Cisco PIX family firewalls and ASA Series adaptive security appliances integrate next-generation firewall, intrusion protection, and Virtual Private Network (VPN) features in an economical, single-cabinet format. Both product families have been superseded by the ASA 5500-X line of firewalls with Firepower Services. (See integration and troubleshooting expertise for ASA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and first-generation ASA 5500 Series firewalls are widely used and continue to offer small and mid-size companies a reliable security environment.
Cisco PIC and legacy ASA 5500 firewalls deliver robust user and application policy enforcement, mutlivector assault protection, and secure access services. The increased knowledge sharing of consolidated protection services in a stand-alone platform provides users implementing these aggregated firewalls the benefits of enhanced security, lower cost of ownership, and minimal management costs.
PIX security appliances and the ASA 5500 product line combine with Cisco IOS Firewall, the FWSM for Cisco Catalyst 6500 Series switches, and 7600 Series routers as parts of Cisco's flexible, self-contained firewall product. Based on an expandable, modular platform, each device is designed with a specific feature set to deliver more efficient security to a variety of networking environments. These solutions can be independently deployed to protect certain areas of a network environment, or can be grouped for a layered, protection-in-depth approach based on the architecture leading practices outlined in Cisco's SAFE framework. Rounding out the integrated firewall solutions, Cisco has developed a complete security management product portfolio, spanning Cisco security appliance and IOS security features and built-in appliance managers, to standalone management utilities, moving to ensure that customers can effectively manage their Cisco security solution purchases.
PIX Security Appliance Series
PIX Security Appliance Series offer reliable user and application policy enforcement, multi-source attack protection, and safe connectivity features in economical, simple-to-configure solutions. These purpose-built devices provide a broad range of integrated protection and networking capabilities including application-aware firewall services, Voice over IP (VoIP) and multimedia security, reliable multi-location and remote-access IP Security (IPsec) VPN connectivity, fault tolerance, smart networking features, and versatile management options. The PIX firewall Appliance family ranges from small plug-and-go desktop units for small or at home offices to modular high-bandwidth products with ROI for enterprise and ISP customers, PIX Security Appliance Series deliver dependable protection, speed, and availability for networks of all sizes.
Based around a tested, specialized software platform that offers a wealth of protection services, Cisco PIX firewall appliances provide a high level of security and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IPsec qualification. PIX security appliances provide security for a wide range of VoIP and other mixed-media standards including H.323 v. 4, SIP, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and MGCP, enabling businesses to protect deployments of a broad array of contemporary and upcoming VoIP and mixed-media applications.
PIX security appliances offer a wealth of setup, tracking, and troubleshooting options, giving IT managers the versatility to use the methods that most closely match their needs. Management options include centralized, policy-based administration utilities, integrated web-accessible administration, and compatibility with remote-monitoring protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager system offers a world-class web-accessible management solution that significantly simplifies the installation, ongoing modification, and tracking of a single Cisco PIX firewall appliance without requiring any additional software beyond a standard browser and Java applet to be running on a manager's computer.
IT managers can furthermore remotely configure, track, and analyze PIX firewalls using a command-line interface (CLI). Secure command-line interface (CLI) communication is possible through several techniques such as Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band via a console port. Cisco PIX firewalls also include robust automatic-update capabilities, a set of secure remote-management services that make sure that security configurations and software images are kept up to date.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are purpose-built solutions that bring together market-proven, industry-leading protection and VPN support with a flexible architecture. The end product is a powerful, versatile network security solution better able to protect small and midsize business (SMB) and larger networks and, at the same time, reduce the total deployment and operations costs previously associated with this enhanced degree of security.
Cisco Adaptive Security Appliances 5500 Series firewalls provide robust application security through intelligent, application-aware inspection engines that analyze network flows at Layers 4-7. This results in a safer environment covering web, voice, and mobile wireless access. To protect networks against application-layer attacks and to offer businesses greater control over the applications and protocols utilized in their environments, Cisco's inspection engines integrate broad application and protocol knowledgebases and employ protection enforcement solutions such as protocol anomaly detection and application and protocol state tracking. Also included are assault detection and remediation techniques such as application/protocol command filtering and URL deobfuscation. Cisco ASA firewall inspection engines also deliver control over IM and tunneling applications, enabling organizations to police usage policies and recover bandwidth for crucial business applications.
While increasing network security, Cisco Adaptive Security Appliances (ASA) firewalls also decrease installation and support expenses. By offering broad VPN and protection services, the Cisco Adaptive Security Appliances firewall can be used as the the only platform for a multitude of uses, allowing platform standardization. The Cisco Adaptive Security Appliances firewall can be deployed as a converged threat-protection appliance at a central location by leveraging its connectivity control, application inspection, and worm, virus, and other malware mitigation technologies. The Cisco Adaptive Security Appliances (ASA) firewall can also be used as a specialized remote connectivity device utilizing its Virtual Private Network capabilities. Alternatively, the Cisco ASA firewall performs equally well inside the network for inter-office connectivity management and to guard against worms, viruses, and other malicious code internal workers might inadvertently introduce into the network. In small company and satellite office networks, the Cisco Adaptive Security Appliances (ASA) firewall acts as an all-in-one platform providing comprehensive intrusion defense and VPN services while fitting within the cost structure and operational models of these deployments.
This adaptive single-device, many-solution approach reduces the number of appliances that need to be installed and maintained while providing a common operating and management system throughout all those deployments. This approach simplifies the training of setup, tracking, support, and protection staff. To further reduce maintenance costs, Cisco ASA 5500 Series firewalls are also exceptionally network conscious, allowing them to integrate seamlessly into the network without disrupting legitimate traffic and applications.
How Progent Can Help Your Business with Cisco PIX and ASA Firewalls
Cisco ASA Series adaptive security appliances and PIX firewalls provide a wealth of setup, monitoring, and analysis options which offer you the ability to configure these security appliances to match your business requirements. Progent's CCIE authorized network professionals can assist you to maintain your existing network infrastructure that incorporates Cisco ASA or PIX firewall technology and that provides protection, fault tolerance, throughput, and recoverability. Progent's firewall experts can also assist you to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-certified information security consultants can assist you to create a security policy that makes sense for your business and can set up your PIX or ASA firewall to support your security strategy. Progent's risk assessment professionals can evaluate the strength of your existing firewall deployment and help determine the overall security of your whole IT environment. Progent’s Technical Response Center can deliver urgent remote troubleshooting for Cisco technology and offer quick access to a Cisco expert.
For additional information concerning Progent's engineering support for Cisco technology, pick a subject: