Cisco PIX family firewalls and ASA 5500 Series firewalls integrate comprehensive firewall, intrusion defense, and VPN technologies in a cost-effective, one-box format. Both of these product families have been replaced by Cisco's ASA 5500-X family of firewalls with Firepower Services. (Refer to integration and debugging help with ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation Cisco ASA 5500 model adaptive security appliances are extensively deployed and continue to provide small and mid-size companies a viable security solution.
PIX and legacy ASA 5500 firewalls offer robust client and program policy support, mutlivector attack defense, and safe connectivity features. The increased intelligence sharing of integrated protection services in a single platform offers users implementing these integrated solutions the benefits of advanced security, reduced cost of ownership, and minimal maintenance costs.
Cisco PIX firewalls and the ASA 5500 product line combine with IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 switches, and Cisco 7600 Series routers as parts of Cisco's flexible, self-contained firewall product. Based on an expandable, modular approach, each device is designed with a particular feature set to provide better security to a variety of network situations. These products can be independently installed to secure certain areas of the network infrastructure, or can be combined for a layered, protection-in-depth strategy following the design best practices outlined in the Cisco SAFE framework. Rounding out the modular firewall product line, Cisco provides a comprehensive security management portfolio, spanning Cisco security appliance and Cisco IOS security features and embedded device controllers, to self-contained management programs, helping to make sure that businesses can effectively use their Cisco security solution investments.
Cisco PIX Firewall Appliances
Cisco PIX firewalls deliver robust policy enforcement, multi-source invasion defense, and safe connectivity features in affordable, simple-to-configure solutions. These purpose-built devices offer a wealth of built-in security and networking capabilities including application-aware firewall services, Voice over IP (VoIP) and multimedia security, reliable multi-site and remote-access IPcec Virtual Private Network connectivity, fault tolerance, smart networking features, and flexible management options. The PIX firewall product line spans compact plug-and-play appliances for small offices or home offices to modular high-bandwidth products with investment protection for enterprise and service-provider customers, Cisco PIX firewall appliances deliver high levels of protection, performance, and availability for network environments of all sizes.
Based upon a tested, purpose-built operating system that delivers rich protection features, PIX firewalls provide a high level of protection and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IPsec certification. Cisco PIX security appliances provide protection for a wide range of VoIP and other mixed-media standards such as H.323 Version 4, Session Initiation Protocol (SIP), SCCP, RTSP, and Media Gateway Control Protocol, enabling businesses to protect deployments of a broad array of contemporary and next-generation VoIP and mixed-media applications.
Cisco PIX firewalls feature a variety of setup, tracking, and troubleshooting options, providing IT managers the versatility to utilize the techniques that most closely match their requirements. Management solutions include common, policy-based administration utilities, integrated web-based administration, and support for remote-tracking standards like Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a world-class web-accessible control solution that greatly simplifies the deployment, ongoing modification, and monitoring of a single PIX security appliance without requiring any additional software other than a standard browser and Java plug-in to be running on a manager's PC.
IT managers can also remotely configure, track, and analyze Cisco PIX security appliances via a command-line interface (CLI). Secure command-line interface (CLI) access is available using several techniques such as Secure Shell Protocol, Telnet over IP Security, and out-of-band through a console port. Cisco PIX security appliances also have robust auto-update capabilities, a set advanced protected remote-administration options that make sure that firewall configurations and software images are always current.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls are specially engineered solutions that incorporate advanced, best-of-breed security and VPN services with an adaptive design. The end product is a powerful, multifunction network protection solution better able to protect small and medium company and larger networks and, at the same time, reduce the total deployment and operations costs formerly required for this high degree of protection.
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage technology developed for the Cisco PIX 500 family firewall, Cisco's IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These technologies enable the Cisco ASA Firewall product line to deliver a platform that stops a wide range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver application security, local containment, and safe VPN functionality across Cisco's product line. This broad scope of security allows defense of any network section, including the most common attack conduits such as remote sites, LAN-attached inside users, and off-site access VPNs.
Cisco Adaptive Security Appliances firewalls deliver strong application security via intelligent, application-sensitive inspection engines that analyze traffic at Layers 4-7. The result is a safer network including web, voice, and mobile wireless connectivity. To defend networks from application-layer attacks and to offer businesses more control over the programs and protocols used in their networks, these inspection engines integrate broad application and protocol knowledge and rely on security enforcement technologies that include protocol anomaly detection and application and protocol state monitoring. Also included are attack sensing and mitigation technology including application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver control over IM and peer-to-peer file sharing, enabling businesses to enforce usage policies and recover bandwidth for crucial business processes.
At the same time as increasing network security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also decrease installation and operational expenses. By providing broad Virtual Private Network and security functions, the Cisco ASA 5500 Series firewall can be used as the the only platform for many environments, enabling platform standardization. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be deployed as a converged attack-prevention appliance at the datacenter by leveraging its connectivity control, process inspection, and worm, virus, and other malware mitigation capabilities. The Cisco ASA 5500 Series firewall can also be deployed as a specialized remote connectivity solution utilizing its Virtual Private Network capabilities. Alternatively, the Cisco ASA 5500 Series firewall operates capably inside the network for inter-office access management and to defend against worms, viruses, and other malicious code inside workers may inadvertently introduce into the environment. For small business and satellite office networks, the Cisco Adaptive Security Appliances (ASA) firewall serves as a total solution device offering comprehensive intrusion defense and Virtual Private Network functionality while fitting within the budgets and operational models of such situations.
This adaptive one-platform, many-use design reduces the total number of appliances that need to be installed and managed while providing a common operating and administrative environment throughout all those installations. This architecture streamlines the education of setup, monitoring, troubleshooting, and protection personnel. To further minimize operations costs, Cisco Adaptive Security Appliances 5500 Series firewalls are also exceptionally network aware, allowing them to integrate gracefully into the environment without disrupting authorized data flow and processes.
How Progent's Consultants Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco ASA Series adaptive security appliances and PIX family security appliances provide an array of setup, monitoring, and troubleshooting features which give you the ability to configure these security appliances to match your business requirements. Progent's CCIE certified network consultants can help you to maintain your existing network infrastructure that includes Cisco ASA and/or PIX firewalls and that offers security, fault tolerance, throughput, and recoverability. Progent's firewall experts can also help you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-premier information security consultants can assist you to create a security strategy appropriate for your situation and can configure your PIX or ASA firewall to enforce your security strategy. Progent's security evaluation experts can evaluate the effectiveness of your current firewall deployment and audit the security of your whole IT environment. Progentís Technical Response Center can deliver urgent remote troubleshooting for Cisco products and can give you fast access to a Cisco CCIE network engineer.
For additional information about Progent's professional support for Cisco solutions, choose a subject:
In order to get in touch with Progent about consulting assistance for Cisco technology, call 1-800-993-9400 or go to Contact Progent.