Cisco PIX family firewalls and ASA Series adaptive security appliances integrate comprehensive firewall, intrusion protection, and VPN features in an affordable, single-box format. Both product families have been superseded by Cisco's ASA 5500-X series of security appliances with Firepower Services. (See integration and debugging support for ASA 5500-X firewalls with Firepower Services.) Still, PIX and previous-generation Cisco ASA 5500 model firewalls are widely used and continue to deliver small and mid-size companies a reliable firewall solution.
PIX and the original ASA 5500 firewalls offer robust client and program policy enforcement, mutlivector assault protection, and safe connectivity features. The enhanced intelligence sharing of integrated protection services in a single package provides customers deploying these integrated solutions the advantages of advanced protection, reduced TCO, and smaller management costs.
Cisco PIX firewalls and the ASA 5500 product line join Cisco IOS Firewall, the Firewall Services Module (FWSM) for Cisco Catalyst 6500 switches, and Cisco 7600 routers as parts of Cisco's versatile, self-contained firewall line. Engineered with a scalable, building-block approach, each offering is designed with a specific array of options to deliver better security to a variety of network environments. These solutions can be individually deployed to protect specific facets of the network environment, or can be grouped for a layered, protection-in-depth approach following the architecture best practices described in Cisco's SAFE framework. Completing the integrated firewall solutions, Cisco provides a complete security management portfolio, ranging from Cisco security device and IOS Software security components and embedded device managers, to standalone management programs, moving to make sure that customers can effectively use their Cisco protection solution purchases.
PIX Firewall Appliances
PIX firewalls deliver robust user and application policy enforcement, multivector attack defense, and safe connectivity features in economical, easy-to-deploy modules. These specialized appliances offer a broad range of built-in security and networking capabilities such as process-aware firewall features, Voice over IP and multimedia security, robust site-to-site and remote-connectivity IP Security (IPsec) Virtual Private Network (VPN) connectivity, high availability, intelligent networking services, and flexible management solutions. The Cisco PIX firewall family ranges from compact plug-and-go appliances for small offices and home offices to modular high-bandwidth appliances with investment protection for enterprise and ISP customers, Cisco PIX firewall appliances deliver dependable protection, speed, and availability for network environments of all sizes.
Based around a hardened, specialized software platform that offers rich protection features, Cisco PIX security appliances provide a high level of protection and have earned EAL 4 status and ICSA Labs Firewall and IP Security qualification. Cisco PIX firewall appliances offer protection for a wide range of Voice over IP and other mixed-media standards including H.323 Version 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, helping businesses to safeguard installations of a wide range of contemporary and next-generation IP voice and mixed-media applications.
Cisco PIX security appliances feature a wealth of setup, monitoring, and analysis features, giving IT managers the versatility to utilize the methods that most closely meet their requirements. Management solutions include centralized, policy-based administration tools, integrated web-based management, and compatibility with remote-tracking standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager system offers a powerful web-based control platform that significantly streamlines the deployment, in-place configuration, and tracking of a specific Cisco PIX firewall without requiring any additional software beyond a standard browser and Java plug-in to be installed on an administrator's computer.
Administrators can furthermore remotely set up, track, and troubleshoot PIX firewalls via a command-line interface. Safe command-line interface (CLI) access is available using several techniques such as Secure Shell (SSHv2) Protocol, Telnet through IPsec, and out-of-band through a console port. PIX firewall appliances also have robust automatic-update features, a collection of protected remote-administration services that ensure firewall configurations and software images are always up to date.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco ASA Firewalls are purpose-built solutions that bring together market-proven, industry-leading protection and Virtual Private Network support plus a flexible architecture. The result is a robust, multifunction network protection appliance better able to protect small and medium business (SMB) and larger networks and, simultaneously, lower the overall installation and maintenance expenses previously required for this enhanced degree of security.
Cisco ASA 5500 Series Firewalls leverage engineering developed for the Cisco PIX 500 family firewall, Cisco's IPS 4200 sensor, and the Cisco VPN 3000 model concentrator. These technologies enable the Cisco ASA Firewall family to offer a firewall that stops a broad range of attacks. Cisco Adaptive Security Appliances Firewalls deliver program protection, local containment, and clean Virtual Private Network functionality throughout the entire product line. This breadth of security enables the guarding of any network segment, which includes the most common attack conduits such as remote sites, LAN-connected inside users, and off-site access Virtual Private Networks.
Cisco ASA firewalls deliver a high-level of application security through intelligent, application-aware inspection engines that examine traffic at Layers 4-7. The result is a safer environment covering web, voice, and mobile wireless connectivity. To protect networks from application-layer assaults and to give businesses more policing of the applications and protocols used in their environments, these inspection engines integrate extensive application and protocol knowledgebases and employ protection enforcement technologies such as anomaly sensing and state tracking. Also included are attack detection and remediation technology such as application/protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also deliver management of IM and peer-to-peer file sharing, allowing organizations to police usage policies and conserve network bandwidth for vital business applications.
At the same time as increasing security, Cisco ASA 5500 Series firewalls also lower installation and operational costs. By offering broad VPN and security services, the Cisco ASA 5500 Series firewall can be used as the single device for a multitude of environments, enabling product standardization. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be deployed as a consolidated attack-prevention device at a central location by leveraging its access control, application inspection, and malicious assault mitigation capabilities. The Cisco Adaptive Security Appliances (ASA) firewall can also be used as a specialized remote connectivity solution using its VPN features. As an alternative, the Cisco ASA 5500 Series firewall operates equally well in the network interior for interdepartmental access control and to guard against malicious assaults inside workers might unknowingly introduce into the environment. For small company and satellite office networks, the Cisco Adaptive Security Appliances (ASA) firewall serves as a total solution platform providing comprehensive threat prevention and VPN functionality while fitting within the budgets and performance models of such deployments.
This adaptive single-device, multiple-solution approach minimizes the total number of appliances that must be deployed and maintained while providing a common functional and administrative system across all those installations. This architecture simplifies the training of configuration, tracking, troubleshooting, and security staff. To further minimize operations costs, Cisco ASA firewalls are also highly network conscious, allowing these devices to insert gracefully into the network without interfering with authorized data flow and processes.
How Progent's Cisco Certified Experts Can Assist You with Cisco PIX and ASA Firewalls
Cisco's ASA Series adaptive security appliances and PIX family security appliances incorporate a wealth of setup, monitoring, and analysis options which give you the flexibility to deploy these firewalls to match your company's requirements. Progent's CCIE authorized network consultants can help you to support your current network infrastructure that includes Cisco ASA and/or PIX security appliances and that offers security, fault tolerance, throughput, and recoverability. Progent's firewall experts can also assist your organization to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-premier IS security professionals can assist your business to create a security policy appropriate for your situation and can set up your PIX or ASA firewall to support your security strategy. Progent's security assessment professionals can assess the strength of your existing firewall solution and audit the overall security of your whole information system network. Progentís Help Desk Call Center can deliver emergency remote technical support for Cisco technology and offer quick access to a Cisco expert.
To learn more information concerning Progent's consulting assistance for Cisco solutions, select a subject:
If you wish to ask Progent about consulting assistance for Cisco networking, phone 1-800-993-9400 or go to Contact Progent.