Cisco PIX security appliances and ASA 5500 Series firewalls combine next-generation firewall, intrusion defense, and VPN features in an affordable, single-cabinet format. Both of these product families have been superseded by Cisco's ASA 5500-X family of security appliances with Firepower Services. (See integration and troubleshooting help with Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and previous-generation Cisco ASA 5500 Series adaptive security appliances are widely used and continue to offer small and mid-size organizations a viable security solution.
Cisco PIC and legacy ASA 5500 firewalls deliver powerful client and program policy support, mutlivector assault defense, and secure connectivity features. The enhanced knowledge sharing of integrated security features in a single package provides customers deploying these integrated solutions the advantages of enhanced protection, reduced cost of ownership, and minimal maintenance costs.
PIX security appliances and Cisco's ASA 5500 product line combine with IOS Firewall, the FWSM for Cisco Catalyst 6500 Series switches, and 7600 family routers as parts of Cisco's flexible, integrated firewall line. Based on a scalable, modular approach, every offering is designed with a specific array of options to provide more efficient security to a variety of networking situations. These products can be independently deployed to protect certain facets of the network environment, or can be grouped for a systematic, protection-in-depth approach based on the design best practices described in Cisco's SAFE Blueprint. Completing the modular firewall product line, Cisco has developed a comprehensive security management offering, ranging from Cisco security device and Cisco IOS security components and built-in appliance controllers, to self-contained management utilities, moving to make sure that customers can productively use their Cisco protection infrastructure purchases.
PIX firewalls deliver robust user and application policy enforcement, multivector attack protection, and secure networking features in economical, simple-to-configure modules. These purpose-built devices offer a broad range of integrated protection and networking capabilities including application-aware firewall services, Voice over IP (VoIP) and multimedia protection, robust multi-location and remote-connectivity IP Security (IPsec) Virtual Private Network (VPN) networking, excellent resiliency, intelligent networking services, and flexible management solutions. The PIX firewall Appliance product line ranges from small plug-and-go desktop units for small or at home offices to modular gigabit appliances with ROI for enterprise and ISP environments, Cisco PIX firewalls deliver high levels of security, speed, and reliability for network environments of all sizes.
Based around a tested, purpose-built OS that offers a wealth of protection services, PIX firewall appliances offer excellent protection and have been awarded EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. PIX firewalls provide protection for a broad array of Voice over IP and other multimedia conventions including H.323 Version 4, Session Initiation Protocol, SCCP, RTSP, and Media Gateway Control Protocol (MGCP), helping organizations to safeguard installations of a wide range of contemporary and next-generation Voice over IP and multimedia applications.
PIX firewalls offer a wealth of configuration, tracking, and troubleshooting options, providing businesses the versatility to utilize the techniques that most closely match their requirements. Administrative solutions include common, policy-based administration tools, integrated web-based management, and compatibility with remote-monitoring standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated ASDM interface provides a powerful web-based control platform that greatly simplifies the deployment, in-place configuration, and monitoring of a single PIX firewall appliance without requiring any extra utility beyond an ordinary web browser and Java plug-in to be running on an administrator's computer.
IT managers can also remotely configure, monitor, and analyze Cisco PIX firewalls using a CLI interface. Secure CLI interface communication is possible through several techniques including Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band through a console port. PIX security appliances also include robust auto-update features, a set of secure remote-management options that make sure that firewall configurations and software images are always up to date.
Cisco Adaptive Security Appliances (ASA) Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are specially engineered solutions that bring together advanced, best-of-breed security and VPN services with an adaptive architecture. The end product is a powerful, versatile network protection appliance better suited to defend small and midsize company and enterprise networks and, at the same time, lower the total deployment and maintenance costs formerly associated with this high level of security.
Cisco ASA Firewalls leverage engineering behind Cisco's PIX 500 Security Appliance, Cisco's IPS 4200 Series Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These technologies converge on the Cisco Adaptive Security Appliances 5500 Series Firewall product line to offer a firewall that defends against a wide range of attacks. Cisco ASA Firewalls provide application protection, local containment, and safe VPN functionality across the entire product portfolio. This breadth of protection enables the guarding of any network segment, which includes the most typical attack vectors like remote sites, LAN-attached internal users, and off-site connected VPNs.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide a high-level of application protection via smart, application-aware inspection processes that analyze network flows at Layers 4-7. This produces a more secure network covering web, voice, and mobile wireless access. To protect networks from application-layer assaults and to give businesses more policing of the programs and protocols utilized in their networks, these inspection engines incorporate extensive application and protocol knowledge and employ protection enforcement technologies that include anomaly sensing and application and protocol state monitoring. Also incorporated are assault sensing and mitigation techniques such as application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also deliver control over instant messaging and peer-to-peer file sharing, allowing organizations to enforce usage policies and free up network bandwidth for crucial business processes.
While increasing network security, Cisco ASA firewalls also decrease deployment and support costs. By offering broad VPN and protection services, the Cisco Adaptive Security Appliances (ASA) firewall can be used as the the only platform for many environments, allowing product standardization. The Cisco Adaptive Security Appliances firewall can be deployed as a converged threat-prevention device at the datacenter by leveraging its access control, process inspection, and malware mitigation capabilities. The Cisco ASA firewall can also be used as a specialized remote access solution utilizing its VPN features. Alternatively, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves equally well in the network interior for interdepartmental access management and to guard against malware internal users might unwittingly introduce into the network. In small business and satellite office networks, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall acts as an all-in-one device providing comprehensive intrusion prevention and Virtual Private Network functionality while fitting within the budgets and performance models of such deployments.
This versatile one-platform, multiple-solution approach minimizes the total number of appliances that need to be deployed and maintained while offering a common operating and management system across all those deployments. This architecture streamlines the education of setup, tracking, support, and security personnel. To further minimize operations costs, Cisco Adaptive Security Appliances firewalls are also highly network aware, allowing these devices to integrate seamlessly into the environment without disrupting legitimate data flow and applications.
How Progent Can Help Your Business with Cisco Firewalls
Cisco's ASA Series adaptive security appliances and PIX family security appliances incorporate an array of setup, tracking, and analysis options that give you the ability to set up these security appliances to match your business requirements. Progent's CCIE authorized network professionals can show you how to support your existing infrastructure that incorporates Cisco ASA and/or PIX firewall technology and that provides security, resilience, performance, and manageability. Progent can also help you to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-premier information security professionals can help you to create a security policy appropriate for your business and can configure your PIX or ASA firewall to enforce your security policies. Progent's security evaluation engineers can assess the effectiveness of your existing firewall solution and help determine the security of your whole IS network. Progentís Help Desk support team can deliver emergency online technical support for Cisco products and can give you fast access to a Cisco CCIE network engineer.
To find out additional details about Progent's consulting help for Cisco networking products, pick a subject:
If you wish to get in touch with Progent about consulting expertise for Cisco networking, phone 1-800-993-9400 or visit Contact Progent.