Cisco PIX security appliances and ASA Series adaptive security appliances combine comprehensive firewall, intrusion protection, and Virtual Private Network (VPN) functionality in a cost-effective, one-cabinet package. Both of these product lines have been superseded by Cisco's ASA 5500-X family of firewalls with Firepower. (Refer to integration and troubleshooting expertise for ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and previous-generation Cisco ASA 5500 model firewalls are extensively used and continue to deliver small and mid-size organizations a reliable security solution.
PIX and the original ASA 5500 firewalls offer powerful user and program policy support, mutlivector assault defense, and secure access features. The increased intelligence sharing of consolidated protection features in a stand-alone package offers users implementing these integrated firewalls the benefits of enhanced security, lower cost of ownership, and smaller management costs.
Cisco PIX security appliances and the ASA 5500 Series combine with Cisco IOS Firewall, the Firewall Services Module for Catalyst 6500 family switches, and Cisco 7600 family routers as components of Cisco's flexible, self-contained firewall line. Based on an expandable, modular approach, each device is designed with a specific feature set to deliver more efficient protection to a variety of network situations. These solutions can be independently installed to protect specific areas of the network infrastructure, or can be grouped for a layered, protection-in-depth strategy based on the design best practices outlined in Cisco's SAFE framework. Completing the integrated firewall solutions, Cisco has developed a comprehensive security management offering, spanning Cisco security device and IOS security features and embedded appliance controllers, to self-contained management applications, helping to make sure that customers can effectively use their Cisco protection solution purchases.
Cisco PIX Security Appliance Series
Cisco PIX Security Appliance Series deliver reliable policy support, multivector invasion protection, and secure connectivity services in cost-effective, easy-to-deploy modules. These specialized devices offer a wealth of integrated protection and connectivity services such as application-aware firewall services, Voice over IP (VoIP) and multimedia security, robust multi-location and remote-access IP Security Virtual Private Network connectivity, fault tolerance, smart networking services, and flexible administration options. The PIX Security Appliance Series product line ranges from small plug-and-go devices for small and home offices to stackable gigabit products with investment protection for enterprise and service-provider environments, Cisco PIX firewalls deliver high levels of protection, speed, and availability for environments of any size.
Built around a hardened, purpose-built OS that offers rich security features, PIX firewall appliances provide a high level of protection and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security (IPsec) qualification. Cisco PIX firewall appliances offer security for a broad array of Voice over IP and additional multimedia conventions including H.323 Version 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), enabling businesses to safeguard deployments of a wide range of current and next-generation VoIP and mixed-media applications.
PIX security appliances offer a wealth of configuration, tracking, and analysis features, giving IT managers the flexibility to utilize the techniques that most closely match their requirements. Management solutions include centralized, policy-based management tools, integrated web-accessible administration, and compatibility with remote-tracking standards like Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM interface provides a powerful web-accessible control solution that significantly streamlines the deployment, ongoing configuration, and monitoring of a single Cisco PIX firewall without the need of any extra software other than an ordinary web browser and Java plug-in to be running on a manager's computer.
IT managers can furthermore remotely set up, track, and analyze PIX firewalls using a CLI interface. Secure command-line interface communication is available using several methods such as Secure Shell Protocol, Telnet through IP Security, and out-of-band via a console port. PIX firewall appliances also have dependable automatic-update capabilities, a set advanced secure remote-administration options that ensure firewall configurations and software images are always current.
Cisco ASA 5500 Series Firewalls
Cisco ASA Firewalls are specially engineered devices that bring together advanced, industry-leading protection and Virtual Private Network services plus a flexible design. The result is a powerful, multifunction network security appliance better able to defend small and medium business and enterprise networks and, simultaneously, reduce the total installation and maintenance costs formerly required for this high level of protection.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls leverage engineering behind the Cisco PIX 500 Security Appliance, Cisco's IPS 4200 Intrusion Prevention System, and the VPN 3000 model concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to deliver a platform that stops a broad range of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls provide program security, network containment and control, and safe VPN connectivity throughout the entire product line. This broad scope of protection enables the guarding of any network segment, which includes the most typical attack conduits like remote sites, locally-attached inside users, and off-site access VPNs.
Cisco Adaptive Security Appliances 5500 Series firewalls deliver a high-level of application protection via smart, application-aware inspection processes that examine network flows at Layers 4-7. This produces a more secure network covering web, voice, and mobile wireless connectivity. To protect networks against application-layer attacks and to offer organizations greater control over the applications and protocols utilized in their networks, these inspection engines incorporate broad application and protocol knowledgebases and rely on protection enforcement solutions such as protocol anomaly sensing and application and protocol state tracking. Also incorporated are attack detection and remediation techniques such as application/protocol command filtering and content verification. Cisco Adaptive Security Appliances firewall inspection engines also provide control over instant messaging and tunneling applications, enabling businesses to police usage policies and free up bandwidth for important business applications.
At the same time as increasing network security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower installation and support costs. By providing extensive VPN and protection functions, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as the the only platform for a multitude of environments, enabling product commonality. The Cisco Adaptive Security Appliances firewall can be deployed as a consolidated threat-prevention device at a central location by leveraging its connectivity control, application inspection, and malware remediation capabilities. The Cisco ASA firewall can also be deployed as a dedicated remote connectivity solution using its Virtual Private Network features. As another option, the Cisco Adaptive Security Appliances firewall operates capably inside the network for interdepartmental access control and to defend against malicious assaults inside users might unknowingly release into the environment. For small company and branch office environments, the Cisco ASA firewall acts as an all-in-one device offering comprehensive intrusion prevention and Virtual Private Network functionality while fitting within the budgets and operational models of these deployments.
This versatile one-device, multiple-use approach minimizes the total number of devices that must be installed and maintained while providing a common functional and administrative system across all those deployments. This approach streamlines the training of configuration, monitoring, troubleshooting, and protection personnel. To further reduce maintenance expenses, Cisco Adaptive Security Appliances firewalls are also highly network conscious, enabling these devices to insert seamlessly into the environment without disrupting legitimate data flow and applications.
How Progent's Consultants Can Assist You with Cisco PIX and ASA Firewalls
Cisco's ASA Series firewalls and PIX firewalls incorporate an array of setup, tracking, and analysis features which offer you the flexibility to deploy these security appliances to align optimally with your business requirements. Progent's CCIE certified network consultants can show you how to maintain your current infrastructure that incorporates Cisco ASA or PIX firewalls and that offers protection, fault tolerance, throughput, and manageability. Progent's firewall experts can also help you to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-premier IS security engineers can assist you to develop a security policy appropriate for your situation and can configure your PIX or ASA firewall to enforce your security strategy. Progent's risk evaluation consultants can evaluate the strength of your existing firewall deployment and help determine the security of your whole IT network. Progentís Help Desk Call Center can deliver urgent remote technical support for Cisco technology and offer quick access to a Cisco network engineer.
To find out additional information concerning Progent's professional expertise for Cisco networking products, choose a topic:
If you wish to contact Progent about professional support for Cisco networking, phone 1-800-993-9400 or refer to Contact Progent.