Cisco PIX firewalls and ASA 5500 Series firewalls combine next-generation firewall, intrusion defense, and VPN functionality in an economical, single-box package. Both of these product families have been superseded by the ASA 5500-X series of firewalls with Firepower. (See configuration and troubleshooting help with ASA 5500-X firewalls with Firepower Services.) Still, both PIX and first-generation Cisco ASA 5500 Series firewalls are widely deployed and continue to provide small and mid-size companies a reliable firewall solution.
PIX and legacy ASA 5500 firewalls deliver powerful user and program policy support, mutlivector attack defense, and safe access services. The increased knowledge sharing of consolidated protection services in a single package provides customers deploying these aggregated firewalls the benefits of advanced security, reduced TCO, and smaller maintenance costs.
Cisco PIX security appliances and the ASA 5500 product line combine with Cisco IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 switches, and 7600 Series routers as parts of Cisco's versatile, integrated firewall solutions. Engineered with an expandable, building-block approach, every offering is designed with a specific array of options to deliver more efficient protection to different networking environments. These products can be individually deployed to secure specific areas of the network infrastructure, or can be grouped for a systematic, protection-in-depth strategy based on the design best practices outlined in the Cisco SAFE framework. Rounding out the integrated firewall product line, Cisco provides a complete security management product portfolio, ranging from Cisco security device and Cisco IOS security components and built-in device controllers, to standalone management applications, moving to ensure that customers can productively manage their Cisco security infrastructure investments.
Cisco PIX Security Appliance Series
Cisco PIX Security Appliance Series deliver robust user and application policy enforcement, multivector invasion protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. These purpose-built devices provide a broad range of integrated protection and networking capabilities such as process-aware firewall features, VoIP and multimedia protection, robust multi-site and remote-access IP Security VPN connectivity, excellent resiliency, intelligent networking services, and versatile administration solutions. The PIX Security Appliance Series product line ranges from small plug-and-go desktop units for small offices and home offices to modular gigabit appliances with investment protection for large business and service-provider environments, Cisco PIX firewalls provide dependable protection, performance, and reliability for networks of any size.
Based upon a tested, purpose-built software platform that delivers rich security features, PIX firewall appliances provide a high level of protection and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security certification. PIX security appliances offer protection for a wide range of Voice over IP and other mixed-media standards including H.323 v. 4, Session Initiation Protocol, SCCP, RTSP, and MGCP, helping organizations to protect installations of a broad array of contemporary and next-generation VoIP and mixed-media applications.
Cisco PIX firewall appliances feature a wealth of configuration, tracking, and analysis features, giving businesses the flexibility to utilize the techniques that most closely match their requirements. Management options include centralized, policy-based administration tools, integrated web-accessible administration, and support for remote-tracking protocols like Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM system offers a world-class web-based control platform that significantly simplifies the deployment, ongoing configuration, and tracking of a specific PIX firewall without the need of any extra utility other than an ordinary web browser and Java applet to be running on an administrator's PC.
Administrators can also remotely set up, monitor, and troubleshoot PIX firewall appliances via a command-line interface (CLI). Secure CLI interface access is possible using several techniques including Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band via a console port. Cisco PIX firewalls also include dependable automatic-update features, a set advanced protected remote-management options that make sure that security configurations and software images are always current.
Cisco Adaptive Security Appliances (ASA) Firewalls
Cisco ASA Firewalls are purpose-built solutions that incorporate advanced, industry-leading protection and VPN support with an adaptive architecture. The end product is a powerful, multifunction network protection appliance better able to defend small and medium company and enterprise networks and, simultaneously, reduce the total deployment and maintenance expenses formerly required for this high level of security.
Cisco ASA 5500 Series Firewalls leverage technology developed for the Cisco PIX 500 family firewall, the Cisco IPS 4200 sensor, and the Cisco VPN 3000 family concentrator. These technologies enable the Cisco Adaptive Security Appliances 5500 Series Firewall product line to deliver a firewall that defends against a broad range of threats. Cisco ASA 5500 Series Firewalls deliver program security, network containment, and clean Virtual Private Network functionality throughout the entire product portfolio. This broad scope of security enables defense of any network section, including the most common attack conduits like remote sites, locally-attached internal users, and off-site connected VPNs.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver a high-level of application protection via intelligent, application-aware inspection processes that examine traffic at Layers 4-7. This produces a better protected environment covering web, voice, and mobile wireless access. To protect networks against application-layer attacks and to give organizations greater policing of the applications and protocols utilized in their networks, these inspection engines incorporate extensive application and protocol knowledgebases and employ security enforcement solutions that include anomaly sensing and state monitoring. Also incorporated are assault sensing and remediation techniques including application and protocol command filtering and content verification. Cisco ASA firewall inspection engines also deliver control over instant messaging and peer-to-peer file sharing, allowing businesses to enforce usage policies and conserve network bandwidth for critical business applications.
At the same time as increasing network protection, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also decrease deployment and operational expenses. By offering broad Virtual Private Network and protection functions, the Cisco Adaptive Security Appliances 5500 Series firewall can be a the only platform for many uses, enabling product standardization. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as a consolidated threat-protection appliance at the datacenter by leveraging its connectivity control, process inspection, and malware mitigation technologies. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can also be deployed as a dedicated remote access device utilizing its VPN capabilities. As another option, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall operates capably in the network interior for interdepartmental connectivity control and to guard against worms, viruses, and other malicious code internal workers may unwittingly introduce into the environment. In small business and satellite office environments, the Cisco ASA 5500 Series firewall serves as a total solution platform offering comprehensive threat prevention and VPN functionality while suiting the cost structure and operational demands of such deployments.
This adaptive single-platform, multiple-use design reduces the number of devices that need to be installed and maintained while offering a common functional and management environment throughout all deployments. This approach streamlines the training of configuration, monitoring, troubleshooting, and security staff. To further reduce maintenance costs, Cisco Adaptive Security Appliances firewalls are also highly network aware, enabling them to insert gracefully into the environment without disrupting legitimate traffic and processes.
How Progent Can Assist You with Cisco Firewalls
Cisco's ASA Series adaptive security appliances and PIX family security appliances incorporate an array of setup, tracking, and analysis features which give you the flexibility to set up these security appliances to match your business needs. Progent's CCIE certified network consultants can help you to support your current network infrastructure that includes Cisco ASA or PIX security appliances and that provides protection, fault tolerance, throughput, and recoverability. Progent's firewall experts can also help your organization to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified information security experts can assist you to develop a security policy that makes sense for your business and can set up your firewall to support your security strategy. Progent's security assessment professionals can assess the strength of your current firewall deployment and help determine the security of your whole information system network. Progentís Technical Response Center (TRC) can provide urgent online troubleshooting for Cisco products and offer fast access to a Cisco network engineer.
For more information about Progent's engineering support for Cisco technology, choose a subject:
To get in touch with Progent about engineering expertise for Cisco networking, call 1-800-993-9400 or go to Contact Progent.