Cisco's PIX security appliances and ASA Series adaptive security appliances combine comprehensive firewall, intrusion protection, and VPN features in a cost-effective, one-cabinet package. Both of these product families have been superseded by the ASA 5500-X series of security appliances with Firepower. (See integration and debugging help with Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and first-generation Cisco ASA 5500 Series adaptive security appliances are widely deployed and continue to provide small and mid-size organizations a reliable firewall solution.
Cisco PIC and legacy ASA 5500 firewalls deliver robust client and application policy support, mutlivector assault protection, and secure access features. The enhanced intelligence sharing of consolidated protection features in a stand-alone package offers users deploying these aggregated solutions the benefits of enhanced protection, reduced TCO, and minimal maintenance expense.
Cisco PIX firewalls and Cisco's ASA 5500 product line combine with Cisco IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 family switches, and 7600 routers as components of Cisco's versatile, integrated firewall product. Based on an expandable, building-block platform, every device is equipped with a particular feature set to provide more efficient protection to a variety of network environments. These products can be independently installed to secure specific facets of a network infrastructure, or can be combined for a systematic, protection-in-depth strategy based on the design best practices outlined in the Cisco SAFE Blueprint. Rounding out the integrated firewall solutions, Cisco provides a comprehensive security management product portfolio, spanning Cisco security device and IOS Software security components and built-in device controllers, to standalone management utilities, helping to make sure that businesses can productively manage their Cisco security infrastructure investments.
Cisco PIX Security Appliance Series
PIX Security Appliance Series deliver reliable policy support, multi-source attack protection, and secure networking features in affordable, out-of-the-box solutions. These purpose-built appliances offer a wealth of integrated protection and networking capabilities including process-aware firewall services, Voice over IP (VoIP) and multimedia security, reliable multi-location and remote-access IPcec Virtual Private Network (VPN) connectivity, fault tolerance, intelligent networking services, and versatile administration solutions. The Cisco PIX Security Appliance Series product line ranges from compact plug-and-go desktop units for small and at home offices to modular high-bandwidth appliances with ROI for enterprise and service-provider environments, PIX firewall appliances deliver dependable security, speed, and availability for networks of any size.
Built around a tested, specialized OS that delivers a wealth of protection services, Cisco PIX firewall appliances offer excellent security and have earned EAL 4 status and ICSA Firewall and IP Security qualification. PIX firewall appliances provide protection for a wide range of Voice over IP and additional multimedia conventions such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and MGCP, enabling businesses to protect deployments of a broad array of contemporary and upcoming IP voice and mixed-media applications.
Cisco PIX firewall appliances feature a wealth of configuration, monitoring, and troubleshooting features, providing IT managers the versatility to use the techniques that best match their needs. Administrative solutions include common, policy-based administration tools, integrated web-accessible administration, and compatibility with remote-monitoring standards like Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface provides a powerful web-based management solution that greatly streamlines the deployment, in-place modification, and tracking of a single Cisco PIX firewall without the need of any extra software other than a standard web browser and Java applet to be running on a manager's computer.
Administrators can furthermore remotely configure, monitor, and troubleshoot Cisco PIX firewalls via a command-line interface (CLI). Safe command-line interface (CLI) access is available using a number of techniques such as SSHv2 Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. PIX firewall appliances also have robust auto-update capabilities, a collection of secure remote-management options that make sure that firewall configurations and software images are always up to date.
Cisco Adaptive Security Appliances Firewalls
Cisco ASA Firewalls are specially engineered devices that bring together market-proven, best-of-breed protection and VPN services with an adaptive architecture. The end product is a robust, versatile network security appliance better suited to defend small and midsize business (SMB) and larger networks and, simultaneously, reduce the overall installation and maintenance costs previously associated with this high degree of security.
Cisco ASA Firewalls leverage technology behind Cisco's PIX 500 family Security Appliance, the Cisco IPS 4200 family sensor, and the VPN 3000 model concentrator. These technologies enable the Cisco ASA 5500 Series Firewall product line to deliver a platform that defends against a broad range of attacks. Cisco ASA 5500 Series Firewalls provide application security, local containment, and clean VPN connectivity across the entire product portfolio. This breadth of security enables defense of any network section, which includes the most typical attack conduits like remote locations, locally-connected inside users, and off-site connected Virtual Private Networks.
Cisco Adaptive Security Appliances (ASA) firewalls provide robust application protection via smart, application-aware inspection processes that analyze traffic at Layers 4-7. This results in a more secure environment covering web, voice, and mobile wireless access. To protect environments from application-layer attacks and to give organizations more control over the applications and protocols used in their environments, Cisco's inspection engines incorporate broad application and protocol knowledge and rely on protection enforcement technologies such as anomaly sensing and state monitoring. Also included are assault detection and mitigation techniques including application and protocol command filters and content verification. Cisco ASA 5500 Series firewall inspection engines also provide control over IM and peer-to-peer file sharing, allowing businesses to police usage policies and recover bandwidth for vital business processes.
While improving security, Cisco Adaptive Security Appliances (ASA) firewalls also decrease installation and operational costs. By providing broad VPN and protection services, the Cisco ASA 5500 Series firewall can be used as the single device for many uses, allowing platform commonality. The Cisco ASA firewall can be used as a converged threat-prevention appliance at a central location by taking advantage of its access control, application inspection, and malware remediation capabilities. The Cisco ASA firewall can also be deployed as a specialized remote connectivity solution using its VPN features. As an alternative, the Cisco Adaptive Security Appliances firewall serves equally well in the network interior for interdepartmental access control and to guard against worms, viruses, and other malicious code internal workers may inadvertently introduce into the network. In small business and branch office networks, the Cisco Adaptive Security Appliances (ASA) firewall serves as a total solution platform providing complete intrusion prevention and Virtual Private Network functionality while fitting within the budgets and operational models of such situations.
This versatile one-device, many-solution approach reduces the number of appliances that need to be installed and managed while offering a common operating and management environment throughout all installations. This architecture simplifies the education of configuration, monitoring, troubleshooting, and protection staff. To further reduce operations expenses, Cisco Adaptive Security Appliances (ASA) firewalls are also exceptionally network conscious, enabling these devices to insert seamlessly into the environment without interfering with legitimate traffic and processes.
How Progent's Cisco Certified Experts Can Assist You with Cisco Firewalls
Cisco's ASA Series firewalls and PIX family firewalls provide a wealth of configuration, monitoring, and troubleshooting options which offer you the flexibility to set up these security appliances to align optimally with your company's needs. Progent's CCIE authorized network professionals can assist you to maintain your current infrastructure that incorporates Cisco ASA and/or PIX firewalls and that offers protection, resilience, throughput, and manageability. Progent's firewall experts can also assist your organization to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-certified information security professionals can help your business to create a security policy that makes sense for your business and can configure your security appliance to enforce your security policies. Progent's security evaluation professionals can assess the strength of your existing firewall solution and audit the overall security of your entire IT network. Progentís Technical Response Center (TRC) can provide urgent online troubleshooting for Cisco products and offer fast access to a Cisco CCIE expert.
For more information concerning Progent's consulting expertise for Cisco products, pick a topic:
In order to contact Progent about professional expertise for Cisco networking, call 1-800-993-9400 or go to Contact Progent.