Cisco's PIX family security appliances and Cisco ASA Series firewalls integrate next-generation firewall, intrusion defense, and Virtual Private Network functionality in a cost-effective, one-box package. Both product lines have been replaced by Cisco's ASA 5500-X family of security appliances with Firepower Services. (Refer to configuration and debugging help with ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and previous-generation ASA 5500 Series firewalls are widely deployed and continue to offer small and mid-size organizations a viable security solution.
PIX and the original ASA 5500 firewalls deliver robust client and program policy enforcement, mutlivector assault protection, and secure connectivity services. The enhanced knowledge sharing of consolidated security services in a single package provides users implementing these integrated firewalls the advantages of advanced protection, reduced cost of ownership, and minimal maintenance costs.
PIX security appliances and Cisco's ASA 5500 Series join IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 family switches, and Cisco 7600 family routers as parts of Cisco's flexible, self-contained firewall solutions. Engineered with a scalable, modular approach, every offering is equipped with a specific feature set to deliver more efficient security to different networking situations. These solutions can be individually installed to secure certain facets of the network infrastructure, or can be combined for a layered, protection-in-depth strategy following the architecture best practices described in the Cisco SAFE framework. Completing the integrated firewall solutions, Cisco has developed a comprehensive security management product portfolio, ranging from Cisco security appliance and Cisco IOS security components and embedded appliance controllers, to standalone management applications, moving to ensure that businesses can effectively manage their Cisco protection infrastructure purchases.
Cisco PIX Firewall Appliances
Cisco PIX Security Appliance Series deliver robust user and application policy support, multivector invasion defense, and secure networking features in cost-effective, easy-to-deploy solutions. These purpose-built appliances provide a wealth of built-in security and networking capabilities such as application-aware firewall features, Voice over IP and multimedia protection, robust site-to-site and remote-connectivity IPcec Virtual Private Network connectivity, high availability, intelligent networking features, and versatile administration options. The PIX firewall Appliance family spans compact plug-and-go devices for small offices or at home offices to stackable high-bandwidth products with investment protection for large business and service-provider customers, PIX Security Appliance Series provide high levels of security, performance, and reliability for networks of all sizes.
Built upon a hardened, specialized software platform that delivers rich protection features, Cisco PIX firewall appliances provide a high level of security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec certification. Cisco PIX security appliances provide protection for a wide array of VoIP and additional mixed-media conventions including H.323 Version 4, SIP, Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol (MGCP), enabling organizations to protect installations of a broad array of current and upcoming VoIP and video applications.
PIX security appliances feature a variety of setup, tracking, and troubleshooting options, giving IT managers the versatility to use the techniques that best meet their needs. Administrative options include centralized, policy-based administration utilities, integrated web-accessible management, and support for remote-tracking protocols such as Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a powerful web-based management solution that significantly streamlines the deployment, ongoing modification, and monitoring of a specific Cisco PIX firewall appliance without requiring any additional utility beyond an ordinary browser and Java applet to be running on a manager's computer.
IT managers can also remotely configure, track, and analyze Cisco PIX firewalls using a command-line interface (CLI). Safe CLI interface access is possible through a number of methods including Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. PIX security appliances also have robust auto-update capabilities, a collection of secure remote-management options that ensure security settings and software images are always current.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls are specially engineered devices that incorporate advanced, best-of-breed security and VPN services plus an adaptive design. The result is a powerful, versatile network protection solution better able to protect small and midsize company and larger networks and, simultaneously, reduce the total deployment and maintenance expenses previously required for this enhanced level of security.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls leverage engineering behind Cisco's PIX 500 family firewall, Cisco's IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These technologies enable the Cisco Adaptive Security Appliances (ASA) Firewall product line to offer a platform that stops a broad range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver application protection, local containment and control, and clean Virtual Private Network functionality across the entire product line. This breadth of security enables the guarding of any network area, including the most typical attack conduits like remote sites, locally-connected internal users, and off-site connected VPNs.
Cisco ASA firewalls provide a high-level of application protection through smart, application-sensitive inspection processes that examine traffic at Layers 4-7. This results in a more secure network including web, voice, and mobile wireless services. To protect environments from application-layer attacks and to give businesses greater policing of the applications and protocols used in their environments, these inspection engines integrate broad application and protocol knowledgebases and rely on protection enforcement technologies that include anomaly detection and state monitoring. Also included are assault sensing and mitigation technology such as application and protocol command filters and content verification. Cisco ASA 5500 Series firewall inspection engines also provide control over IM and peer-to-peer file sharing, enabling businesses to police usage policies and recover bandwidth for vital business applications.
While improving security, Cisco ASA 5500 Series firewalls also lower deployment and operational expenses. By providing broad VPN and security services, the Cisco ASA firewall can be a the only platform for a multitude of environments, enabling product standardization. The Cisco Adaptive Security Appliances 5500 Series firewall can be deployed as a consolidated attack-protection appliance at the datacenter by leveraging its access control, process inspection, and worm, virus, and other malware mitigation capabilities. The Cisco Adaptive Security Appliances 5500 Series firewall can also be used as a specialized remote connectivity device using its VPN capabilities. Alternatively, the Cisco ASA 5500 Series firewall operates equally well inside the network for inter-office connectivity management and to guard against worms, viruses, and other malicious code internal workers may unwittingly release into the environment. For small company and satellite office environments, the Cisco Adaptive Security Appliances (ASA) firewall serves as an all-in-one device providing complete intrusion prevention and Virtual Private Network functionality while suiting the cost structure and performance demands of such situations.
This adaptive one-platform, multiple-solution design reduces the total number of appliances that must be deployed and managed while offering a standard functional and management environment throughout all deployments. This architecture simplifies the education of configuration, tracking, troubleshooting, and protection personnel. To further reduce maintenance costs, Cisco Adaptive Security Appliances 5500 Series firewalls are also highly network aware, allowing these devices to insert seamlessly into the network without disrupting legitimate traffic and applications.
How Progent's Cisco Certified Experts Can Assist You with Cisco PIX and ASA Firewalls
Cisco's ASA 5500 Series firewalls and PIX security appliances provide a wealth of configuration, monitoring, and troubleshooting options which offer you the ability to deploy these security appliances to match your business requirements. Progent's CCIE certified network consultants can show you how to maintain your existing infrastructure that incorporates Cisco ASA or PIX security appliances and that offers security, fault tolerance, throughput, and recoverability. Progent's firewall experts can also help your organization to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-certified information security engineers can assist you to create a security policy appropriate for your environment and can configure your security appliance to enforce your security policies. Progent's risk evaluation professionals can assess the strength of your existing firewall deployment and help determine the security of your whole information system network. Progentís Help Desk support team can deliver emergency remote troubleshooting for Cisco products and can give you fast access to a Cisco expert.
To learn additional information concerning Progent's consulting support for Cisco solutions, select a topic:
In order to get in touch with Progent about technical expertise for Cisco networking, phone 1-800-993-9400 or refer to Contact Progent.