appliances with Firepower. (See integration and debugging help with Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and previous-generation Cisco ASA 5500 model firewalls are extensively deployed and continue to provide small and mid-size organizations a viable firewall solution.
Cisco PIC and legacy ASA 5500 firewalls offer powerful user and application policy support, mutlivector assault defense, and safe connectivity services. The enhanced knowledge sharing of integrated security services in a single platform provides customers implementing these aggregated firewalls the benefits of enhanced security, lower TCO, and minimal management costs.
PIX security appliances and the ASA 5500 Series join Cisco IOS Firewall, the Firewall Services Module for Catalyst 6500 Series switches, and Cisco 7600 routers as parts of Cisco's versatile, self-contained firewall line. Based on an expandable, modular platform, every device is equipped with a specific feature set to deliver better security to a variety of networking environments. These products can be independently installed to protect specific facets of the network infrastructure, or can be combined for a layered, defense-in-depth strategy following the architecture leading practices described in the Cisco SAFE framework. Rounding out the integrated firewall product line, Cisco provides a comprehensive security management product portfolio, ranging from Cisco security appliance and Cisco IOS Software security features and built-in device managers, to self-contained management applications, helping to make sure that customers can productively use their Cisco security infrastructure purchases.
Cisco PIX Firewalls
Cisco PIX Security Appliance Series offer robust user and application policy enforcement, multi-source invasion defense, and secure networking services in cost-effective, simple-to-configure modules. These specialized devices offer a wealth of integrated security and connectivity capabilities such as process-aware firewall features, Voice over IP (VoIP) and multimedia security, reliable site-to-site and remote-access IP Security (IPsec) VPN connectivity, excellent resiliency, intelligent networking features, and flexible management solutions. The Cisco PIX Security Appliance Series product line spans small plug-and-go appliances for small offices and at home offices to modular gigabit appliances with investment protection for large business and ISP customers, Cisco PIX firewall appliances provide dependable security, speed, and availability for networks of all sizes.
Based around a hardened, purpose-built OS that offers a wealth of protection services, Cisco PIX security appliances offer excellent protection and have received EAL 4 status and ICSA Firewall and IP Security qualification. PIX firewall appliances provide protection for a wide array of Voice over IP and other multimedia standards such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol, helping organizations to safeguard deployments of a broad array of contemporary and upcoming VoIP and multimedia applications.
Cisco PIX security appliances offer a variety of setup, monitoring, and analysis options, giving IT managers the versatility to use the methods that best meet their needs. Administrative solutions include common, policy-based management utilities, integrated web-accessible administration, and support for remote-tracking standards like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a world-class web-based management solution that significantly simplifies the installation, ongoing modification, and tracking of a single PIX firewall without the need of any additional software other than an ordinary web browser and Java plug-in to be running on an administrator's computer.
Administrators can also remotely configure, monitor, and analyze Cisco PIX security appliances via a command-line interface (CLI). Safe CLI interface access is possible through several techniques including Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. PIX firewall appliances also include robust automatic-update features, a set of protected remote-management services that ensure firewall configurations and software images are always up to date.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are specially engineered solutions that bring together market-proven, industry-leading security and VPN services plus an adaptive architecture. The result is a robust, versatile network security solution better able to protect small and medium business (SMB) and larger networks and, simultaneously, lower the overall installation and maintenance expenses previously required for this enhanced degree of security.
Cisco Adaptive Security Appliances Firewalls build on technology behind the Cisco PIX 500 Security Appliance, the Cisco IPS 4200 Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These solutions converge on the Cisco ASA 5500 Series Firewall family to offer a platform that defends against a broad range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver application protection, network containment and control, and clean VPN functionality throughout Cisco's product line. This breadth of protection allows the guarding of any network section, including the most common threat vectors like remote sites, locally-attached inside users, and off-site access Virtual Private Networks.
Cisco Adaptive Security Appliances firewalls provide a high-level of application security via intelligent, application-sensitive inspection processes that analyze network flows at Layers 4-7. This results in a better protected environment covering web, voice, and mobile wireless connectivity. To protect environments from application-layer assaults and to give organizations greater control over the programs and protocols used in their networks, these inspection engines integrate broad application and protocol knowledge and rely on protection enforcement solutions that include protocol anomaly detection and application and protocol state monitoring. Also incorporated are assault sensing and remediation techniques including application/protocol command filtering and content verification. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver management of instant messaging and peer-to-peer file sharing, allowing businesses to police usage policies and preserve network bandwidth for vital business applications.
At the same time as increasing network protection, Cisco Adaptive Security Appliances 5500 Series firewalls also lower deployment and support expenses. By providing extensive VPN and protection services, the Cisco Adaptive Security Appliances 5500 Series firewall can be a the only platform for a multitude of environments, allowing platform commonality. The Cisco Adaptive Security Appliances firewall can be deployed as a converged threat-prevention appliance at a central location by leveraging its connectivity control, process inspection, and malware remediation technologies. The Cisco Adaptive Security Appliances (ASA) firewall can also be deployed as a specialized remote connectivity device using its VPN capabilities. As an alternative, the Cisco ASA 5500 Series firewall performs equally well in the network interior for inter-office connectivity control and to guard against malware internal workers might unwittingly introduce into the environment. In small company and satellite office networks, the Cisco Adaptive Security Appliances 5500 Series firewall serves as an all-in-one device offering complete intrusion prevention and Virtual Private Network services while suiting the budgets and performance models of these deployments.
This versatile single-device, many-solution design reduces the number of appliances that need to be deployed and maintained while providing a standard operating and management system across all those installations. This approach simplifies the education of configuration, monitoring, troubleshooting, and protection personnel. To further reduce maintenance costs, Cisco Adaptive Security Appliances (ASA) firewalls are also highly network conscious, enabling these devices to integrate gracefully into the network without interfering with legitimate data flow and processes.
How Progent's Consultants Can Assist Your Business with Cisco PIX and ASA Firewalls
Cisco's ASA Series firewalls and PIX firewalls provide a wealth of setup, tracking, and troubleshooting features that offer you the ability to set up these firewalls to match your business needs. Progent's CCIE certified network experts can show you how to support your existing infrastructure that includes Cisco ASA and/or PIX firewalls and that provides security, resilience, throughput, and recoverability. Progent can also help your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-premier IS security engineers can help your business to develop a security policy appropriate for your business and can configure your security appliance to enforce your security policies. Progent's security assessment engineers can assess the effectiveness of your existing firewall solution and validate the security of your whole information system environment. Progentís Technical Response Center can deliver urgent remote troubleshooting for Cisco products and offer quick access to a Cisco expert.
To see more details about Progent's consulting help for Cisco solutions, select a topic:
If you wish to ask Progent about technical support for Cisco products, phone 1-800-993-9400 or see Contact Progent.