Cisco PIX family firewalls and ASA Series adaptive security appliances integrate next-generation firewall, intrusion protection, and Virtual Private Network (VPN) features in an affordable, one-cabinet package. Both product families have been superseded by the ASA 5500-X line of firewalls with Firepower. (Refer to integration and troubleshooting support for Cisco AA 5500-X firewalls with Firepower Services.) Still, both PIX and earlier-generation Cisco ASA 5500 Series firewalls are widely deployed and continue to provide small and mid-size companies a reliable security environment.
Cisco PIC and legacy ASA 5500 firewalls offer powerful client and application policy enforcement, mutlivector attack protection, and secure connectivity services. The enhanced knowledge sharing of consolidated protection features in a single platform provides users deploying these integrated firewalls the benefits of advanced security, reduced cost of ownership, and smaller management expense.
PIX firewalls and Cisco's ASA 5500 Series join IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 family switches, and Cisco 7600 Series routers as components of Cisco's flexible, integrated firewall product. Engineered with an expandable, building-block approach, every device is designed with a particular feature set to provide better security to a variety of network environments. These solutions can be independently installed to protect specific facets of the connectivity infrastructure, or can be combined for a layered, protection-in-depth approach based on the architecture leading practices outlined in the Cisco SAFE framework. Completing the modular firewall product line, Cisco provides a complete security management product portfolio, spanning Cisco security appliance and IOS security components and built-in device managers, to self-contained management utilities, moving to ensure that customers can productively use their Cisco security infrastructure investments.
Cisco PIX Security Appliance Series
Cisco PIX firewall appliances offer robust user and application policy enforcement, multi-source attack protection, and safe connectivity services in economical, simple-to-configure modules. These specialized appliances offer a broad range of integrated security and connectivity capabilities including process-aware firewall services, Voice over IP (VoIP) and multimedia security, robust multi-site and remote-connectivity IPcec Virtual Private Network (VPN) networking, high availability, intelligent networking services, and flexible administration options. The Cisco PIX firewall product line ranges from compact plug-and-go appliances for small and home offices to stackable high-bandwidth appliances with ROI for enterprise and service-provider customers, Cisco PIX Security Appliance Series deliver dependable security, speed, and reliability for network environments of any size.
Based around a hardened, purpose-built OS that offers a wealth of security services, Cisco PIX firewall appliances provide excellent protection and have received EAL 4 status and ICSA Firewall and IPsec certification. Cisco PIX firewalls offer security for a broad array of VoIP and other mixed-media conventions including H.323 Version 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and MGCP, helping businesses to protect installations of a broad array of contemporary and upcoming VoIP and mixed-media applications.
Cisco PIX firewalls feature a wealth of setup, tracking, and analysis features, providing businesses the flexibility to use the techniques that most closely meet their needs. Administrative solutions include centralized, policy-based administration tools, integrated web-based management, and compatibility with remote-tracking standards like Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface offers a world-class web-based control solution that greatly streamlines the deployment, in-place modification, and tracking of a specific PIX firewall appliance without requiring any extra utility beyond a standard browser and Java plug-in to be running on an administrator's computer.
Administrators can also remotely configure, track, and analyze Cisco PIX security appliances via a command-line interface (CLI). Secure command-line interface (CLI) access is possible using several techniques including Secure Shell (SSHv2) Protocol, Telnet over IPsec, and out-of-band via a console port. Cisco PIX firewalls also include dependable auto-update capabilities, a collection of protected remote-administration services that make sure that security settings and software images are kept current.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco Adaptive Security Appliances Firewalls are purpose-built solutions that bring together advanced, best-of-breed security and VPN services plus a flexible design. The end product is a robust, versatile network security solution better able to protect small and medium business and larger networks and, at the same time, lower the total deployment and operations expenses previously required for this enhanced level of security.
Cisco Adaptive Security Appliances (ASA) Firewalls build on engineering developed for Cisco's PIX 500 Series firewall, the IPS 4200 family sensor, and Cisco's VPN 3000 Series concentrator. These solutions converge on the Cisco ASA 5500 Series Firewall family to offer a platform that stops a wide range of attacks. Cisco Adaptive Security Appliances Firewalls provide program protection, local containment, and clean Virtual Private Network functionality across the entire product portfolio. This breadth of protection allows defense of any network segment, which includes the most typical threat vectors like remote sites, LAN-attached inside users, and off-site connected Virtual Private Networks.
Cisco Adaptive Security Appliances firewalls provide robust application protection via smart, application-sensitive inspection engines that analyze traffic at Layers 4-7. This results in a safer environment including web, voice, and mobile wireless access. To defend networks from application-layer assaults and to give businesses greater policing of the applications and protocols used in their environments, these inspection engines incorporate extensive application and protocol knowledge and employ protection enforcement solutions such as protocol anomaly sensing and application and protocol state tracking. Also incorporated are assault sensing and mitigation techniques such as application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver control over IM and tunneling applications, allowing organizations to enforce usage policies and free up network bandwidth for crucial business applications.
At the same time as increasing security, Cisco ASA firewalls also decrease installation and support costs. By offering extensive VPN and security functions, the Cisco Adaptive Security Appliances firewall can be used as the the only platform for many uses, enabling product commonality. The Cisco Adaptive Security Appliances (ASA) firewall can be deployed as a converged attack-protection device at the datacenter by taking advantage of its access control, application inspection, and malware mitigation technologies. The Cisco ASA firewall can also be deployed as a specialized remote connectivity device utilizing its Virtual Private Network capabilities. As another option, the Cisco Adaptive Security Appliances firewall serves capably in the network interior for inter-office access management and to defend against worms, viruses, and other malicious code inside users may unknowingly introduce into the environment. In small company and branch office networks, the Cisco Adaptive Security Appliances 5500 Series firewall acts as an all-in-one device providing complete threat defense and Virtual Private Network functionality while suiting the cost structure and operational demands of these situations.
This adaptive one-platform, multiple-solution design minimizes the total number of devices that need to be deployed and maintained while providing a common operating and management environment across all those installations. This approach simplifies the education of setup, tracking, troubleshooting, and protection personnel. To further reduce maintenance expenses, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also highly network conscious, enabling them to integrate seamlessly into the environment without interfering with authorized data flow and processes.
How Progent Can Help Your Business with Cisco Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX firewalls provide a wealth of setup, monitoring, and troubleshooting features that give you the flexibility to configure these firewalls to match your company's requirements. Progent's CCIE authorized network professionals can assist you to maintain your existing infrastructure that incorporates Cisco ASA and/or PIX firewall technology and that provides protection, resilience, performance, and recoverability. Progent's firewall experts can also assist you to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified IS security engineers can assist your business to create a security strategy appropriate for your environment and can configure your PIX or ASA firewall to support your security policies. Progent's security evaluation engineers can evaluate the effectiveness of your existing firewall deployment and help determine the overall security of your whole information system environment. Progentís Technical Response Center (TRC) can deliver urgent remote troubleshooting for Cisco products and offer fast access to a Cisco CCIE expert.
To learn more details about Progent's professional support for Cisco products, choose a subject:
In order to get in touch with Progent about professional expertise for Cisco technology, phone 1-800-993-9400 or visit Contact Progent.