Cisco's PIX firewalls and ASA 5500 Series firewalls combine comprehensive firewall, intrusion protection, and Virtual Private Network technologies in an affordable, one-cabinet package. Both product families have been superseded by the ASA 5500-X line of firewalls with Firepower Services. (Refer to configuration and debugging support for Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and previous-generation ASA 5500 Series firewalls are widely used and continue to offer small and mid-size companies a viable firewall environment.
Cisco PIC and legacy ASA 5500 firewalls offer powerful user and application policy support, mutlivector attack defense, and secure connectivity features. The increased intelligence sharing of consolidated security features in a single platform provides users deploying these integrated firewalls the benefits of advanced security, reduced cost of ownership, and smaller management expense.
Cisco PIX firewalls and the ASA 5500 family join IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 Series switches, and 7600 routers as parts of Cisco's flexible, self-contained firewall line. Engineered with an expandable, building-block approach, every offering is equipped with a particular array of options to provide more efficient security to different networking environments. These products can be independently installed to protect certain facets of the network infrastructure, or can be grouped for a systematic, defense-in-depth approach based on the design best practices outlined in Cisco's SAFE framework. Completing the modular firewall solutions, Cisco has developed a comprehensive security management catalog, spanning Cisco security appliance and Cisco IOS security components and embedded appliance managers, to self-contained management utilities, moving to make sure that customers can effectively use their Cisco security infrastructure purchases.
PIX firewall appliances offer reliable user and application policy enforcement, multi-source attack defense, and safe networking features in affordable, simple-to-configure solutions. These purpose-built devices offer a broad range of integrated security and connectivity services such as application-aware firewall features, VoIP and multimedia protection, robust multi-site and remote-connectivity IPcec Virtual Private Network (VPN) networking, high availability, intelligent networking features, and versatile administration solutions. The Cisco PIX firewall Appliance family ranges from small plug-and-go appliances for small and at home offices to modular gigabit appliances with investment protection for large business and service-provider environments, PIX firewall appliances provide dependable security, speed, and availability for environments of any size.
Built around a hardened, purpose-built operating system that offers a wealth of security features, Cisco PIX firewalls offer a high level of protection and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security qualification. Cisco PIX firewalls provide security for a broad array of Voice over IP and additional multimedia conventions such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol, enabling businesses to protect installations of a broad array of current and next-generation VoIP and video applications.
Cisco PIX firewall appliances offer a variety of configuration, tracking, and troubleshooting features, giving IT managers the flexibility to use the techniques that best meet their requirements. Management options include centralized, policy-based administration tools, integrated web-accessible management, and compatibility with remote-tracking protocols like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a world-class web-based management platform that significantly simplifies the installation, ongoing configuration, and tracking of a single Cisco PIX firewall without the need of any extra utility other than an ordinary browser and Java plug-in to be installed on a manager's PC.
IT managers can furthermore remotely configure, track, and troubleshoot PIX firewalls using a CLI interface. Secure CLI interface access is possible through several techniques such as SSHv2 Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewall appliances also have robust automatic-update capabilities, a set advanced protected remote-management options that ensure firewall settings and software images are kept up to date.
Cisco ASA Firewalls
Cisco Adaptive Security Appliances Firewalls are purpose-built solutions that bring together advanced, best-of-breed security and VPN services plus an adaptive architecture. The end product is a powerful, versatile network protection appliance better suited to protect small and medium business (SMB) and larger networks and, at the same time, lower the total deployment and maintenance expenses formerly required for this high degree of protection.
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage technology developed for the Cisco PIX 500 Series firewall, Cisco's IPS 4200 family sensor, and Cisco's VPN 3000 Series concentrator. These technologies converge on the Cisco ASA Firewall product line to deliver a firewall that defends against a broad range of attacks. Cisco ASA Firewalls deliver program security, local containment and control, and clean VPN connectivity across the entire product line. This broad scope of protection allows defense of any network section, which includes the most common attack conduits such as remote locations, locally-connected inside users, and remote access VPNs.
Cisco ASA firewalls deliver robust application security through smart, application-sensitive inspection processes that examine traffic at Layers 4-7. The result is a safer environment including web, voice, and mobile wireless access. To defend networks against application-layer assaults and to offer businesses greater policing of the programs and protocols used in their environments, Cisco's inspection engines integrate extensive application and protocol knowledgebases and rely on protection enforcement solutions that include anomaly detection and state tracking. Also included are attack detection and mitigation technology including application and protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver management of instant messaging and peer-to-peer file sharing, allowing organizations to enforce usage policies and recover bandwidth for vital business applications.
At the same time as improving network security, Cisco Adaptive Security Appliances 5500 Series firewalls also decrease installation and support expenses. By providing broad VPN and protection services, the Cisco ASA firewall can be a single device for a multitude of environments, allowing product commonality. The Cisco ASA firewall can be used as a converged threat-protection appliance at a central location by leveraging its connectivity control, application inspection, and malware remediation capabilities. The Cisco ASA firewall can also be deployed as a specialized remote connectivity solution utilizing its Virtual Private Network capabilities. As an alternative, the Cisco Adaptive Security Appliances 5500 Series firewall serves equally well in the network interior for inter-office connectivity control and to defend against worms, viruses, and other malicious code inside workers may inadvertently introduce into the environment. For small company and branch office networks, the Cisco Adaptive Security Appliances 5500 Series firewall serves as a total solution platform providing comprehensive threat prevention and Virtual Private Network functionality while suiting the cost structure and operational models of such situations.
This adaptive single-platform, multiple-use approach minimizes the total number of devices that need to be installed and managed while providing a common functional and administrative environment throughout all those deployments. This approach streamlines the training of setup, monitoring, support, and protection personnel. To further minimize operations expenses, Cisco Adaptive Security Appliances firewalls are also highly network aware, enabling these devices to insert gracefully into the environment without disrupting legitimate data flow and processes.
How Progent's Consultants Can Assist Your Business with Cisco Firewalls
Cisco ASA Series firewalls and PIX family firewalls provide an array of setup, tracking, and troubleshooting options that give you the flexibility to configure these security appliances to match your company's requirements. Progent's CCIE authorized network consultants can help you to support your existing network infrastructure that incorporates Cisco ASA or PIX firewalls and that offers protection, fault tolerance, performance, and recoverability. Progent can also help your organization to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified information security consultants can assist you to create a security strategy that makes sense for your situation and can configure your firewall to enforce your security policies. Progent's risk evaluation professionals can assess the effectiveness of your existing firewall deployment and audit the security of your entire IT environment. Progentís Help Desk Call Center can deliver urgent remote technical support for Cisco products and offer fast access to a Cisco CCIE expert.
To find out more information concerning Progent's engineering assistance for Cisco products, pick a topic:
If you wish to get in touch with Progent about professional help for Cisco products, call 1-800-993-9400 or refer to Contact Progent.