Cisco's PIX security appliances and ASA Series adaptive security appliances combine next-generation firewall, intrusion defense, and VPN functionality in an economical, one-box format. Both product families have been replaced by Cisco's ASA 5500-X series of firewalls with Firepower. (See configuration and debugging support for ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation Cisco ASA 5500 Series adaptive security appliances are widely deployed and continue to deliver small and mid-size organizations a viable security solution.
Cisco PIC and the original ASA 5500 firewalls offer robust user and application policy support, mutlivector assault defense, and secure connectivity features. The increased intelligence sharing of consolidated security features in a single platform offers users implementing these aggregated solutions the advantages of enhanced security, reduced TCO, and minimal maintenance costs.
Cisco PIX security appliances and Cisco's ASA 5500 Series join IOS Firewall, the Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series switches, and Cisco 7600 Series routers as components of Cisco's versatile, self-contained firewall line. Based on a scalable, modular platform, each offering is equipped with a specific array of options to deliver more efficient security to a variety of networking situations. These solutions can be individually deployed to secure certain facets of the connectivity infrastructure, or can be grouped for a layered, defense-in-depth approach based on the architecture leading practices described in the Cisco SAFE Blueprint. Completing the modular firewall solutions, Cisco has developed a comprehensive security management portfolio, ranging from Cisco security appliance and Cisco IOS Software security components and embedded appliance controllers, to self-contained management programs, helping to make sure that businesses can productively manage their Cisco protection solution purchases.
Cisco PIX firewalls offer robust policy support, multi-source invasion defense, and secure networking features in affordable, simple-to-configure solutions. These specialized devices provide a wealth of built-in protection and connectivity services such as process-aware firewall services, VoIP and multimedia protection, reliable multi-site and remote-access IP Security (IPsec) Virtual Private Network networking, high availability, intelligent networking features, and versatile administration options. The Cisco PIX Security Appliance Series product line ranges from compact plug-and-go desktop units for small offices or home offices to stackable high-bandwidth products with ROI for large business and service-provider environments, PIX Security Appliance Series provide dependable security, performance, and availability for environments of all sizes.
Based upon a tested, specialized software platform that delivers a wealth of protection services, Cisco PIX firewalls offer excellent protection and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec qualification. PIX firewalls offer protection for a wide array of Voice over IP and additional multimedia conventions including H.323 Version 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and MGCP, helping businesses to safeguard deployments of a broad range of contemporary and next-generation VoIP and multimedia applications.
Cisco PIX security appliances feature a wealth of configuration, tracking, and analysis options, giving businesses the flexibility to utilize the methods that best meet their needs. Administrative solutions include common, policy-based management utilities, integrated web-accessible administration, and support for remote-tracking protocols such as Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager system offers a powerful web-accessible control solution that significantly simplifies the deployment, ongoing configuration, and tracking of a specific PIX security appliance without the need of any additional software beyond an ordinary web browser and Java applet to be running on a manager's PC.
IT managers can furthermore remotely set up, track, and analyze Cisco PIX firewalls via a command-line interface (CLI). Secure command-line interface (CLI) communication is possible using several methods including Secure Shell Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewall appliances also have robust auto-update features, a collection advanced secure remote-administration services that make sure that firewall configurations and software images are kept up to date.
Cisco ASA Firewalls
Cisco ASA 5500 Series Firewalls are purpose-built solutions that bring together market-proven, industry-leading security and Virtual Private Network services plus a flexible architecture. The end product is a robust, versatile network security solution better able to defend small and medium business and larger networks and, simultaneously, reduce the total deployment and operations costs formerly associated with this enhanced level of protection.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls build on technology behind the Cisco PIX 500 Series firewall, the IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These solutions converge on the Cisco Adaptive Security Appliances 5500 Series Firewall family to deliver a firewall that defends against a wide range of threats. Cisco ASA Firewalls provide program protection, local containment and control, and safe Virtual Private Network connectivity throughout the entire product line. This broad scope of security allows the guarding of any network section, which includes the most typical threat vectors such as remote locations, locally-attached inside users, and off-site access VPNs.
Cisco Adaptive Security Appliances firewalls provide strong application security via smart, application-sensitive inspection processes that analyze network flows at Layers 4-7. This results in a safer environment including web, voice, and mobile wireless access. To protect networks from application-layer attacks and to give organizations more control over the applications and protocols utilized in their networks, Cisco's inspection engines integrate broad application and protocol knowledgebases and rely on security enforcement technologies that include anomaly sensing and application and protocol state monitoring. Also included are attack sensing and remediation technology such as application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also deliver management of IM and tunneling applications, allowing businesses to enforce usage policies and recover bandwidth for critical business applications.
At the same time as improving network security, Cisco ASA 5500 Series firewalls also lower installation and support costs. By offering broad Virtual Private Network and security services, the Cisco Adaptive Security Appliances (ASA) firewall can be used as the single device for many uses, enabling platform standardization. The Cisco ASA 5500 Series firewall can be deployed as a converged attack-prevention device at the datacenter by leveraging its connectivity control, process inspection, and malware mitigation capabilities. The Cisco ASA 5500 Series firewall can also be used as a specialized remote connectivity solution using its Virtual Private Network capabilities. As another option, the Cisco Adaptive Security Appliances firewall serves equally well in the network interior for inter-office connectivity control and to defend against malicious assaults inside workers may inadvertently introduce into the network. For small company and satellite office environments, the Cisco ASA 5500 Series firewall serves as a total solution device offering comprehensive threat prevention and VPN services while suiting the cost structure and operational models of these situations.
This versatile one-device, multiple-solution approach minimizes the total number of devices that need to be installed and managed while providing a common operating and administrative environment across all deployments. This approach simplifies the training of configuration, monitoring, support, and security staff. To further minimize maintenance costs, Cisco Adaptive Security Appliances 5500 Series firewalls are also highly network conscious, allowing them to insert seamlessly into the environment without disrupting legitimate data flow and applications.
How Progent's Cisco Certified Experts Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco's ASA Series adaptive security appliances and PIX family firewalls provide an array of configuration, tracking, and analysis options that give you the ability to set up these firewalls to align optimally with your company's requirements. Progent's CCIE authorized network consultants can show you how to support your existing network infrastructure that includes Cisco ASA and/or PIX firewalls and that provides security, fault tolerance, throughput, and recoverability. Progent can also help you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-premier IS security professionals can help you to create a security strategy that makes sense for your environment and can set up your security appliance to enforce your security policies. Progent's security evaluation experts can evaluate the effectiveness of your existing firewall deployment and validate the security of your whole IT environment. Progentís Technical Response Center can provide urgent online technical support for Cisco products and offer quick access to a Cisco CCIE expert.
To learn more information about Progent's engineering assistance for Cisco technology, select a subject:
In order to ask Progent about technical help for Cisco products, call 1-800-993-9400 or refer to Contact Progent.