Cisco PIX security appliances and ASA Series firewalls integrate comprehensive firewall, intrusion protection, and Virtual Private Network (VPN) technologies in a cost-effective, one-box package. Both of these product families have been superseded by Cisco's ASA 5500-X series of security appliances with Firepower Services. (See configuration and debugging expertise for ASA 5500-X firewalls with Firepower Services.) Still, PIX and first-generation ASA 5500 Series adaptive security appliances are widely used and continue to deliver small and mid-size companies a viable security solution.
PIX and the original ASA 5500 firewalls offer robust client and application policy enforcement, mutlivector assault protection, and safe connectivity features. The enhanced knowledge sharing of consolidated security features in a single platform offers users deploying these aggregated solutions the advantages of enhanced protection, lower TCO, and smaller maintenance costs.
PIX firewalls and Cisco's ASA 5500 family join Cisco IOS Firewall, the Firewall Services Module for Catalyst 6500 Series switches, and Cisco 7600 family routers as components of Cisco's versatile, integrated firewall product. Based on a scalable, building-block approach, every device is designed with a particular array of options to provide more efficient protection to a variety of networking situations. These products can be independently installed to protect specific facets of the connectivity environment, or can be combined for a systematic, defense-in-depth approach following the design best practices outlined in Cisco's SAFE framework. Rounding out the modular firewall product line, Cisco has developed a complete security management portfolio, spanning Cisco security device and Cisco IOS security components and embedded appliance managers, to standalone management applications, moving to ensure that customers can productively manage their Cisco protection solution purchases.
PIX Firewall Appliances
Cisco PIX firewall appliances deliver robust policy enforcement, multi-source invasion defense, and safe connectivity features in affordable, simple-to-configure modules. These purpose-built appliances offer a broad range of built-in security and networking services including application-aware firewall services, Voice over IP and multimedia protection, robust multi-site and remote-connectivity IP Security (IPsec) VPN connectivity, excellent resiliency, smart networking features, and versatile administration options. The Cisco PIX firewall family spans compact plug-and-play desktop units for small or home offices to modular high-bandwidth appliances with investment protection for enterprise and ISP environments, Cisco PIX firewall appliances deliver high levels of security, speed, and reliability for environments of all sizes.
Built upon a tested, specialized OS that delivers rich security services, PIX security appliances offer a high level of protection and have earned EAL 4 status and ICSA Firewall and IPsec qualification. Cisco PIX firewalls provide protection for a wide array of Voice over IP and additional mixed-media standards such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), helping businesses to safeguard deployments of a broad array of contemporary and upcoming IP voice and multimedia applications.
PIX firewall appliances feature a wealth of configuration, monitoring, and analysis features, providing businesses the versatility to utilize the methods that best meet their requirements. Management options include common, policy-based management tools, integrated web-accessible administration, and compatibility with remote-tracking standards such as Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager interface provides a world-class web-based control solution that greatly streamlines the installation, ongoing modification, and tracking of a specific PIX firewall without the need of any extra utility beyond an ordinary browser and Java plug-in to be installed on a manager's computer.
IT managers can also remotely set up, monitor, and analyze Cisco PIX security appliances via a command-line interface (CLI). Safe command-line interface communication is possible using a number of techniques including SSHv2 Protocol, Telnet through IPsec, and out-of-band via a console port. PIX security appliances also include robust auto-update features, a set of protected remote-management services that ensure firewall configurations and software images are kept current.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco Adaptive Security Appliances Firewalls are specially engineered solutions that incorporate advanced, best-of-breed protection and VPN support with a flexible architecture. The end product is a robust, multifunction network security solution better able to protect small and midsize business and larger networks and, simultaneously, reduce the total deployment and maintenance costs formerly required for this enhanced degree of protection.
Cisco Adaptive Security Appliances Firewalls build on technology developed for the Cisco PIX 500 family Security Appliance, the IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 Series concentrator. These solutions enable the Cisco ASA 5500 Series Firewall product line to deliver a platform that defends against a broad range of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls deliver program security, network containment and control, and safe VPN connectivity throughout Cisco's product line. This broad scope of protection enables defense of any network area, which includes the most common threat conduits like remote sites, locally-attached internal users, and remote access VPNs.
Cisco ASA firewalls deliver robust application protection through intelligent, application-aware inspection processes that examine traffic at Layers 4-7. This results in a more secure network including web, voice, and mobile wireless access. To defend environments against application-layer assaults and to give businesses more control over the programs and protocols utilized in their environments, these inspection engines incorporate broad application and protocol knowledgebases and employ protection enforcement solutions such as protocol anomaly sensing and state monitoring. Also included are attack detection and remediation techniques including application and protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver management of instant messaging and tunneling applications, allowing businesses to enforce usage policies and conserve network bandwidth for vital business applications.
At the same time as improving security, Cisco ASA firewalls also lower installation and support costs. By offering broad Virtual Private Network and security functions, the Cisco Adaptive Security Appliances (ASA) firewall can be a single device for a multitude of environments, enabling platform standardization. The Cisco ASA firewall can be deployed as a consolidated threat-protection device at a central location by taking advantage of its access control, process inspection, and malware mitigation capabilities. The Cisco Adaptive Security Appliances 5500 Series firewall can also be deployed as a dedicated remote connectivity solution using its Virtual Private Network capabilities. As another option, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves capably in the network interior for inter-office access management and to guard against malicious assaults inside users may unknowingly introduce into the environment. For small business and satellite office networks, the Cisco ASA 5500 Series firewall serves as a total solution device offering comprehensive intrusion defense and Virtual Private Network services while fitting within the budgets and operational models of such deployments.
This adaptive single-platform, many-solution design minimizes the number of devices that must be deployed and maintained while providing a standard operating and management system across all installations. This architecture simplifies the training of setup, tracking, troubleshooting, and protection personnel. To further minimize operations expenses, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also highly network conscious, allowing them to insert gracefully into the environment without interfering with authorized data flow and processes.
How Progent's Consultants Can Assist Your Business with Cisco Firewalls
Cisco ASA Series firewalls and PIX family firewalls provide an array of setup, tracking, and analysis features that give you the ability to set up these security appliances to match your business requirements. Progent's CCIE certified network professionals can help you to maintain your existing network infrastructure that includes Cisco ASA and/or PIX firewalls and that provides protection, resilience, performance, and recoverability. Progent's firewall experts can also help your organization to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-certified IS security experts can assist your business to develop a security policy appropriate for your environment and can set up your PIX or ASA firewall to support your security strategy. Progent's security evaluation engineers can evaluate the effectiveness of your current firewall solution and audit the overall security of your entire IT network. Progentís Technical Response Center can deliver urgent online technical support for Cisco products and can give you quick access to a Cisco expert.
To find out additional details concerning Progent's engineering assistance for Cisco solutions, select a topic:
To get in touch with Progent about engineering expertise for Cisco products, phone 1-800-993-9400 or visit Contact Progent.