Cisco's PIX security appliances and Cisco ASA Series firewalls integrate comprehensive firewall, intrusion protection, and Virtual Private Network functionality in an affordable, single-cabinet format. Both of these product families have been replaced by Cisco's ASA 5500-X line of firewalls with Firepower Services. (See integration and troubleshooting expertise for Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and first-generation ASA 5500 Series adaptive security appliances are extensively deployed and continue to offer small and mid-size organizations a viable firewall environment.
Cisco PIC and legacy ASA 5500 firewalls offer powerful client and program policy enforcement, mutlivector attack defense, and secure access services. The enhanced knowledge sharing of integrated security features in a single package provides customers deploying these integrated firewalls the benefits of advanced security, reduced TCO, and minimal maintenance expense.
PIX firewalls and the ASA 5500 product line join Cisco IOS Firewall, the Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series switches, and Cisco 7600 family routers as parts of Cisco's versatile, self-contained firewall line. Based on an expandable, modular approach, every device is designed with a specific feature set to deliver more efficient protection to a variety of networking environments. These solutions can be individually installed to secure certain facets of a connectivity infrastructure, or can be grouped for a systematic, defense-in-depth approach based on the design leading practices outlined in Cisco's SAFE framework. Completing the modular firewall product line, Cisco has developed a complete security management portfolio, spanning Cisco security device and Cisco IOS Software security components and built-in device managers, to self-contained management programs, helping to ensure that customers can productively manage their Cisco protection solution investments.
Cisco PIX firewall appliances offer robust user and application policy support, multi-source attack protection, and secure networking features in cost-effective, out-of-the-box solutions. These specialized devices offer a wealth of built-in protection and networking capabilities including process-aware firewall features, VoIP and multimedia security, robust multi-location and remote-connectivity IP Security (IPsec) Virtual Private Network (VPN) connectivity, excellent resiliency, smart networking services, and flexible management solutions. The PIX firewall product line ranges from small plug-and-play devices for small offices and at home offices to stackable gigabit products with investment protection for enterprise and service-provider environments, PIX Security Appliance Series deliver high levels of protection, speed, and reliability for networks of any size.
Based upon a tested, specialized OS that offers a wealth of security features, PIX security appliances offer a high level of security and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. PIX security appliances provide security for a wide range of VoIP and other multimedia conventions including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, helping organizations to safeguard deployments of a broad array of contemporary and upcoming IP voice and multimedia applications.
PIX firewalls feature a variety of configuration, monitoring, and analysis features, giving IT managers the versatility to utilize the methods that best match their needs. Management options include common, policy-based administration utilities, integrated web-based management, and support for remote-tracking standards such as SNMP and syslog. The integrated Adaptive Security Device Manager interface provides a powerful web-accessible control platform that greatly streamlines the installation, ongoing modification, and monitoring of a single Cisco PIX security appliance without requiring any additional software other than a standard web browser and Java applet to be running on a manager's PC.
Administrators can also remotely configure, track, and analyze Cisco PIX firewall appliances using a CLI interface. Secure command-line interface (CLI) communication is available through several techniques such as SSHv2 Protocol, Telnet over IP Security, and out-of-band through a console port. PIX security appliances also include robust auto-update capabilities, a collection advanced secure remote-management options that ensure firewall settings and software images are kept current.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco ASA Firewalls are specially engineered solutions that bring together market-proven, industry-leading protection and VPN services with a flexible architecture. The result is a powerful, multifunction network protection appliance better suited to protect small and midsize business (SMB) and enterprise networks and, simultaneously, lower the overall installation and maintenance expenses formerly required for this high degree of protection.
Cisco ASA Firewalls leverage technology behind the PIX 500 firewall, Cisco's IPS 4200 family sensor, and the Cisco VPN 3000 model concentrator. These technologies enable the Cisco ASA Firewall family to offer a platform that stops a wide range of attacks. Cisco Adaptive Security Appliances (ASA) Firewalls deliver application security, network containment, and safe Virtual Private Network connectivity throughout the entire product line. This breadth of security enables defense of any network segment, which includes the most common attack vectors such as remote locations, locally-connected internal users, and remote connected Virtual Private Networks.
Cisco Adaptive Security Appliances firewalls deliver strong application security via intelligent, application-aware inspection engines that analyze traffic at Layers 4-7. The result is a safer environment including web, voice, and mobile wireless connectivity. To protect environments against application-layer attacks and to offer businesses more control over the applications and protocols used in their networks, these inspection engines integrate broad application and protocol knowledge and rely on security enforcement solutions that include protocol anomaly sensing and application and protocol state tracking. Also incorporated are assault detection and mitigation techniques including application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver management of instant messaging and tunneling applications, allowing organizations to police usage policies and conserve network bandwidth for important business processes.
At the same time as improving security, Cisco Adaptive Security Appliances firewalls also lower installation and support expenses. By providing extensive VPN and security functions, the Cisco Adaptive Security Appliances 5500 Series firewall can be used as the the only platform for many uses, allowing platform commonality. The Cisco Adaptive Security Appliances firewall can be used as a consolidated attack-protection device at a central location by taking advantage of its access control, application inspection, and malicious assault mitigation technologies. The Cisco ASA 5500 Series firewall can also be deployed as a specialized remote connectivity device utilizing its Virtual Private Network capabilities. As an alternative, the Cisco Adaptive Security Appliances (ASA) firewall serves capably in the network interior for inter-office access management and to defend against worms, viruses, and other malicious code inside workers might unwittingly release into the network. For small company and satellite office environments, the Cisco ASA 5500 Series firewall serves as an all-in-one device providing complete threat defense and Virtual Private Network functionality while suiting the budgets and performance demands of such situations.
This adaptive single-device, multiple-solution approach minimizes the total number of appliances that need to be installed and managed while providing a common functional and management environment throughout all those installations. This architecture streamlines the training of setup, tracking, troubleshooting, and security staff. To further minimize maintenance expenses, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also highly network conscious, allowing these devices to insert gracefully into the environment without interfering with authorized traffic and applications.
How Progent's Cisco Certified Experts Can Help You with Cisco PIX and ASA Security Appliances
Cisco's ASA Series firewalls and PIX family security appliances provide an array of configuration, tracking, and troubleshooting features which offer you the flexibility to set up these firewalls to match your company's needs. Progent's CCIE authorized network consultants can assist you to maintain your current infrastructure that incorporates Cisco ASA and/or PIX firewalls and that provides security, fault tolerance, performance, and manageability. Progent can also help your organization to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-premier IS security professionals can assist you to create a security policy that makes sense for your environment and can set up your security appliance to enforce your security strategy. Progent's security assessment consultants can assess the strength of your current firewall deployment and help determine the security of your entire IT network. Progentís Help Desk support team can provide urgent online technical support for Cisco technology and can give you quick access to a Cisco CCIE expert.
For additional information concerning Progent's professional support for Cisco technology, select a subject:
To ask Progent about engineering support for Cisco products, call 1-800-993-9400 or refer to Contact Progent.