Cisco PIX firewalls and Cisco ASA 5500 Series adaptive security appliances integrate next-generation firewall, intrusion protection, and Virtual Private Network (VPN) functionality in an affordable, one-box format. Both of these product lines have been replaced by the ASA 5500-X family of security appliances with Firepower. (Refer to integration and debugging help with ASA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and first-generation ASA 5500 Series firewalls are widely used and continue to deliver small and mid-size organizations a viable firewall solution.
PIX and legacy ASA 5500 firewalls offer powerful client and application policy enforcement, mutlivector assault protection, and safe access services. The increased intelligence sharing of consolidated security features in a single platform provides customers deploying these integrated firewalls the benefits of advanced protection, reduced cost of ownership, and minimal maintenance costs.
PIX security appliances and Cisco's ASA 5500 Series join Cisco IOS Firewall, the FWSM for Catalyst 6500 switches, and 7600 Series routers as parts of Cisco's flexible, self-contained firewall line. Engineered with an expandable, building-block platform, every device is equipped with a specific feature set to deliver better security to different network environments. These solutions can be individually installed to protect specific areas of a network infrastructure, or can be grouped for a layered, protection-in-depth approach based on the design leading practices described in the Cisco SAFE framework. Rounding out the modular firewall product line, Cisco provides a complete security management offering, spanning Cisco security appliance and Cisco IOS security components and built-in appliance managers, to standalone management programs, helping to ensure that businesses can productively manage their Cisco protection solution investments.
PIX Firewall Appliances
PIX firewall appliances deliver robust user and application policy support, multivector invasion defense, and secure networking services in affordable, easy-to-deploy solutions. These purpose-built appliances provide a wealth of integrated protection and networking services including process-aware firewall services, Voice over IP (VoIP) and multimedia security, robust site-to-site and remote-access IP Security (IPsec) VPN networking, high availability, smart networking features, and flexible administration options. The PIX firewall Appliance product line spans small plug-and-go appliances for small and home offices to modular high-bandwidth appliances with investment protection for enterprise and ISP customers, PIX firewall appliances deliver high levels of security, performance, and availability for environments of all sizes.
Based upon a hardened, purpose-built software platform that offers a wealth of protection services, PIX firewalls provide a high level of security and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. PIX security appliances provide security for a broad range of Voice over IP and additional multimedia standards such as H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), enabling organizations to safeguard deployments of a wide array of current and next-generation IP voice and multimedia applications.
PIX firewalls feature a variety of configuration, tracking, and analysis options, giving businesses the versatility to use the techniques that most closely meet their needs. Administrative solutions include common, policy-based administration utilities, integrated web-based management, and support for remote-monitoring protocols such as SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a powerful web-accessible control platform that significantly simplifies the deployment, ongoing modification, and tracking of a single Cisco PIX firewall without the need of any additional utility other than an ordinary browser and Java applet to be installed on an administrator's PC.
Administrators can furthermore remotely configure, monitor, and troubleshoot PIX security appliances via a CLI interface. Safe command-line interface communication is available through several methods including Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. Cisco PIX firewall appliances also have robust automatic-update capabilities, a collection of protected remote-management options that ensure security settings and software images are always up to date.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco ASA Firewalls are specially engineered solutions that bring together advanced, best-of-breed protection and Virtual Private Network support with a flexible design. The end product is a powerful, multifunction network security solution better suited to protect small and midsize company and larger networks and, simultaneously, reduce the overall installation and operations expenses formerly associated with this enhanced level of security.
Cisco ASA Firewalls build on technology developed for the PIX 500 family firewall, Cisco's IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 Series concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to offer a platform that defends against a broad range of threats. Cisco ASA 5500 Series Firewalls deliver program security, local containment, and safe VPN connectivity across Cisco's product line. This breadth of security allows defense of any network segment, including the most common threat vectors like remote locations, locally-connected inside users, and off-site access VPNs.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver strong application security via intelligent, application-aware inspection engines that analyze traffic at Layers 4-7. This produces a better protected network including web, voice, and mobile wireless access. To defend networks against application-layer assaults and to give organizations more policing of the programs and protocols utilized in their networks, these inspection engines integrate broad application and protocol knowledge and rely on security enforcement solutions that include protocol anomaly detection and state monitoring. Also included are attack sensing and mitigation techniques such as application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide control over IM and peer-to-peer file sharing, enabling businesses to enforce usage policies and recover network bandwidth for important business applications.
At the same time as improving security, Cisco ASA firewalls also lower deployment and support expenses. By offering extensive Virtual Private Network and security services, the Cisco ASA firewall can be used as the single device for many environments, allowing platform standardization. The Cisco Adaptive Security Appliances firewall can be deployed as a consolidated attack-protection appliance at the datacenter by leveraging its access control, process inspection, and malware remediation capabilities. The Cisco ASA firewall can also be used as a specialized remote connectivity device using its VPN capabilities. Alternatively, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall performs capably in the network interior for inter-office connectivity management and to defend against malware inside users might unknowingly introduce into the network. For small company and satellite office environments, the Cisco Adaptive Security Appliances (ASA) firewall serves as an all-in-one platform offering complete threat prevention and Virtual Private Network services while fitting within the budgets and operational demands of these situations.
This versatile one-platform, many-use approach reduces the number of appliances that must be deployed and managed while offering a standard operating and management environment across all those installations. This approach simplifies the training of configuration, monitoring, troubleshooting, and security staff. To further minimize maintenance expenses, Cisco Adaptive Security Appliances (ASA) firewalls are also highly network aware, allowing these devices to integrate seamlessly into the network without interfering with legitimate traffic and processes.
How Progent's Consultants Can Assist You with Cisco Firewalls
Cisco's ASA 5500 Series adaptive security appliances and PIX firewalls provide an array of setup, monitoring, and troubleshooting options that give you the flexibility to deploy these security appliances to match your business requirements. Progent's CCIE authorized network professionals can show you how to maintain your existing infrastructure that incorporates Cisco ASA or PIX firewalls and that provides security, fault tolerance, throughput, and recoverability. Progent can also help your organization to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified information security consultants can help you to develop a security policy appropriate for your situation and can set up your firewall to support your security strategy. Progent's security assessment experts can assess the effectiveness of your existing firewall deployment and audit the overall security of your whole information system environment. Progentís Technical Response Center (TRC) can provide emergency remote technical support for Cisco technology and can give you quick access to a Cisco network engineer.
To find out additional information about Progent's engineering expertise for Cisco technology, pick a subject:
In order to ask Progent about technical help for Cisco products, call 1-800-993-9400 or see Contact Progent.