Cisco PIX family security appliances and Cisco ASA Series adaptive security appliances integrate next-generation firewall, intrusion protection, and VPN features in an economical, single-cabinet package. Both of these product lines have been superseded by Cisco's ASA 5500-X family of firewalls with Firepower. (See integration and debugging expertise for ASA 5500-X firewalls with Firepower Services.) Still, both PIX and first-generation Cisco ASA 5500 model adaptive security appliances are widely deployed and continue to offer small and mid-size companies a reliable firewall environment.
Cisco PIC and the original ASA 5500 firewalls deliver robust client and program policy support, mutlivector attack protection, and secure access services. The increased intelligence sharing of integrated protection features in a single platform provides users implementing these integrated firewalls the benefits of enhanced security, lower cost of ownership, and smaller management expense.
Cisco PIX firewalls and Cisco's ASA 5500 product line join Cisco IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 family switches, and Cisco 7600 routers as parts of Cisco's versatile, self-contained firewall product. Based on a scalable, modular platform, each device is designed with a specific array of options to provide better protection to different networking situations. These products can be independently deployed to protect certain areas of a connectivity environment, or can be combined for a layered, defense-in-depth approach based on the design best practices described in the Cisco SAFE framework. Completing the modular firewall product line, Cisco provides a complete security management offering, ranging from Cisco security appliance and IOS security features and embedded device controllers, to standalone management utilities, moving to ensure that customers can effectively use their Cisco protection solution purchases.
Cisco PIX Firewall Appliances
PIX firewalls offer robust user and application policy enforcement, multi-source attack protection, and safe networking features in affordable, simple-to-configure solutions. These specialized appliances provide a wealth of integrated security and networking services such as process-aware firewall features, Voice over IP and multimedia security, reliable site-to-site and remote-access IPcec VPN connectivity, excellent resiliency, smart networking services, and versatile management solutions. The Cisco PIX firewall product line ranges from compact plug-and-play devices for small offices or home offices to stackable gigabit appliances with investment protection for large business and service-provider environments, Cisco PIX Security Appliance Series deliver high levels of security, speed, and availability for networks of any size.
Based around a hardened, specialized OS that delivers rich protection services, PIX firewall appliances offer excellent security and have been awarded EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. PIX firewall appliances provide security for a wide range of Voice over IP and additional mixed-media conventions including H.323 v. 4, SIP, SCCP, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, helping organizations to safeguard deployments of a broad array of current and next-generation Voice over IP and multimedia applications.
PIX security appliances offer a wealth of configuration, monitoring, and troubleshooting features, giving IT managers the flexibility to use the methods that best meet their needs. Administrative solutions include centralized, policy-based administration utilities, integrated web-accessible administration, and compatibility with remote-monitoring standards like SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a powerful web-based control solution that significantly streamlines the installation, in-place configuration, and tracking of a specific Cisco PIX firewall without requiring any extra utility beyond a standard browser and Java applet to be running on an administrator's PC.
IT managers can furthermore remotely set up, track, and analyze PIX firewall appliances using a command-line interface (CLI). Safe command-line interface (CLI) communication is available using a number of methods including Secure Shell (SSHv2) Protocol, Telnet over IPsec, and out-of-band through a console port. Cisco PIX security appliances also include robust auto-update features, a collection of protected remote-administration services that make sure that security configurations and software images are kept up to date.
Cisco Adaptive Security Appliances Firewalls
Cisco Adaptive Security Appliances (ASA) Firewalls are purpose-built devices that incorporate advanced, best-of-breed protection and VPN support plus a flexible architecture. The result is a powerful, versatile network security solution better able to defend small and midsize company and enterprise networks and, at the same time, lower the overall installation and operations costs previously associated with this enhanced level of protection.
Cisco ASA Firewalls build on technology behind the Cisco PIX 500 Series Security Appliance, the Cisco IPS 4200 Series sensor, and Cisco's VPN 3000 Series concentrator. These solutions converge on the Cisco ASA Firewall family to offer a platform that stops a wide range of threats. Cisco ASA 5500 Series Firewalls deliver application security, network containment and control, and clean Virtual Private Network functionality across Cisco's product line. This broad scope of protection enables defense of any network section, which includes the most common attack vectors like remote locations, LAN-attached inside users, and off-site access Virtual Private Networks.
Cisco ASA firewalls deliver a high-level of application security through intelligent, application-sensitive inspection processes that examine network flows at Layers 4-7. This produces a better protected network covering web, voice, and mobile wireless services. To defend environments from application-layer attacks and to offer organizations more policing of the applications and protocols used in their environments, Cisco's inspection engines integrate extensive application and protocol knowledgebases and rely on security enforcement technologies such as anomaly detection and state monitoring. Also included are attack detection and mitigation technology such as application/protocol command filtering and URL deobfuscation. Cisco ASA firewall inspection engines also provide management of instant messaging and peer-to-peer file sharing, enabling organizations to police usage policies and free up network bandwidth for important business processes.
While improving security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also decrease installation and support expenses. By providing extensive VPN and protection functions, the Cisco ASA firewall can be a the only platform for many environments, enabling platform commonality. The Cisco Adaptive Security Appliances firewall can be used as a consolidated attack-prevention device at the datacenter by taking advantage of its access control, application inspection, and worm, virus, and other malware mitigation technologies. The Cisco Adaptive Security Appliances 5500 Series firewall can also be deployed as a dedicated remote access device using its VPN features. As another option, the Cisco Adaptive Security Appliances 5500 Series firewall operates capably inside the network for interdepartmental access management and to guard against malicious assaults internal workers might inadvertently introduce into the environment. In small company and satellite office environments, the Cisco ASA 5500 Series firewall serves as a total solution device offering comprehensive intrusion defense and VPN services while fitting within the cost structure and performance models of such deployments.
This versatile single-platform, many-use approach reduces the number of appliances that must be deployed and managed while providing a common operating and management system across all those installations. This approach streamlines the training of configuration, monitoring, support, and security personnel. To further reduce maintenance expenses, Cisco ASA 5500 Series firewalls are also highly network aware, allowing these devices to insert seamlessly into the environment without disrupting authorized traffic and applications.
How Progent Can Help Your Business with Cisco Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX firewalls incorporate an array of setup, monitoring, and troubleshooting features which give you the ability to deploy these security appliances to match your business needs. Progent's CCIE certified network professionals can show you how to support your current infrastructure that incorporates Cisco ASA and/or PIX security appliances and that offers security, resilience, performance, and recoverability. Progent's firewall experts can also help your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-premier IS security experts can assist your business to create a security policy that makes sense for your situation and can set up your firewall to support your security strategy. Progent's risk evaluation professionals can assess the effectiveness of your current firewall deployment and help determine the security of your entire IS network. Progentís Technical Response Center (TRC) can provide urgent online technical support for Cisco products and can give you fast access to a Cisco CCIE network engineer.
To see additional information about Progent's engineering support for Cisco networking products, pick a subject:
To ask Progent about technical assistance for Cisco technology, call 1-800-993-9400 or refer to Contact Progent.