Cisco PIX family firewalls and Cisco ASA Series adaptive security appliances integrate comprehensive firewall, intrusion defense, and Virtual Private Network (VPN) technologies in an affordable, single-cabinet package. Both of these product lines have been superseded by the ASA 5500-X family of security appliances with Firepower. (Refer to integration and troubleshooting help with ASA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and previous-generation Cisco ASA 5500 model firewalls are extensively deployed and continue to provide small and mid-size organizations a reliable firewall environment.
PIX and the original ASA 5500 firewalls offer robust client and application policy support, mutlivector assault defense, and secure access services. The increased knowledge sharing of integrated security features in a single platform provides customers implementing these aggregated solutions the benefits of enhanced protection, lower cost of ownership, and minimal management expense.
Cisco PIX security appliances and Cisco's ASA 5500 family join IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 switches, and Cisco 7600 routers as parts of Cisco's flexible, self-contained firewall line. Based on a scalable, building-block approach, each device is equipped with a particular feature set to provide more efficient protection to a variety of networking environments. These solutions can be individually deployed to protect certain areas of a network infrastructure, or can be grouped for a layered, defense-in-depth strategy based on the design leading practices described in the Cisco SAFE Blueprint. Completing the integrated firewall solutions, Cisco has developed a comprehensive security management product portfolio, spanning Cisco security device and IOS security components and built-in device managers, to standalone management applications, moving to make sure that businesses can productively manage their Cisco protection solution purchases.
Cisco PIX Security Appliance Series
PIX firewalls offer robust user and application policy support, multi-source attack protection, and safe networking services in economical, easy-to-deploy solutions. These specialized devices provide a broad range of integrated security and connectivity capabilities including process-aware firewall services, VoIP and multimedia security, robust site-to-site and remote-access IP Security Virtual Private Network (VPN) networking, excellent resiliency, smart networking services, and versatile management solutions. The PIX firewall Appliance product line ranges from small plug-and-play appliances for small or home offices to modular gigabit appliances with ROI for enterprise and ISP customers, PIX Security Appliance Series provide high levels of protection, performance, and availability for network environments of all sizes.
Built around a hardened, purpose-built software platform that delivers a wealth of protection features, Cisco PIX firewall appliances provide excellent protection and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security certification. PIX security appliances provide protection for a broad array of Voice over IP and other mixed-media conventions including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and MGCP, helping organizations to safeguard installations of a broad range of contemporary and upcoming VoIP and multimedia applications.
Cisco PIX firewalls offer a variety of setup, monitoring, and analysis features, giving IT managers the flexibility to utilize the techniques that most closely meet their needs. Administrative options include common, policy-based administration utilities, integrated web-based management, and compatibility with remote-tracking standards like Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system offers a world-class web-based control solution that greatly simplifies the installation, ongoing modification, and monitoring of a specific PIX firewall appliance without requiring any additional utility other than a standard browser and Java applet to be installed on an administrator's computer.
Administrators can also remotely configure, track, and analyze Cisco PIX security appliances via a command-line interface (CLI). Safe command-line interface (CLI) access is possible through a number of techniques including SSHv2 Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewalls also have robust automatic-update features, a collection of secure remote-administration services that ensure firewall configurations and software images are always up to date.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco Adaptive Security Appliances Firewalls are purpose-built solutions that bring together market-proven, industry-leading security and VPN services plus an adaptive architecture. The end product is a robust, versatile network security appliance better able to protect small and medium business and enterprise networks and, at the same time, lower the total installation and operations expenses formerly required for this high degree of protection.
Cisco Adaptive Security Appliances (ASA) Firewalls build on technology developed for the Cisco PIX 500 Series Security Appliance, the IPS 4200 sensor, and the VPN 3000 family concentrator. These technologies enable the Cisco Adaptive Security Appliances Firewall product line to deliver a platform that stops a wide range of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver program security, local containment, and clean VPN connectivity across the entire product line. This breadth of protection allows defense of any network area, including the most common attack conduits such as remote locations, locally-connected internal users, and off-site access Virtual Private Networks.
Cisco Adaptive Security Appliances 5500 Series firewalls deliver robust application protection via intelligent, application-sensitive inspection processes that examine traffic at Layers 4-7. This produces a more secure network including web, voice, and mobile wireless services. To protect networks against application-layer assaults and to offer businesses greater policing of the applications and protocols used in their networks, Cisco's inspection engines incorporate broad application and protocol knowledge and rely on security enforcement technologies such as anomaly sensing and application and protocol state monitoring. Also included are assault sensing and mitigation techniques including application and protocol command filters and URL deobfuscation. Cisco ASA firewall inspection engines also provide control over instant messaging and tunneling applications, enabling organizations to police usage policies and free up bandwidth for important business processes.
While improving security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower installation and operational expenses. By providing extensive VPN and security services, the Cisco Adaptive Security Appliances 5500 Series firewall can be a the only platform for many uses, allowing product commonality. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as a converged attack-prevention device at the datacenter by taking advantage of its connectivity control, application inspection, and worm, virus, and other malware remediation technologies. The Cisco Adaptive Security Appliances 5500 Series firewall can also be used as a dedicated remote access solution using its VPN capabilities. As another option, the Cisco ASA firewall performs capably inside the network for inter-office connectivity management and to guard against malicious assaults inside workers may unwittingly introduce into the environment. For small company and satellite office environments, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves as a total solution device offering comprehensive intrusion prevention and Virtual Private Network functionality while fitting within the cost structure and operational models of these deployments.
This adaptive single-platform, many-solution approach minimizes the total number of appliances that need to be deployed and managed while offering a common operating and management environment across all those deployments. This approach streamlines the training of setup, tracking, support, and protection personnel. To further reduce maintenance expenses, Cisco Adaptive Security Appliances firewalls are also exceptionally network conscious, allowing them to insert seamlessly into the environment without disrupting authorized traffic and applications.
How Progent's Consultants Can Help Your Business with Cisco PIX and ASA Security Appliances
Cisco ASA 5500 Series firewalls and PIX security appliances incorporate an array of configuration, monitoring, and troubleshooting options that give you the ability to configure these security appliances to match your business requirements. Progent's CCIE authorized network consultants can help you to support your current infrastructure that includes Cisco ASA and/or PIX firewall technology and that offers security, resilience, performance, and recoverability. Progent can also help you to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-premier IS security engineers can help your business to create a security policy that makes sense for your environment and can configure your firewall to support your security policies. Progent's risk assessment consultants can assess the effectiveness of your existing firewall deployment and help determine the security of your entire IT environment. Progentís Technical Response Center (TRC) can deliver emergency online troubleshooting for Cisco technology and can give you quick access to a Cisco CCIE network engineer.
To learn more details about Progent's professional expertise for Cisco networking products, pick a subject:
If you wish to get in touch with Progent about engineering expertise for Cisco products, call 1-800-993-9400 or visit Contact Progent.