Cisco PIX family firewalls and Cisco ASA Series adaptive security appliances integrate next-generation firewall, intrusion protection, and Virtual Private Network features in an economical, single-box format. Both product families have been replaced by Cisco's ASA 5500-X line of security appliances with Firepower Services. (Refer to integration and debugging help with ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and earlier-generation Cisco ASA 5500 Series firewalls are extensively used and continue to deliver small and mid-size companies a reliable security environment.
Cisco PIC and the original ASA 5500 firewalls deliver robust user and program policy support, mutlivector assault defense, and safe access services. The enhanced knowledge sharing of consolidated protection features in a stand-alone platform offers customers implementing these aggregated solutions the advantages of advanced protection, reduced TCO, and smaller management expense.
PIX firewalls and Cisco's ASA 5500 Series join Cisco IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 switches, and Cisco 7600 Series routers as components of Cisco's versatile, self-contained firewall solutions. Engineered with an expandable, building-block platform, each offering is designed with a particular array of options to provide better security to different network situations. These products can be individually installed to secure certain areas of a network environment, or can be combined for a systematic, defense-in-depth approach following the design leading practices described in the Cisco SAFE Blueprint. Completing the integrated firewall solutions, Cisco has developed a comprehensive security management product portfolio, ranging from Cisco security appliance and Cisco IOS security components and embedded appliance controllers, to self-contained management applications, helping to ensure that customers can productively use their Cisco protection infrastructure investments.
PIX Firewalls
PIX firewall appliances offer reliable user and application policy support, multivector invasion protection, and safe connectivity features in affordable, easy-to-deploy modules. These specialized devices offer a broad range of built-in protection and networking services including process-aware firewall features, VoIP and multimedia protection, robust site-to-site and remote-access IP Security Virtual Private Network (VPN) networking, high availability, smart networking features, and flexible management options. The Cisco PIX firewall Appliance product line ranges from compact plug-and-play devices for small and home offices to modular high-bandwidth appliances with ROI for enterprise and ISP environments, PIX firewalls provide dependable security, performance, and reliability for environments of all sizes.
Built upon a hardened, specialized OS that delivers a wealth of protection services, Cisco PIX firewalls provide excellent security and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security certification. Cisco PIX firewall appliances offer security for a broad array of Voice over IP and additional multimedia conventions such as H.323 v. 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, helping businesses to safeguard deployments of a wide array of contemporary and next-generation IP voice and video applications.
Cisco PIX security appliances feature a wealth of setup, monitoring, and analysis options, providing businesses the versatility to use the methods that most closely meet their needs. Administrative solutions include common, policy-based administration utilities, integrated web-based management, and compatibility with remote-monitoring standards like Simple Network Management Protocol and syslog. The integrated ASDM system provides a world-class web-accessible management platform that greatly simplifies the deployment, ongoing modification, and monitoring of a single Cisco PIX firewall without the need of any additional software other than a standard browser and Java applet to be installed on an administrator's PC.
Administrators can also remotely configure, monitor, and troubleshoot Cisco PIX firewall appliances via a command-line interface (CLI). Secure command-line interface (CLI) access is possible through several techniques such as Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band via a console port. PIX firewall appliances also have dependable auto-update capabilities, a collection of protected remote-management services that make sure that security settings and software images are kept up to date.
Cisco ASA Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls are purpose-built devices that incorporate advanced, industry-leading security and Virtual Private Network support plus an adaptive design. The end product is a robust, multifunction network security appliance better suited to protect small and midsize company and enterprise networks and, simultaneously, lower the overall deployment and maintenance costs formerly required for this enhanced level of security.
Cisco Adaptive Security Appliances firewalls provide strong application security via smart, application-sensitive inspection engines that examine traffic at Layers 4-7. This results in a safer network including web, voice, and mobile wireless connectivity. To defend environments from application-layer assaults and to offer organizations greater policing of the programs and protocols used in their environments, Cisco's inspection engines incorporate broad application and protocol knowledgebases and rely on security enforcement solutions that include protocol anomaly sensing and state tracking. Also included are attack sensing and mitigation technology such as application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, enabling businesses to enforce usage policies and free up bandwidth for vital business applications.
While improving network security, Cisco ASA 5500 Series firewalls also lower deployment and support costs. By providing extensive Virtual Private Network and security functions, the Cisco Adaptive Security Appliances (ASA) firewall can be used as the single device for a multitude of environments, enabling product standardization. The Cisco ASA 5500 Series firewall can be used as a converged threat-prevention device at the datacenter by leveraging its connectivity control, application inspection, and malicious assault mitigation capabilities. The Cisco ASA firewall can also be used as a specialized remote connectivity device utilizing its VPN capabilities. As another option, the Cisco ASA firewall operates equally well inside the network for interdepartmental access control and to guard against malicious assaults internal workers may unknowingly introduce into the environment. For small business and satellite office networks, the Cisco Adaptive Security Appliances (ASA) firewall serves as a total solution platform offering complete intrusion prevention and VPN services while suiting the budgets and operational demands of these deployments.
This versatile one-device, multiple-solution design reduces the total number of devices that need to be installed and maintained while providing a common functional and management environment throughout all those deployments. This architecture streamlines the training of setup, monitoring, troubleshooting, and security staff. To further reduce operations costs, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also highly network conscious, enabling these devices to integrate seamlessly into the environment without disrupting authorized traffic and applications.
How Progent Can Assist You with Cisco PIX and ASA Security Appliances
Cisco ASA 5500 Series adaptive security appliances and PIX family firewalls provide a wealth of configuration, monitoring, and troubleshooting features which offer you the flexibility to deploy these security appliances to match your business requirements. Progent's CCIE authorized network consultants can show you how to support your existing network infrastructure that includes Cisco ASA or PIX security appliances and that provides security, fault tolerance, performance, and recoverability. Progent can also help your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-certified IS security consultants can assist you to create a security strategy that makes sense for your environment and can configure your PIX or ASA firewall to enforce your security strategy. Progent's security assessment consultants can evaluate the strength of your existing firewall solution and help determine the overall security of your whole information system network. Progent's Technical Response Center can deliver emergency online troubleshooting for Cisco products and can give you fast access to a Cisco CCIE network engineer.
To see additional information about Progent's consulting support for Cisco solutions, select a topic: