Cisco's PIX family security appliances and ASA 5500 Series adaptive security appliances combine next-generation firewall, intrusion defense, and Virtual Private Network technologies in a cost-effective, single-cabinet package. Both product lines have been superseded by the ASA 5500-X family of security appliances with Firepower Services. (Refer to configuration and debugging help with Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and earlier-generation ASA 5500 model adaptive security appliances are extensively deployed and continue to offer small and mid-size companies a reliable security solution.
PIX and the original ASA 5500 firewalls deliver powerful user and application policy enforcement, mutlivector attack protection, and safe connectivity features. The enhanced knowledge sharing of consolidated protection features in a single platform provides users implementing these integrated firewalls the benefits of advanced protection, reduced cost of ownership, and minimal management costs.
Cisco PIX firewalls and the ASA 5500 product line join Cisco IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 Series switches, and Cisco 7600 routers as components of Cisco's versatile, integrated firewall product. Based on an expandable, modular approach, every device is designed with a particular array of options to provide more efficient security to different networking situations. These solutions can be independently deployed to secure specific facets of the connectivity environment, or can be grouped for a layered, defense-in-depth approach based on the architecture leading practices outlined in Cisco's SAFE framework. Rounding out the integrated firewall solutions, Cisco has developed a complete security management product portfolio, ranging from Cisco security appliance and Cisco IOS Software security features and built-in appliance controllers, to self-contained management applications, moving to make sure that customers can productively manage their Cisco security solution purchases.
Cisco PIX firewall appliances deliver reliable user and application policy support, multivector invasion protection, and secure connectivity features in cost-effective, easy-to-deploy solutions. These purpose-built appliances provide a broad range of built-in security and connectivity capabilities such as process-aware firewall features, Voice over IP (VoIP) and multimedia protection, reliable multi-site and remote-connectivity IP Security Virtual Private Network networking, excellent resiliency, intelligent networking features, and flexible administration solutions. The Cisco PIX firewall Appliance product line ranges from small plug-and-go appliances for small and at home offices to modular gigabit appliances with investment protection for enterprise and service-provider environments, PIX firewalls deliver dependable protection, performance, and reliability for networks of any size.
Based upon a tested, purpose-built operating system that delivers rich protection services, Cisco PIX firewalls provide excellent security and have been awarded Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security certification. PIX firewalls offer security for a broad array of VoIP and other multimedia conventions such as H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and MGCP, helping organizations to protect deployments of a wide range of current and upcoming VoIP and multimedia applications.
PIX firewalls feature a wealth of setup, tracking, and analysis features, giving businesses the versatility to utilize the techniques that most closely meet their needs. Management solutions include centralized, policy-based administration utilities, integrated web-based management, and compatibility with remote-monitoring protocols such as SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a world-class web-based control platform that significantly streamlines the deployment, ongoing configuration, and tracking of a single PIX firewall appliance without requiring any extra software other than an ordinary web browser and Java plug-in to be running on an administrator's PC.
Administrators can also remotely configure, monitor, and troubleshoot PIX firewalls using a command-line interface. Secure command-line interface (CLI) communication is possible through several methods such as Secure Shell Protocol, Telnet over IPsec, and out-of-band via a console port. Cisco PIX security appliances also include robust automatic-update capabilities, a collection advanced protected remote-management services that make sure that firewall settings and software images are always up to date.
Cisco ASA Firewalls
Cisco Adaptive Security Appliances Firewalls are specially engineered solutions that bring together advanced, industry-leading protection and Virtual Private Network services plus a flexible design. The result is a powerful, multifunction network protection appliance better suited to protect small and medium business and enterprise networks and, simultaneously, reduce the overall deployment and operations expenses formerly associated with this high level of security.
Cisco ASA 5500 Series Firewalls build on technology developed for Cisco's PIX 500 Security Appliance, the Cisco IPS 4200 Series sensor, and the VPN 3000 family concentrator. These technologies converge on the Cisco Adaptive Security Appliances Firewall family to offer a platform that defends against a broad range of attacks. Cisco ASA Firewalls deliver application security, network containment, and safe VPN functionality across Cisco's product line. This broad scope of protection allows defense of any network area, which includes the most typical threat vectors like remote sites, LAN-attached inside users, and remote access VPNs.
Cisco ASA 5500 Series firewalls deliver robust application protection via smart, application-aware inspection engines that examine network flows at Layers 4-7. This produces a more secure environment covering web, voice, and mobile wireless access. To protect networks against application-layer attacks and to offer organizations more policing of the programs and protocols utilized in their environments, these inspection engines incorporate extensive application and protocol knowledgebases and employ protection enforcement technologies that include anomaly detection and state monitoring. Also incorporated are attack detection and remediation techniques including application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also provide management of IM and tunneling applications, allowing organizations to police usage policies and conserve bandwidth for critical business processes.
While increasing security, Cisco Adaptive Security Appliances (ASA) firewalls also decrease deployment and operational expenses. By offering broad Virtual Private Network and protection services, the Cisco Adaptive Security Appliances firewall can be a single device for many environments, allowing product standardization. The Cisco Adaptive Security Appliances 5500 Series firewall can be used as a consolidated attack-prevention device at a central location by taking advantage of its connectivity control, application inspection, and malware mitigation capabilities. The Cisco ASA 5500 Series firewall can also be used as a specialized remote access device using its Virtual Private Network capabilities. As an alternative, the Cisco Adaptive Security Appliances 5500 Series firewall serves equally well in the network interior for inter-office connectivity management and to guard against malicious assaults inside users may inadvertently introduce into the network. In small company and branch office environments, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves as a total solution platform offering comprehensive threat prevention and VPN services while fitting within the budgets and performance demands of such situations.
This adaptive one-device, many-solution approach minimizes the total number of devices that must be deployed and managed while providing a standard functional and administrative system across all deployments. This approach streamlines the training of setup, tracking, troubleshooting, and security personnel. To further minimize operations expenses, Cisco Adaptive Security Appliances 5500 Series firewalls are also exceptionally network aware, enabling these devices to integrate seamlessly into the network without disrupting authorized data flow and applications.
How Progent's Cisco Certified Experts Can Help You with Cisco PIX and ASA Firewalls
Cisco ASA 5500 Series adaptive security appliances and PIX family security appliances provide a wealth of setup, monitoring, and troubleshooting options that offer you the ability to set up these security appliances to match your business requirements. Progent's CCIE authorized network professionals can show you how to maintain your existing infrastructure that includes Cisco ASA or PIX security appliances and that provides protection, resilience, throughput, and recoverability. Progent's firewall experts can also assist your organization to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-certified IS security engineers can help your business to develop a security policy appropriate for your environment and can set up your PIX or ASA firewall to support your security strategy. Progent's security assessment engineers can evaluate the strength of your existing firewall solution and help determine the overall security of your entire IS network. Progentís Help Desk Call Center can provide emergency remote troubleshooting for Cisco technology and offer quick access to a Cisco CCIE network engineer.
To learn additional information concerning Progent's professional support for Cisco technology, select a topic:
In order to contact Progent about technical support for Cisco networking, call 1-800-993-9400 or see Contact Progent.