Cisco PIX security appliances and ASA 5500 Series adaptive security appliances combine next-generation firewall, intrusion defense, and VPN features in a cost-effective, one-cabinet format. Both product families have been replaced by the ASA 5500-X family of firewalls with Firepower. (See integration and debugging expertise for ASA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and earlier-generation Cisco ASA 5500 model firewalls are widely used and continue to offer small and mid-size companies a viable firewall environment.
Cisco PIC and the original ASA 5500 firewalls deliver powerful client and program policy support, mutlivector attack defense, and secure connectivity features. The increased intelligence sharing of integrated security services in a stand-alone platform provides users deploying these integrated solutions the benefits of enhanced protection, lower TCO, and minimal management costs.
Cisco PIX security appliances and the ASA 5500 Series combine with Cisco IOS Firewall, the Firewall Services Module (FWSM) for Cisco Catalyst 6500 switches, and 7600 Series routers as parts of Cisco's versatile, self-contained firewall line. Engineered with a scalable, modular approach, each device is equipped with a particular array of options to deliver more efficient security to different network situations. These solutions can be independently installed to secure specific areas of a network infrastructure, or can be grouped for a layered, defense-in-depth approach based on the architecture leading practices described in Cisco's SAFE framework. Completing the integrated firewall product line, Cisco has developed a comprehensive security management offering, spanning Cisco security device and IOS Software security features and embedded appliance controllers, to standalone management applications, helping to make sure that customers can productively use their Cisco security infrastructure investments.
Cisco PIX Security Appliance Series
Cisco PIX firewalls offer robust policy support, multi-source attack protection, and secure networking features in affordable, easy-to-deploy solutions. These specialized appliances offer a wealth of built-in security and connectivity services such as process-aware firewall services, Voice over IP and multimedia security, reliable site-to-site and remote-connectivity IPcec VPN connectivity, high availability, smart networking features, and versatile management options. The Cisco PIX Security Appliance Series product line spans small plug-and-play desktop units for small offices or at home offices to modular gigabit products with ROI for enterprise and service-provider customers, Cisco PIX firewalls provide high levels of protection, speed, and reliability for network environments of any size.
Based upon a hardened, specialized operating system that delivers a wealth of security features, PIX firewall appliances provide excellent security and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. PIX security appliances provide protection for a wide array of Voice over IP and additional mixed-media conventions such as H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and MGCP, enabling organizations to protect deployments of a wide array of contemporary and upcoming Voice over IP and multimedia applications.
Cisco PIX firewalls feature a variety of configuration, monitoring, and analysis features, providing IT managers the versatility to utilize the methods that most closely match their needs. Administrative options include centralized, policy-based management tools, integrated web-accessible management, and compatibility with remote-tracking protocols like Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a world-class web-based management solution that greatly simplifies the deployment, ongoing configuration, and monitoring of a specific Cisco PIX firewall appliance without the need of any extra software beyond an ordinary web browser and Java applet to be installed on an administrator's computer.
Administrators can also remotely configure, track, and troubleshoot PIX security appliances using a CLI interface. Safe CLI interface communication is available using several methods such as SSHv2 Protocol, Telnet through IPsec, and out-of-band via a console port. Cisco PIX firewall appliances also include dependable automatic-update capabilities, a collection of secure remote-administration options that make sure that firewall configurations and software images are kept current.
Cisco Adaptive Security Appliances (ASA) Firewalls
Cisco Adaptive Security Appliances Firewalls are purpose-built devices that incorporate advanced, best-of-breed protection and VPN services plus a flexible design. The result is a robust, multifunction network protection solution better able to protect small and medium company and larger networks and, at the same time, lower the total installation and maintenance expenses formerly associated with this enhanced degree of protection.
Cisco ASA Firewalls build on engineering developed for the PIX 500 firewall, the IPS 4200 Intrusion Prevention System, and the VPN 3000 Series concentrator. These solutions converge on the Cisco Adaptive Security Appliances (ASA) Firewall product line to offer a firewall that stops a wide range of attacks. Cisco Adaptive Security Appliances Firewalls deliver application protection, local containment, and clean Virtual Private Network functionality throughout Cisco's product portfolio. This broad scope of protection allows defense of any network segment, including the most common threat vectors such as remote locations, LAN-attached internal users, and off-site connected Virtual Private Networks.
Cisco ASA firewalls provide robust application security via smart, application-sensitive inspection engines that analyze network flows at Layers 4-7. The result is a more secure environment including web, voice, and mobile wireless access. To defend networks against application-layer attacks and to offer businesses greater control over the programs and protocols utilized in their environments, Cisco's inspection engines incorporate broad application and protocol knowledge and employ protection enforcement technologies that include protocol anomaly detection and application and protocol state monitoring. Also included are assault sensing and mitigation technology including application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide management of instant messaging and peer-to-peer file sharing, enabling organizations to enforce usage policies and free up network bandwidth for important business processes.
At the same time as increasing security, Cisco ASA firewalls also lower deployment and support costs. By offering broad Virtual Private Network and security services, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as the the only platform for many environments, enabling platform commonality. The Cisco Adaptive Security Appliances firewall can be used as a consolidated threat-protection appliance at a central location by leveraging its connectivity control, application inspection, and worm, virus, and other malware remediation technologies. The Cisco ASA 5500 Series firewall can also be used as a dedicated remote access solution utilizing its Virtual Private Network features. As another option, the Cisco Adaptive Security Appliances (ASA) firewall performs capably inside the network for interdepartmental connectivity control and to defend against worms, viruses, and other malicious code internal workers may unwittingly introduce into the network. In small company and branch office networks, the Cisco Adaptive Security Appliances 5500 Series firewall acts as a total solution device offering comprehensive threat prevention and Virtual Private Network services while fitting within the cost structure and performance models of these deployments.
This versatile single-device, multiple-use design minimizes the total number of appliances that need to be installed and maintained while providing a standard functional and administrative system throughout all those installations. This approach simplifies the training of setup, monitoring, troubleshooting, and security staff. To further reduce maintenance costs, Cisco Adaptive Security Appliances 5500 Series firewalls are also highly network aware, allowing these devices to insert seamlessly into the environment without disrupting legitimate data flow and applications.
How Progent's Consultants Can Help You with Cisco PIX and ASA Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX security appliances provide a wealth of setup, tracking, and analysis features which offer you the ability to deploy these firewalls to match your business requirements. Progent's CCIE authorized network experts can assist you to maintain your existing network infrastructure that incorporates Cisco ASA and/or PIX firewall technology and that offers protection, fault tolerance, performance, and manageability. Progent's firewall experts can also assist your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified information security engineers can help you to develop a security strategy appropriate for your situation and can set up your PIX or ASA firewall to enforce your security strategy. Progent's security assessment experts can assess the strength of your current firewall deployment and help determine the security of your whole information system network. Progentís Help Desk support team can deliver urgent online troubleshooting for Cisco products and offer fast access to a Cisco network engineer.
To see more details about Progent's consulting assistance for Cisco products, pick a subject:
To get in touch with Progent about engineering expertise for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.