Cisco PIX security appliances and Cisco ASA Series firewalls integrate comprehensive firewall, intrusion protection, and Virtual Private Network (VPN) features in an affordable, single-cabinet package. Both product families have been replaced by the ASA 5500-X series of security appliances with Firepower Services. (See integration and troubleshooting expertise for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and earlier-generation ASA 5500 model adaptive security appliances are extensively used and continue to deliver small and mid-size organizations a viable security environment.
Cisco PIC and the original ASA 5500 firewalls offer robust user and program policy enforcement, mutlivector attack protection, and secure access services. The enhanced knowledge sharing of consolidated protection features in a stand-alone package provides customers implementing these aggregated firewalls the advantages of advanced protection, reduced cost of ownership, and minimal management costs.
PIX firewalls and the ASA 5500 product line combine with Cisco IOS Firewall, the FWSM for Cisco Catalyst 6500 Series switches, and Cisco 7600 family routers as components of Cisco's flexible, self-contained firewall product. Based on an expandable, modular platform, every device is equipped with a particular array of options to provide better security to different network environments. These products can be individually deployed to secure specific areas of the network environment, or can be grouped for a layered, protection-in-depth strategy following the design best practices described in the Cisco SAFE framework. Completing the integrated firewall product line, Cisco has developed a comprehensive security management catalog, ranging from Cisco security appliance and IOS security features and embedded appliance controllers, to standalone management programs, moving to ensure that customers can effectively use their Cisco protection solution purchases.
Cisco PIX Firewalls
PIX firewall appliances offer reliable user and application policy enforcement, multivector invasion protection, and safe connectivity features in economical, simple-to-configure solutions. These specialized devices provide a broad range of integrated security and connectivity services such as application-aware firewall services, Voice over IP and multimedia protection, reliable multi-site and remote-connectivity IP Security (IPsec) Virtual Private Network networking, excellent resiliency, smart networking services, and versatile management solutions. The PIX Security Appliance Series product line spans compact plug-and-go devices for small and at home offices to modular gigabit appliances with ROI for enterprise and service-provider environments, PIX firewall appliances deliver high levels of protection, speed, and availability for network environments of all sizes.
Based around a hardened, specialized software platform that offers a wealth of security features, Cisco PIX security appliances provide excellent protection and have earned EAL 4 status and ICSA Firewall and IP Security (IPsec) qualification. PIX firewalls offer security for a broad range of Voice over IP and additional multimedia standards such as H.323 Version 4, Session Initiation Protocol, SCCP, RTSP, and MGCP, enabling organizations to protect deployments of a wide array of current and upcoming VoIP and multimedia applications.
Cisco PIX firewalls offer a variety of configuration, tracking, and troubleshooting options, giving businesses the versatility to utilize the methods that best match their needs. Management solutions include common, policy-based management utilities, integrated web-accessible administration, and compatibility with remote-tracking standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM system offers a world-class web-based control solution that significantly streamlines the installation, ongoing configuration, and monitoring of a single Cisco PIX firewall without requiring any extra software other than an ordinary web browser and Java applet to be running on a manager's PC.
Administrators can furthermore remotely set up, track, and troubleshoot Cisco PIX security appliances using a command-line interface (CLI). Secure CLI interface access is available using a number of methods such as Secure Shell Protocol, Telnet over IP Security, and out-of-band via a console port. Cisco PIX security appliances also include robust automatic-update capabilities, a set of secure remote-administration options that make sure that firewall configurations and software images are kept up to date.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are purpose-built solutions that bring together advanced, best-of-breed security and VPN services with a flexible design. The result is a robust, multifunction network protection appliance better suited to protect small and medium business and larger networks and, simultaneously, lower the total installation and maintenance costs formerly associated with this enhanced level of protection.
Cisco Adaptive Security Appliances (ASA) Firewalls leverage engineering behind Cisco's PIX 500 family firewall, Cisco's IPS 4200 Intrusion Prevention System, and the Cisco VPN 3000 Series concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) Firewall family to offer a firewall that defends against a wide range of threats. Cisco Adaptive Security Appliances (ASA) Firewalls provide program security, local containment and control, and clean Virtual Private Network functionality across the entire product line. This breadth of protection enables defense of any network area, including the most common threat vectors such as remote locations, locally-connected internal users, and off-site access Virtual Private Networks.
Cisco ASA 5500 Series firewalls deliver robust application protection via smart, application-sensitive inspection processes that analyze traffic at Layers 4-7. This produces a more secure network including web, voice, and mobile wireless services. To defend networks against application-layer attacks and to give businesses greater control over the applications and protocols utilized in their networks, Cisco's inspection engines integrate broad application and protocol knowledgebases and employ security enforcement solutions that include anomaly detection and application and protocol state monitoring. Also included are attack sensing and mitigation technology including application/protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver management of IM and peer-to-peer file sharing, allowing businesses to police usage policies and preserve network bandwidth for important business applications.
While improving network protection, Cisco Adaptive Security Appliances (ASA) firewalls also lower installation and operational costs. By offering extensive VPN and security services, the Cisco ASA 5500 Series firewall can be used as the single device for many uses, allowing product commonality. The Cisco Adaptive Security Appliances 5500 Series firewall can be deployed as a consolidated attack-prevention device at a central location by taking advantage of its connectivity control, process inspection, and worm, virus, and other malware mitigation technologies. The Cisco ASA firewall can also be used as a dedicated remote access device using its VPN features. Alternatively, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves equally well inside the network for interdepartmental connectivity management and to guard against malicious assaults inside users might inadvertently introduce into the environment. In small company and satellite office networks, the Cisco Adaptive Security Appliances (ASA) firewall serves as a total solution device offering complete intrusion defense and VPN services while fitting within the budgets and performance models of these deployments.
This adaptive single-device, many-solution design minimizes the number of devices that must be installed and managed while offering a common operating and administrative environment across all installations. This approach simplifies the education of configuration, tracking, support, and security personnel. To further reduce maintenance costs, Cisco Adaptive Security Appliances (ASA) firewalls are also highly network aware, enabling them to integrate gracefully into the environment without disrupting authorized data flow and processes.
How Progent's Cisco Certified Experts Can Help You with Cisco Firewalls
Cisco ASA Series adaptive security appliances and PIX security appliances incorporate an array of setup, monitoring, and analysis features which offer you the flexibility to configure these firewalls to match your company's requirements. Progent's CCIE certified network experts can show you how to maintain your existing infrastructure that includes Cisco ASA or PIX security appliances and that provides protection, resilience, performance, and recoverability. Progent can also help your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-certified IS security professionals can help you to develop a security policy appropriate for your situation and can configure your firewall to enforce your security policies. Progent's security evaluation engineers can evaluate the strength of your existing firewall deployment and audit the overall security of your whole IT network. Progentís Help Desk Call Center can deliver urgent online troubleshooting for Cisco technology and offer quick access to a Cisco CCIE network engineer.
To learn additional information concerning Progent's engineering assistance for Cisco products, pick a subject:
In order to contact Progent about technical support for Cisco products, call 1-800-993-9400 or go to Contact Progent.