Cisco PIX family security appliances and Cisco ASA 5500 Series adaptive security appliances combine next-generation firewall, intrusion protection, and VPN features in a cost-effective, single-cabinet package. Both of these product lines have been replaced by Cisco's ASA 5500-X family of security appliances with Firepower. (Refer to integration and troubleshooting help with Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and first-generation ASA 5500 Series firewalls are extensively deployed and continue to deliver small and mid-size companies a viable firewall environment.
PIX and the original ASA 5500 firewalls deliver robust client and application policy support, mutlivector assault defense, and secure connectivity services. The increased intelligence sharing of integrated protection services in a single package provides users deploying these aggregated solutions the benefits of enhanced protection, reduced TCO, and minimal maintenance costs.
Cisco PIX firewalls and Cisco's ASA 5500 Series join Cisco IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 switches, and 7600 Series routers as parts of Cisco's versatile, self-contained firewall solutions. Engineered with an expandable, building-block platform, every device is designed with a particular array of options to provide better protection to different network situations. These solutions can be independently installed to protect specific areas of a network environment, or can be grouped for a systematic, protection-in-depth approach following the architecture best practices outlined in Cisco's SAFE framework. Rounding out the integrated firewall product line, Cisco provides a comprehensive security management product portfolio, spanning Cisco security device and Cisco IOS Software security components and built-in device controllers, to standalone management utilities, helping to ensure that customers can productively manage their Cisco protection infrastructure investments.
PIX Firewall Appliances
Cisco PIX firewalls deliver robust policy support, multivector attack protection, and secure connectivity features in economical, easy-to-deploy modules. These purpose-built appliances provide a wealth of built-in protection and networking capabilities such as process-aware firewall services, Voice over IP and multimedia protection, robust site-to-site and remote-connectivity IP Security VPN connectivity, high availability, smart networking features, and flexible administration options. The Cisco PIX Security Appliance Series family spans compact plug-and-go devices for small or home offices to stackable high-bandwidth products with investment protection for large business and service-provider customers, PIX firewalls provide high levels of security, performance, and reliability for environments of all sizes.
Built upon a tested, specialized operating system that delivers a wealth of protection services, Cisco PIX firewalls provide excellent protection and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. PIX security appliances provide protection for a wide array of VoIP and additional mixed-media standards such as H.323 Version 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol, and Media Gateway Control Protocol, enabling organizations to protect deployments of a wide array of contemporary and next-generation Voice over IP and mixed-media applications.
Cisco PIX security appliances offer a wealth of configuration, tracking, and troubleshooting features, providing IT managers the versatility to utilize the methods that most closely meet their requirements. Administrative options include common, policy-based management utilities, integrated web-based administration, and support for remote-tracking protocols like Simple Network Management Protocol and syslog. The integrated ASDM interface provides a powerful web-based control platform that greatly streamlines the installation, in-place configuration, and monitoring of a specific Cisco PIX firewall appliance without the need of any additional utility other than a standard web browser and Java applet to be installed on an administrator's PC.
Administrators can also remotely set up, track, and troubleshoot PIX security appliances using a command-line interface (CLI). Secure command-line interface access is possible using a number of techniques including Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. Cisco PIX security appliances also include robust automatic-update capabilities, a set of secure remote-management services that make sure that security configurations and software images are kept current.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco ASA Firewalls are specially engineered devices that bring together market-proven, industry-leading protection and Virtual Private Network services with a flexible design. The result is a powerful, multifunction network security appliance better able to protect small and medium business (SMB) and larger networks and, simultaneously, lower the overall deployment and maintenance expenses previously required for this enhanced level of security.
Cisco Adaptive Security Appliances 5500 Series Firewalls build on technology developed for the PIX 500 Series Security Appliance, the Cisco IPS 4200 Series Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) Firewall product line to deliver a platform that defends against a wide range of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver application protection, local containment, and safe Virtual Private Network connectivity throughout the entire product line. This broad scope of protection allows defense of any network section, which includes the most common threat conduits such as remote sites, LAN-connected inside users, and off-site access VPNs.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver strong application security via smart, application-aware inspection processes that analyze traffic at Layers 4-7. This produces a better protected network covering web, voice, and mobile wireless services. To defend environments against application-layer attacks and to give businesses more policing of the applications and protocols utilized in their networks, these inspection engines integrate extensive application and protocol knowledge and employ protection enforcement technologies that include anomaly detection and application and protocol state tracking. Also included are assault sensing and mitigation technology including application and protocol command filters and URL deobfuscation. Cisco ASA firewall inspection engines also deliver management of instant messaging and peer-to-peer file sharing, allowing organizations to enforce usage policies and conserve network bandwidth for important business processes.
While increasing network protection, Cisco Adaptive Security Appliances firewalls also lower deployment and support costs. By offering broad Virtual Private Network and security services, the Cisco Adaptive Security Appliances firewall can be a the only platform for many uses, allowing product standardization. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be deployed as a converged attack-protection device at a central location by leveraging its connectivity control, process inspection, and worm, virus, and other malware mitigation capabilities. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can also be deployed as a specialized remote access solution utilizing its VPN features. Alternatively, the Cisco Adaptive Security Appliances 5500 Series firewall serves equally well inside the network for interdepartmental connectivity management and to defend against worms, viruses, and other malicious code inside users may inadvertently introduce into the environment. In small business and branch office networks, the Cisco Adaptive Security Appliances 5500 Series firewall serves as an all-in-one platform providing complete threat prevention and Virtual Private Network functionality while fitting within the cost structure and operational models of these situations.
This adaptive single-platform, multiple-use approach minimizes the total number of appliances that need to be deployed and maintained while offering a standard functional and management system across all deployments. This approach streamlines the education of setup, monitoring, troubleshooting, and protection personnel. To further reduce maintenance costs, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also highly network conscious, allowing these devices to integrate seamlessly into the environment without disrupting authorized traffic and applications.
How Progent's Cisco Certified Experts Can Assist You with Cisco PIX and ASA Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX family security appliances provide an array of setup, tracking, and troubleshooting options that give you the ability to configure these firewalls to align optimally with your company's needs. Progent's CCIE authorized network professionals can help you to maintain your existing network infrastructure that incorporates Cisco ASA or PIX firewall technology and that offers security, resilience, throughput, and manageability. Progent can also help you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-certified IS security experts can assist you to create a security strategy appropriate for your business and can set up your firewall to support your security strategy. Progent's risk assessment professionals can evaluate the strength of your current firewall solution and validate the security of your entire information system environment. Progentís Help Desk support team can provide emergency online technical support for Cisco technology and offer fast access to a Cisco CCIE expert.
For additional information concerning Progent's engineering help for Cisco networking products, select a subject:
If you wish to contact Progent about technical help for Cisco networking, call 1-800-993-9400 or see Contact Progent.