Cisco's PIX firewalls and ASA Series firewalls integrate next-generation firewall, intrusion protection, and VPN technologies in a cost-effective, single-box format. Both product families have been replaced by the ASA 5500-X family of security appliances with Firepower Services. (See integration and troubleshooting support for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation ASA 5500 model adaptive security appliances are extensively deployed and continue to deliver small and mid-size companies a reliable firewall environment.
Cisco PIC and legacy ASA 5500 firewalls offer powerful client and program policy support, mutlivector attack protection, and secure access services. The enhanced intelligence sharing of integrated protection features in a single package offers customers implementing these integrated solutions the benefits of enhanced security, reduced cost of ownership, and minimal management costs.
Cisco PIX firewalls and Cisco's ASA 5500 family combine with Cisco IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 switches, and Cisco 7600 Series routers as parts of Cisco's versatile, integrated firewall product. Engineered with a scalable, modular platform, each offering is equipped with a specific feature set to provide more efficient protection to a variety of network environments. These solutions can be individually deployed to protect specific areas of a network environment, or can be grouped for a layered, defense-in-depth strategy based on the architecture best practices described in Cisco's SAFE framework. Completing the integrated firewall solutions, Cisco provides a complete security management portfolio, ranging from Cisco security device and Cisco IOS Software security components and built-in appliance managers, to self-contained management utilities, moving to make sure that businesses can productively use their Cisco protection infrastructure purchases.
Cisco PIX Firewall Appliances
PIX Security Appliance Series offer robust policy enforcement, multivector attack protection, and secure connectivity services in economical, easy-to-deploy solutions. These specialized appliances provide a wealth of integrated security and connectivity capabilities such as application-aware firewall services, Voice over IP and multimedia protection, robust multi-site and remote-connectivity IPcec VPN networking, fault tolerance, smart networking features, and versatile management options. The PIX Security Appliance Series family spans compact plug-and-go devices for small offices or at home offices to stackable high-bandwidth appliances with ROI for large business and ISP environments, Cisco PIX firewalls deliver dependable security, speed, and reliability for networks of any size.
Built upon a hardened, specialized OS that delivers rich protection features, PIX firewalls provide a high level of security and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. PIX firewall appliances offer security for a wide range of Voice over IP and additional multimedia standards such as H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping organizations to protect installations of a wide range of contemporary and upcoming IP voice and video applications.
PIX security appliances feature a variety of configuration, monitoring, and analysis features, providing businesses the flexibility to utilize the techniques that best meet their requirements. Management options include centralized, policy-based administration utilities, integrated web-accessible administration, and compatibility with remote-monitoring standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface offers a world-class web-based control solution that significantly streamlines the installation, in-place modification, and monitoring of a specific PIX security appliance without the need of any extra utility beyond an ordinary web browser and Java applet to be installed on a manager's computer.
Administrators can furthermore remotely set up, track, and analyze PIX firewalls via a command-line interface. Safe command-line interface (CLI) communication is possible using a number of techniques including Secure Shell Protocol, Telnet through IPsec, and out-of-band through a console port. PIX firewall appliances also have robust auto-update features, a collection advanced secure remote-administration options that ensure firewall settings and software images are always current.
Cisco ASA Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are specially engineered devices that bring together advanced, industry-leading security and Virtual Private Network services plus an adaptive architecture. The result is a robust, versatile network security solution better suited to defend small and medium business (SMB) and larger networks and, simultaneously, lower the total installation and operations expenses previously required for this high degree of security.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on technology developed for the Cisco PIX 500 family Security Appliance, Cisco's IPS 4200 Series sensor, and the VPN 3000 Series concentrator. These solutions converge on the Cisco ASA 5500 Series Firewall family to deliver a platform that defends against a broad range of threats. Cisco ASA Firewalls deliver application protection, local containment and control, and clean Virtual Private Network connectivity across Cisco's product portfolio. This breadth of protection allows defense of any network section, which includes the most common threat vectors like remote sites, locally-connected inside users, and remote connected VPNs.
Cisco Adaptive Security Appliances (ASA) firewalls provide strong application protection through intelligent, application-aware inspection engines that examine network flows at Layers 4-7. This produces a more secure network including web, voice, and mobile wireless access. To defend networks from application-layer attacks and to offer businesses greater policing of the programs and protocols used in their environments, these inspection engines incorporate extensive application and protocol knowledgebases and employ security enforcement solutions such as protocol anomaly detection and application and protocol state tracking. Also included are attack detection and remediation techniques such as application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide management of instant messaging and tunneling applications, enabling businesses to police usage policies and free up network bandwidth for vital business applications.
At the same time as increasing network protection, Cisco ASA 5500 Series firewalls also lower deployment and support expenses. By providing broad VPN and protection functions, the Cisco Adaptive Security Appliances 5500 Series firewall can be a the only platform for many uses, allowing product commonality. The Cisco Adaptive Security Appliances (ASA) firewall can be deployed as a consolidated threat-prevention device at a central location by leveraging its access control, process inspection, and malicious assault remediation technologies. The Cisco Adaptive Security Appliances 5500 Series firewall can also be deployed as a dedicated remote access solution utilizing its Virtual Private Network features. As an alternative, the Cisco Adaptive Security Appliances firewall serves equally well inside the network for interdepartmental connectivity management and to defend against worms, viruses, and other malicious code internal workers may unwittingly introduce into the environment. In small company and branch office environments, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall acts as a total solution device providing complete intrusion prevention and Virtual Private Network services while suiting the cost structure and performance models of such situations.
This adaptive one-platform, multiple-solution design minimizes the total number of appliances that must be installed and maintained while offering a standard operating and management environment across all installations. This approach streamlines the training of setup, monitoring, troubleshooting, and security staff. To further minimize operations costs, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also highly network conscious, enabling them to insert gracefully into the network without disrupting authorized data flow and processes.
How Progent's Consultants Can Assist Your Business with Cisco PIX and ASA Firewalls
Cisco ASA Series firewalls and PIX security appliances provide a wealth of setup, monitoring, and analysis options that give you the flexibility to configure these firewalls to match your business needs. Progent's CCIE certified network professionals can help you to support your existing infrastructure that incorporates Cisco ASA or PIX security appliances and that provides protection, resilience, throughput, and manageability. Progent's firewall experts can also assist you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-premier IS security consultants can assist you to develop a security policy that makes sense for your business and can configure your PIX or ASA firewall to enforce your security strategy. Progent's security evaluation engineers can assess the strength of your existing firewall solution and validate the overall security of your entire IS environment. Progent’s Technical Response Center (TRC) can provide emergency online troubleshooting for Cisco technology and can give you quick access to a Cisco CCIE expert.
To see more information about Progent's engineering assistance for Cisco networking products, choose a subject:
To ask Progent about consulting expertise for Cisco networking, phone 1-800-993-9400 or see Contact Progent.