Cisco's PIX firewalls and ASA Series adaptive security appliances integrate next-generation firewall, intrusion protection, and Virtual Private Network (VPN) features in a cost-effective, one-cabinet format. Both of these product families have been superseded by Cisco's ASA 5500-X family of firewalls with Firepower Services. (Refer to integration and debugging expertise for Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and earlier-generation ASA 5500 model firewalls are extensively deployed and continue to deliver small and mid-size companies a reliable firewall solution.
PIX and the original ASA 5500 firewalls deliver robust user and application policy enforcement, mutlivector assault defense, and secure connectivity features. The enhanced knowledge sharing of consolidated security services in a single package provides users deploying these integrated solutions the benefits of advanced security, lower TCO, and smaller maintenance costs.
PIX security appliances and Cisco's ASA 5500 Series combine with IOS Firewall, the FWSM for Catalyst 6500 family switches, and Cisco 7600 routers as components of Cisco's flexible, self-contained firewall line. Based on a scalable, modular platform, each offering is equipped with a specific array of options to provide more efficient security to a variety of network situations. These solutions can be independently deployed to protect certain facets of a network environment, or can be grouped for a layered, protection-in-depth approach following the design leading practices outlined in Cisco's SAFE framework. Rounding out the integrated firewall product line, Cisco has developed a comprehensive security management product portfolio, spanning Cisco security device and IOS Software security features and embedded appliance controllers, to self-contained management utilities, moving to ensure that customers can effectively manage their Cisco security solution investments.
PIX Security Appliance Series
Cisco PIX Security Appliance Series deliver reliable policy support, multivector invasion protection, and safe networking features in economical, out-of-the-box solutions. These purpose-built devices provide a wealth of integrated security and networking capabilities including process-aware firewall features, Voice over IP (VoIP) and multimedia protection, robust multi-location and remote-access IPcec VPN networking, fault tolerance, intelligent networking features, and versatile administration solutions. The PIX Security Appliance Series family spans compact plug-and-play desktop units for small offices and at home offices to modular high-bandwidth appliances with ROI for large business and ISP environments, Cisco PIX Security Appliance Series deliver dependable security, performance, and reliability for network environments of any size.
Built around a hardened, purpose-built OS that delivers a wealth of protection services, PIX security appliances provide a high level of security and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security certification. Cisco PIX firewall appliances offer security for a broad range of Voice over IP and other mixed-media standards such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), enabling businesses to protect installations of a wide array of current and upcoming VoIP and multimedia applications.
Cisco PIX firewalls feature a wealth of configuration, monitoring, and troubleshooting features, giving IT managers the flexibility to use the techniques that most closely match their needs. Administrative options include centralized, policy-based management utilities, integrated web-accessible management, and support for remote-monitoring standards like Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM interface offers a world-class web-accessible management platform that significantly simplifies the installation, ongoing configuration, and tracking of a specific PIX firewall appliance without requiring any extra utility other than an ordinary web browser and Java plug-in to be running on an administrator's PC.
Administrators can also remotely set up, monitor, and troubleshoot PIX firewalls using a CLI interface. Secure command-line interface (CLI) communication is available using several methods including Secure Shell Protocol, Telnet through IPsec, and out-of-band via a console port. Cisco PIX firewall appliances also have dependable automatic-update features, a collection advanced protected remote-management options that ensure security settings and software images are always current.
Cisco Adaptive Security Appliances (ASA) Firewalls
Cisco Adaptive Security Appliances Firewalls are purpose-built solutions that incorporate advanced, industry-leading security and Virtual Private Network services with an adaptive design. The result is a powerful, multifunction network security appliance better suited to protect small and midsize business and larger networks and, at the same time, reduce the total installation and maintenance expenses formerly associated with this high level of security.
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage technology behind the Cisco PIX 500 family Security Appliance, Cisco's IPS 4200 Series sensor, and Cisco's VPN 3000 family concentrator. These solutions enable the Cisco Adaptive Security Appliances (ASA) Firewall family to deliver a firewall that stops a wide range of threats. Cisco Adaptive Security Appliances (ASA) Firewalls deliver application protection, network containment, and clean Virtual Private Network connectivity across Cisco's product line. This breadth of protection enables the guarding of any network area, including the most common threat vectors like remote locations, LAN-attached inside users, and off-site connected Virtual Private Networks.
Cisco ASA firewalls deliver robust application protection via intelligent, application-sensitive inspection engines that analyze traffic at Layers 4-7. The result is a safer network including web, voice, and mobile wireless services. To defend networks from application-layer attacks and to offer businesses more policing of the applications and protocols used in their environments, these inspection engines integrate extensive application and protocol knowledgebases and employ security enforcement solutions such as anomaly sensing and application and protocol state monitoring. Also incorporated are assault detection and mitigation techniques such as application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, enabling organizations to police usage policies and free up network bandwidth for critical business applications.
While increasing network protection, Cisco Adaptive Security Appliances firewalls also lower deployment and support costs. By offering broad Virtual Private Network and security functions, the Cisco Adaptive Security Appliances (ASA) firewall can be a the only platform for a multitude of environments, enabling product standardization. The Cisco Adaptive Security Appliances firewall can be used as a converged threat-protection appliance at a central location by leveraging its access control, application inspection, and malware remediation capabilities. The Cisco Adaptive Security Appliances firewall can also be used as a dedicated remote access device utilizing its VPN features. Alternatively, the Cisco ASA 5500 Series firewall performs capably in the network interior for inter-office connectivity management and to defend against malware internal workers might unknowingly release into the network. For small business and satellite office environments, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall acts as an all-in-one platform providing complete threat defense and Virtual Private Network functionality while suiting the cost structure and operational demands of these situations.
This adaptive single-platform, many-solution design reduces the total number of appliances that must be installed and maintained while offering a common operating and administrative environment across all deployments. This approach simplifies the training of setup, monitoring, troubleshooting, and security personnel. To further minimize operations expenses, Cisco ASA 5500 Series firewalls are also exceptionally network aware, allowing them to insert seamlessly into the environment without disrupting authorized traffic and processes.
How Progent Can Assist Your Business with Cisco Firewalls
Cisco ASA Series firewalls and PIX firewalls incorporate an array of configuration, tracking, and analysis features that give you the ability to deploy these security appliances to match your business requirements. Progent's CCIE authorized network professionals can help you to maintain your existing network infrastructure that incorporates Cisco ASA and/or PIX firewall technology and that offers security, resilience, throughput, and recoverability. Progent can also assist your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-certified information security consultants can help your business to create a security strategy appropriate for your situation and can configure your security appliance to enforce your security policies. Progent's security evaluation consultants can evaluate the effectiveness of your existing firewall solution and validate the security of your entire information system environment. Progentís Help Desk Call Center can deliver emergency online technical support for Cisco products and offer quick access to a Cisco network engineer.
To see more information concerning Progent's engineering expertise for Cisco products, select a topic:
In order to ask Progent about technical help for Cisco networking, call 1-800-993-9400 or refer to Contact Progent.