Cisco's PIX security appliances and ASA Series adaptive security appliances integrate next-generation firewall, intrusion defense, and VPN technologies in an affordable, one-box package. Both of these product families have been replaced by the ASA 5500-X line of security appliances with Firepower. (Refer to integration and troubleshooting help with Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, PIX and earlier-generation ASA 5500 Series adaptive security appliances are widely used and continue to provide small and mid-size organizations a reliable security environment.
Cisco PIC and the original ASA 5500 firewalls offer robust client and program policy support, mutlivector attack defense, and safe connectivity services. The increased knowledge sharing of integrated security services in a stand-alone platform provides customers deploying these integrated solutions the advantages of advanced security, reduced cost of ownership, and minimal management expense.
PIX security appliances and the ASA 5500 Series join IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 Series switches, and 7600 Series routers as components of Cisco's versatile, self-contained firewall product. Based on a scalable, modular approach, every offering is equipped with a specific array of options to provide better protection to a variety of networking environments. These products can be independently deployed to secure specific facets of a network environment, or can be combined for a systematic, defense-in-depth strategy following the architecture leading practices outlined in Cisco's SAFE Blueprint. Rounding out the modular firewall solutions, Cisco has developed a comprehensive security management portfolio, ranging from Cisco security appliance and Cisco IOS Software security features and built-in appliance controllers, to standalone management applications, moving to make sure that customers can productively manage their Cisco protection infrastructure purchases.
PIX firewall appliances deliver robust user and application policy enforcement, multi-source attack protection, and secure connectivity services in cost-effective, easy-to-deploy modules. These purpose-built devices provide a broad range of integrated protection and connectivity services including application-aware firewall services, Voice over IP (VoIP) and multimedia security, robust multi-location and remote-access IPcec Virtual Private Network networking, excellent resiliency, intelligent networking features, and flexible management solutions. The Cisco PIX Security Appliance Series family spans compact plug-and-go desktop units for small and at home offices to stackable high-bandwidth appliances with ROI for large business and ISP environments, PIX firewall appliances deliver dependable security, speed, and reliability for network environments of any size.
Based around a hardened, purpose-built OS that delivers rich security services, Cisco PIX firewall appliances offer excellent protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. Cisco PIX firewalls provide protection for a broad array of VoIP and other mixed-media conventions such as H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol (MGCP), enabling organizations to protect installations of a wide range of current and next-generation VoIP and mixed-media applications.
PIX firewall appliances feature a variety of configuration, monitoring, and troubleshooting options, giving IT managers the flexibility to utilize the techniques that best match their needs. Administrative solutions include centralized, policy-based management tools, integrated web-based administration, and support for remote-tracking standards such as SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system offers a world-class web-accessible control solution that greatly simplifies the deployment, ongoing modification, and tracking of a single PIX firewall without requiring any extra software beyond an ordinary web browser and Java plug-in to be running on a manager's computer.
Administrators can also remotely set up, monitor, and troubleshoot Cisco PIX security appliances using a command-line interface (CLI). Safe command-line interface (CLI) access is available using several methods including SSHv2 Protocol, Telnet through IP Security, and out-of-band via a console port. Cisco PIX firewall appliances also include dependable auto-update features, a collection advanced secure remote-administration services that ensure security configurations and software images are kept up to date.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls are specially engineered solutions that bring together market-proven, best-of-breed protection and Virtual Private Network support with an adaptive design. The result is a powerful, multifunction network protection solution better suited to defend small and medium business and enterprise networks and, simultaneously, lower the total deployment and maintenance costs formerly associated with this high level of security.
Cisco Adaptive Security Appliances Firewalls build on technology behind Cisco's PIX 500 Security Appliance, Cisco's IPS 4200 Series Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These technologies converge on the Cisco Adaptive Security Appliances 5500 Series Firewall family to offer a firewall that defends against a wide range of threats. Cisco Adaptive Security Appliances Firewalls deliver program security, local containment and control, and clean VPN functionality throughout Cisco's product line. This broad scope of security allows the guarding of any network segment, including the most common attack conduits like remote sites, LAN-connected internal users, and remote connected VPNs.
Cisco Adaptive Security Appliances 5500 Series firewalls provide a high-level of application protection through intelligent, application-aware inspection processes that analyze traffic at Layers 4-7. The result is a better protected network including web, voice, and mobile wireless access. To defend environments against application-layer attacks and to give organizations more policing of the applications and protocols used in their networks, Cisco's inspection engines integrate broad application and protocol knowledgebases and rely on protection enforcement solutions that include anomaly sensing and application and protocol state monitoring. Also included are attack detection and mitigation technology including application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver control over instant messaging and tunneling applications, allowing organizations to police usage policies and preserve bandwidth for vital business applications.
While improving security, Cisco ASA firewalls also decrease deployment and support expenses. By offering broad VPN and security functions, the Cisco Adaptive Security Appliances (ASA) firewall can be a the only platform for many uses, allowing platform commonality. The Cisco Adaptive Security Appliances (ASA) firewall can be used as a consolidated attack-prevention device at the datacenter by leveraging its connectivity control, process inspection, and malicious assault mitigation capabilities. The Cisco Adaptive Security Appliances firewall can also be used as a specialized remote access device utilizing its VPN features. As another option, the Cisco ASA 5500 Series firewall serves capably inside the network for inter-office connectivity management and to defend against malware inside users might unwittingly introduce into the environment. For small company and satellite office networks, the Cisco ASA 5500 Series firewall acts as a total solution platform providing complete intrusion prevention and VPN functionality while fitting within the cost structure and operational demands of such deployments.
This adaptive single-device, multiple-solution approach reduces the total number of devices that must be deployed and maintained while providing a common operating and administrative environment throughout all those installations. This approach streamlines the education of configuration, monitoring, support, and security staff. To further reduce maintenance costs, Cisco ASA firewalls are also exceptionally network conscious, allowing them to integrate gracefully into the network without interfering with legitimate traffic and applications.
How Progent's Cisco Certified Experts Can Assist Your Business with Cisco Firewalls
Cisco ASA 5500 Series adaptive security appliances and PIX family security appliances incorporate an array of configuration, monitoring, and analysis options that offer you the ability to deploy these firewalls to match your company's requirements. Progent's CCIE authorized network professionals can assist you to support your existing network infrastructure that includes Cisco ASA or PIX security appliances and that offers protection, resilience, performance, and recoverability. Progent's firewall experts can also assist your organization to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-premier IS security engineers can assist you to develop a security policy appropriate for your environment and can configure your firewall to enforce your security strategy. Progent's security evaluation experts can evaluate the effectiveness of your current firewall solution and audit the overall security of your whole information system network. Progentís Help Desk support team can provide urgent remote technical support for Cisco technology and can give you quick access to a Cisco expert.
To see more details about Progent's engineering help for Cisco products, pick a subject:
If you wish to ask Progent about consulting support for Cisco technology, phone 1-800-993-9400 or refer to Contact Progent.