Cisco's PIX family firewalls and ASA Series firewalls combine comprehensive firewall, intrusion defense, and Virtual Private Network technologies in a cost-effective, one-box format. Both product families have been superseded by Cisco's ASA 5500-X series of security appliances with Firepower Services. (See configuration and debugging help with ASA 5500-X firewalls with Firepower Services.) Still, both PIX and first-generation ASA 5500 Series adaptive security appliances are extensively deployed and continue to provide small and mid-size organizations a reliable security environment.
Cisco PIC and the original ASA 5500 firewalls offer robust client and program policy enforcement, mutlivector attack defense, and secure connectivity features. The increased knowledge sharing of consolidated protection services in a single platform provides customers deploying these integrated solutions the advantages of enhanced security, lower cost of ownership, and minimal management costs.
Cisco PIX firewalls and Cisco's ASA 5500 product line combine with IOS Firewall, the FWSM for Cisco Catalyst 6500 family switches, and Cisco 7600 family routers as parts of Cisco's versatile, self-contained firewall solutions. Based on an expandable, modular platform, every offering is designed with a specific array of options to deliver better protection to a variety of networking environments. These products can be independently deployed to protect certain facets of a connectivity environment, or can be grouped for a systematic, protection-in-depth strategy following the design best practices described in Cisco's SAFE Blueprint. Rounding out the modular firewall product line, Cisco provides a complete security management catalog, spanning Cisco security appliance and Cisco IOS Software security components and built-in device managers, to standalone management programs, moving to make sure that customers can effectively manage their Cisco protection infrastructure investments.
Cisco PIX Firewall Appliances
PIX firewall appliances offer robust user and application policy support, multivector attack protection, and safe networking services in economical, simple-to-configure modules. These purpose-built devices provide a broad range of built-in security and connectivity services such as process-aware firewall services, VoIP and multimedia security, robust multi-site and remote-connectivity IPcec Virtual Private Network connectivity, excellent resiliency, smart networking features, and flexible administration options. The PIX firewall Appliance family spans compact plug-and-play desktop units for small offices or at home offices to stackable gigabit appliances with investment protection for large business and service-provider environments, Cisco PIX Security Appliance Series provide dependable security, speed, and reliability for network environments of any size.
Built around a hardened, purpose-built OS that delivers a wealth of security services, PIX firewalls provide a high level of protection and have been awarded EAL 4 status and ICSA Labs Firewall and IPsec certification. PIX firewall appliances offer security for a wide array of Voice over IP and additional mixed-media standards such as H.323 Version 4, SIP, SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol, enabling organizations to protect deployments of a broad range of contemporary and next-generation VoIP and video applications.
PIX security appliances offer a wealth of configuration, tracking, and troubleshooting features, giving IT managers the flexibility to use the methods that most closely meet their requirements. Management options include centralized, policy-based administration tools, integrated web-based management, and support for remote-tracking protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM system offers a world-class web-based management solution that greatly streamlines the deployment, ongoing configuration, and monitoring of a specific Cisco PIX security appliance without requiring any extra utility other than a standard web browser and Java applet to be running on an administrator's computer.
Administrators can furthermore remotely set up, track, and troubleshoot PIX firewalls via a command-line interface (CLI). Secure command-line interface (CLI) access is available using several methods such as Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. Cisco PIX security appliances also have dependable automatic-update features, a set of protected remote-administration options that make sure that firewall settings and software images are kept up to date.
Cisco Adaptive Security Appliances Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are purpose-built solutions that bring together market-proven, best-of-breed security and VPN support plus a flexible design. The end product is a robust, versatile network protection appliance better able to defend small and midsize company and larger networks and, simultaneously, lower the overall installation and operations costs formerly required for this high degree of protection.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on technology developed for the PIX 500 Security Appliance, the IPS 4200 sensor, and Cisco's VPN 3000 model concentrator. These solutions converge on the Cisco Adaptive Security Appliances 5500 Series Firewall family to deliver a platform that stops a broad range of attacks. Cisco ASA 5500 Series Firewalls deliver application security, network containment, and safe Virtual Private Network connectivity throughout the entire product portfolio. This breadth of protection enables defense of any network section, which includes the most common attack vectors such as remote locations, LAN-attached inside users, and off-site access VPNs.
Cisco Adaptive Security Appliances firewalls provide a high-level of application protection through intelligent, application-aware inspection processes that analyze traffic at Layers 4-7. This produces a more secure network covering web, voice, and mobile wireless connectivity. To protect environments from application-layer attacks and to give organizations more policing of the applications and protocols utilized in their environments, Cisco's inspection engines incorporate broad application and protocol knowledgebases and employ security enforcement technologies that include anomaly detection and state tracking. Also included are assault sensing and remediation technology including application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also deliver management of instant messaging and peer-to-peer file sharing, allowing organizations to police usage policies and preserve network bandwidth for crucial business applications.
At the same time as increasing network protection, Cisco ASA 5500 Series firewalls also decrease installation and operational costs. By offering extensive Virtual Private Network and protection services, the Cisco Adaptive Security Appliances firewall can be used as the the only platform for many uses, enabling product commonality. The Cisco Adaptive Security Appliances 5500 Series firewall can be used as a consolidated attack-protection device at a central location by leveraging its access control, application inspection, and malicious assault remediation technologies. The Cisco ASA firewall can also be used as a specialized remote connectivity device using its Virtual Private Network features. Alternatively, the Cisco Adaptive Security Appliances (ASA) firewall operates equally well in the network interior for interdepartmental connectivity management and to defend against malicious assaults inside workers might inadvertently release into the environment. In small company and branch office environments, the Cisco Adaptive Security Appliances (ASA) firewall acts as a total solution device providing comprehensive threat defense and VPN functionality while fitting within the budgets and operational demands of such deployments.
This adaptive one-device, multiple-solution design minimizes the total number of devices that must be deployed and maintained while providing a standard operating and management system throughout all installations. This architecture simplifies the training of configuration, monitoring, troubleshooting, and protection staff. To further reduce operations costs, Cisco Adaptive Security Appliances 5500 Series firewalls are also exceptionally network conscious, allowing these devices to insert seamlessly into the environment without interfering with legitimate traffic and applications.
How Progent Can Help You with Cisco Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX family security appliances provide an array of configuration, tracking, and analysis options which give you the flexibility to deploy these security appliances to match your business needs. Progent's CCIE authorized network consultants can help you to maintain your existing infrastructure that includes Cisco ASA and/or PIX firewalls and that offers protection, fault tolerance, performance, and manageability. Progent can also help your organization to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-premier information security professionals can assist you to create a security strategy that makes sense for your situation and can set up your firewall to enforce your security policies. Progent's risk evaluation consultants can assess the effectiveness of your existing firewall deployment and validate the security of your entire IS network. Progentís Technical Response Center can deliver urgent online troubleshooting for Cisco products and can give you fast access to a Cisco expert.
To find out more information concerning Progent's professional help for Cisco networking products, pick a topic:
If you wish to ask Progent about consulting assistance for Cisco technology, phone 1-800-993-9400 or refer to Contact Progent.