Cisco's PIX security appliances and Cisco ASA 5500 Series adaptive security appliances combine comprehensive firewall, intrusion defense, and Virtual Private Network (VPN) functionality in an economical, single-box package. Both of these product families have been superseded by the ASA 5500-X family of security appliances with Firepower Services. (Refer to configuration and debugging expertise for Cisco AA 5500-X firewalls with Firepower Services.) Still, both PIX and previous-generation Cisco ASA 5500 model adaptive security appliances are widely used and continue to offer small and mid-size companies a viable security solution.
Cisco PIC and the original ASA 5500 firewalls deliver powerful client and program policy support, mutlivector attack defense, and secure connectivity services. The increased intelligence sharing of integrated protection services in a single package offers users implementing these aggregated solutions the advantages of enhanced security, lower cost of ownership, and smaller management expense.
PIX security appliances and Cisco's ASA 5500 family join Cisco IOS Firewall, the FWSM for Cisco Catalyst 6500 family switches, and Cisco 7600 family routers as parts of Cisco's versatile, self-contained firewall line. Based on an expandable, modular approach, every device is designed with a specific array of options to deliver more efficient security to a variety of networking environments. These products can be individually installed to secure specific facets of the network environment, or can be combined for a systematic, defense-in-depth approach based on the design leading practices described in the Cisco SAFE framework. Completing the integrated firewall solutions, Cisco provides a complete security management catalog, spanning Cisco security device and IOS security features and embedded appliance managers, to standalone management utilities, helping to ensure that customers can effectively use their Cisco security infrastructure purchases.
Cisco PIX firewall appliances deliver robust policy enforcement, multi-source invasion protection, and secure connectivity features in cost-effective, easy-to-deploy modules. These purpose-built devices provide a wealth of built-in protection and connectivity capabilities including process-aware firewall services, VoIP and multimedia protection, reliable multi-location and remote-access IPcec Virtual Private Network (VPN) networking, excellent resiliency, smart networking features, and versatile management options. The PIX firewall product line ranges from compact plug-and-play devices for small offices or home offices to stackable gigabit products with investment protection for enterprise and ISP customers, Cisco PIX firewall appliances provide dependable security, performance, and reliability for networks of all sizes.
Based around a tested, specialized software platform that delivers a wealth of security services, Cisco PIX firewalls offer excellent protection and have earned EAL 4 status and ICSA Labs Firewall and IP Security qualification. Cisco PIX firewall appliances provide security for a broad range of Voice over IP and additional multimedia standards such as H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), helping organizations to protect installations of a broad range of current and next-generation VoIP and video applications.
Cisco PIX firewall appliances offer a variety of configuration, tracking, and analysis features, giving IT managers the versatility to use the techniques that most closely meet their requirements. Management solutions include common, policy-based administration utilities, integrated web-accessible management, and support for remote-monitoring standards such as Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager system offers a world-class web-based control solution that greatly simplifies the deployment, ongoing configuration, and tracking of a single Cisco PIX firewall appliance without requiring any extra utility other than an ordinary web browser and Java applet to be running on an administrator's computer.
Administrators can also remotely set up, track, and analyze Cisco PIX firewall appliances via a CLI interface. Secure command-line interface (CLI) communication is available using several techniques such as Secure Shell Protocol, Telnet through IP Security, and out-of-band through a console port. PIX firewalls also have robust auto-update features, a collection of protected remote-management services that ensure security configurations and software images are always up to date.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are specially engineered devices that bring together advanced, best-of-breed security and Virtual Private Network support plus a flexible design. The result is a robust, versatile network protection solution better suited to defend small and midsize company and larger networks and, simultaneously, lower the total deployment and maintenance expenses formerly associated with this enhanced degree of protection.
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage engineering behind Cisco's PIX 500 family Security Appliance, the IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 family concentrator. These solutions enable the Cisco Adaptive Security Appliances Firewall family to deliver a platform that stops a wide range of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver program protection, network containment, and safe Virtual Private Network connectivity across the entire product line. This broad scope of protection allows the guarding of any network section, which includes the most common threat vectors like remote locations, locally-connected inside users, and off-site access Virtual Private Networks.
Cisco Adaptive Security Appliances firewalls deliver strong application security through intelligent, application-aware inspection processes that examine traffic at Layers 4-7. The result is a safer environment including web, voice, and mobile wireless connectivity. To protect environments from application-layer assaults and to give businesses more policing of the applications and protocols used in their environments, Cisco's inspection engines incorporate broad application and protocol knowledgebases and rely on protection enforcement solutions such as protocol anomaly sensing and application and protocol state monitoring. Also included are assault detection and mitigation techniques including application and protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver control over IM and peer-to-peer file sharing, allowing businesses to police usage policies and free up network bandwidth for vital business processes.
While improving network security, Cisco Adaptive Security Appliances (ASA) firewalls also lower installation and operational expenses. By offering broad VPN and security functions, the Cisco Adaptive Security Appliances (ASA) firewall can be used as the the only platform for many environments, allowing platform commonality. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as a consolidated attack-prevention appliance at a central location by leveraging its access control, application inspection, and malicious assault remediation technologies. The Cisco Adaptive Security Appliances (ASA) firewall can also be deployed as a specialized remote access device using its Virtual Private Network capabilities. As another option, the Cisco ASA firewall operates capably in the network interior for inter-office access control and to defend against malicious assaults internal workers may unwittingly release into the environment. For small business and branch office networks, the Cisco ASA 5500 Series firewall acts as a total solution platform providing complete intrusion defense and VPN functionality while fitting within the budgets and operational models of such deployments.
This versatile single-platform, multiple-solution approach minimizes the total number of appliances that must be deployed and managed while offering a standard functional and administrative environment across all those installations. This architecture streamlines the training of setup, monitoring, support, and security personnel. To further minimize maintenance expenses, Cisco Adaptive Security Appliances 5500 Series firewalls are also highly network aware, enabling these devices to integrate seamlessly into the network without disrupting legitimate data flow and applications.
How Progent's Cisco Certified Experts Can Assist You with Cisco PIX and ASA Firewalls
Cisco ASA 5500 Series firewalls and PIX family firewalls incorporate an array of configuration, monitoring, and troubleshooting features which offer you the ability to set up these firewalls to match your company's requirements. Progent's CCIE certified network professionals can assist you to maintain your existing infrastructure that includes Cisco ASA or PIX firewall technology and that offers security, fault tolerance, throughput, and recoverability. Progent can also assist you to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified information security experts can assist your business to develop a security strategy appropriate for your environment and can set up your firewall to support your security strategy. Progent's risk assessment experts can evaluate the effectiveness of your current firewall deployment and audit the overall security of your entire IT environment. Progentís Help Desk support team can deliver emergency online troubleshooting for Cisco technology and offer quick access to a Cisco network engineer.
To learn more information concerning Progent's consulting expertise for Cisco technology, choose a subject:
In order to contact Progent about consulting support for Cisco products, call 1-800-993-9400 or go to Contact Progent.