Cisco PIX security appliances and ASA Series firewalls integrate comprehensive firewall, intrusion protection, and Virtual Private Network technologies in an economical, single-cabinet package. Both of these product lines have been replaced by the ASA 5500-X series of firewalls with Firepower. (See integration and troubleshooting expertise for ASA 5500-X firewalls with Firepower Services.) Still, PIX and earlier-generation Cisco ASA 5500 Series adaptive security appliances are extensively deployed and continue to offer small and mid-size companies a viable security solution.
PIX and the original ASA 5500 firewalls deliver powerful user and application policy support, mutlivector assault protection, and safe connectivity services. The enhanced knowledge sharing of integrated protection features in a stand-alone package offers customers implementing these integrated firewalls the benefits of enhanced security, reduced cost of ownership, and smaller management expense.
Cisco PIX firewalls and the ASA 5500 product line combine with Cisco IOS Firewall, the Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series switches, and 7600 family routers as parts of Cisco's versatile, self-contained firewall line. Based on a scalable, building-block approach, each device is equipped with a particular array of options to deliver better security to a variety of network situations. These solutions can be independently deployed to protect certain areas of the connectivity infrastructure, or can be combined for a systematic, protection-in-depth strategy based on the architecture leading practices described in Cisco's SAFE framework. Rounding out the integrated firewall solutions, Cisco provides a comprehensive security management catalog, ranging from Cisco security device and IOS security components and built-in device controllers, to self-contained management programs, helping to ensure that businesses can effectively manage their Cisco protection infrastructure purchases.
PIX Firewall Appliances
PIX firewall appliances offer reliable user and application policy enforcement, multi-source invasion defense, and secure connectivity features in affordable, easy-to-deploy modules. These specialized devices offer a wealth of integrated protection and connectivity services including application-aware firewall features, Voice over IP and multimedia protection, robust multi-site and remote-access IP Security (IPsec) Virtual Private Network connectivity, high availability, smart networking services, and flexible administration options. The PIX firewall product line spans compact plug-and-go devices for small or home offices to stackable high-bandwidth appliances with ROI for large business and ISP environments, PIX Security Appliance Series deliver dependable protection, performance, and reliability for networks of any size.
Built around a tested, specialized OS that offers rich protection services, Cisco PIX firewall appliances provide excellent security and have received EAL 4 status and ICSA Firewall and IP Security certification. Cisco PIX security appliances provide security for a broad array of VoIP and additional multimedia conventions such as H.323 v. 4, Session Initiation Protocol (SIP), SCCP, RTSP, and Media Gateway Control Protocol (MGCP), helping organizations to safeguard installations of a broad range of contemporary and upcoming VoIP and mixed-media applications.
PIX firewalls feature a wealth of configuration, monitoring, and analysis options, providing businesses the flexibility to use the methods that most closely match their requirements. Administrative options include centralized, policy-based administration tools, integrated web-accessible management, and compatibility with remote-monitoring protocols such as Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a world-class web-based control solution that greatly streamlines the deployment, ongoing modification, and tracking of a specific PIX firewall appliance without the need of any extra utility other than a standard web browser and Java applet to be installed on an administrator's PC.
IT managers can also remotely configure, track, and analyze PIX firewalls via a command-line interface. Safe command-line interface access is possible using several techniques including SSHv2 Protocol, Telnet over IPsec, and out-of-band via a console port. Cisco PIX security appliances also include dependable automatic-update capabilities, a collection advanced protected remote-administration options that ensure security settings and software images are kept current.
Cisco Adaptive Security Appliances (ASA) Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are specially engineered solutions that bring together advanced, best-of-breed security and VPN services plus an adaptive design. The result is a powerful, versatile network protection appliance better able to protect small and midsize business and enterprise networks and, at the same time, lower the overall installation and maintenance expenses formerly required for this enhanced degree of protection.
Cisco Adaptive Security Appliances 5500 Series firewalls provide robust application protection through intelligent, application-sensitive inspection processes that analyze network flows at Layers 4-7. The result is a better protected environment including web, voice, and mobile wireless access. To defend environments from application-layer attacks and to offer organizations more policing of the applications and protocols used in their networks, these inspection engines incorporate extensive application and protocol knowledgebases and rely on protection enforcement technologies such as protocol anomaly detection and application and protocol state tracking. Also included are assault sensing and remediation technology including application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide management of instant messaging and peer-to-peer file sharing, allowing organizations to police usage policies and free up bandwidth for critical business processes.
At the same time as increasing network security, Cisco Adaptive Security Appliances (ASA) firewalls also lower installation and support costs. By providing extensive Virtual Private Network and protection services, the Cisco ASA 5500 Series firewall can be a the only platform for a multitude of uses, allowing platform standardization. The Cisco Adaptive Security Appliances (ASA) firewall can be used as a consolidated threat-prevention appliance at a central location by taking advantage of its connectivity control, process inspection, and worm, virus, and other malware remediation capabilities. The Cisco Adaptive Security Appliances (ASA) firewall can also be deployed as a specialized remote access device utilizing its Virtual Private Network capabilities. As an alternative, the Cisco ASA 5500 Series firewall operates capably inside the network for inter-office access management and to guard against malicious assaults internal users might unwittingly release into the network. For small company and satellite office environments, the Cisco ASA 5500 Series firewall acts as an all-in-one platform offering comprehensive intrusion defense and VPN functionality while fitting within the cost structure and performance demands of these situations.
This adaptive one-platform, multiple-use design reduces the number of appliances that must be deployed and managed while providing a standard functional and management environment across all those deployments. This approach streamlines the training of setup, monitoring, troubleshooting, and protection staff. To further minimize operations costs, Cisco Adaptive Security Appliances 5500 Series firewalls are also highly network conscious, enabling these devices to insert gracefully into the environment without interfering with legitimate data flow and processes.
How Progent's Consultants Can Help You with Cisco Firewalls
Cisco ASA Series adaptive security appliances and PIX security appliances provide a wealth of configuration, monitoring, and analysis features that offer you the flexibility to deploy these firewalls to align optimally with your business needs. Progent's CCIE authorized network professionals can show you how to maintain your current infrastructure that incorporates Cisco ASA and/or PIX security appliances and that provides protection, fault tolerance, performance, and recoverability. Progent's firewall experts can also help your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-certified information security consultants can help your business to create a security strategy that makes sense for your environment and can set up your PIX or ASA firewall to support your security strategy. Progent's risk assessment consultants can assess the strength of your current firewall deployment and help determine the overall security of your entire IT network. Progent's Help Desk Call Center can provide emergency remote troubleshooting for Cisco products and offer fast access to a Cisco network engineer.
To find out additional details about Progent's engineering support for Cisco networking products, select a subject: