Cisco's PIX firewalls and Cisco ASA Series firewalls integrate comprehensive firewall, intrusion protection, and VPN functionality in an economical, single-cabinet format. Both product lines have been replaced by the ASA 5500-X line of firewalls with Firepower. (See integration and debugging support for Cisco AA 5500-X firewalls with Firepower Services.) Still, both PIX and first-generation ASA 5500 model adaptive security appliances are extensively deployed and continue to deliver small and mid-size companies a reliable firewall environment.
PIX and the original ASA 5500 firewalls deliver powerful client and application policy support, mutlivector assault protection, and safe connectivity services. The increased intelligence sharing of consolidated protection services in a single platform offers customers deploying these integrated solutions the benefits of advanced protection, reduced cost of ownership, and smaller management costs.
Cisco PIX firewalls and the ASA 5500 product line join IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 switches, and 7600 family routers as components of Cisco's flexible, self-contained firewall product. Engineered with a scalable, building-block approach, each device is designed with a particular feature set to deliver more efficient protection to a variety of network situations. These products can be individually deployed to protect specific areas of a connectivity infrastructure, or can be combined for a layered, defense-in-depth approach following the architecture best practices described in the Cisco SAFE framework. Completing the modular firewall solutions, Cisco provides a complete security management product portfolio, ranging from Cisco security device and IOS security components and built-in appliance managers, to standalone management applications, helping to make sure that customers can productively use their Cisco security solution purchases.
Cisco PIX Firewalls
Cisco PIX firewalls offer reliable policy enforcement, multivector attack defense, and secure connectivity features in economical, simple-to-configure modules. These specialized appliances provide a broad range of integrated protection and connectivity services such as process-aware firewall features, VoIP and multimedia security, reliable site-to-site and remote-connectivity IP Security Virtual Private Network connectivity, excellent resiliency, intelligent networking services, and flexible administration options. The Cisco PIX firewall product line spans small plug-and-go devices for small and home offices to modular gigabit appliances with ROI for enterprise and ISP customers, Cisco PIX firewall appliances deliver dependable security, performance, and availability for networks of any size.
Based upon a hardened, specialized operating system that delivers rich protection features, Cisco PIX security appliances provide excellent protection and have been awarded EAL 4 status and ICSA Firewall and IPsec certification. Cisco PIX security appliances offer protection for a wide range of Voice over IP and other mixed-media standards such as H.323 v. 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), RTSP, and Media Gateway Control Protocol (MGCP), helping businesses to safeguard deployments of a wide array of current and next-generation Voice over IP and video applications.
Cisco PIX firewall appliances feature a variety of configuration, tracking, and troubleshooting features, providing IT managers the versatility to use the techniques that best match their requirements. Management options include centralized, policy-based administration tools, integrated web-accessible administration, and support for remote-monitoring standards like Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager system provides a world-class web-accessible management solution that greatly streamlines the installation, in-place modification, and monitoring of a single PIX security appliance without requiring any additional software other than a standard browser and Java plug-in to be running on an administrator's computer.
IT managers can furthermore remotely configure, track, and troubleshoot PIX security appliances via a command-line interface (CLI). Safe CLI interface access is possible through a number of techniques such as Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewalls also include dependable auto-update features, a set advanced secure remote-administration services that make sure that security settings and software images/ are always current.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco ASA 5500 Series Firewalls are specially engineered solutions that incorporate advanced, industry-leading security and VPN services plus a flexible design. The result is a robust, versatile network protection solution better suited to defend small and medium business and enterprise networks and, at the same time, lower the overall deployment and maintenance expenses formerly required for this high degree of security.
Cisco ASA 5500 Series Firewalls build on engineering developed for Cisco's PIX 500 Series firewall, Cisco's IPS 4200 Intrusion Prevention System, and the Cisco VPN 3000 family concentrator. These solutions enable the Cisco ASA Firewall product line to offer a platform that defends against a wide range of threats. Cisco ASA 5500 Series Firewalls deliver application security, network containment and control, and safe Virtual Private Network connectivity across Cisco's product line. This breadth of protection enables defense of any network area, including the most common threat conduits like remote locations, locally-connected internal users, and off-site access Virtual Private Networks.
Cisco Adaptive Security Appliances (ASA) firewalls provide strong application protection through intelligent, application-sensitive inspection engines that analyze network flows at Layers 4-7. This results in a better protected network including web, voice, and mobile wireless connectivity. To protect environments against application-layer assaults and to offer organizations more policing of the applications and protocols used in their networks, Cisco's inspection engines integrate extensive application and protocol knowledge and rely on protection enforcement solutions such as protocol anomaly detection and state monitoring. Also included are assault detection and remediation technology such as application/protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver management of instant messaging and tunneling applications, allowing organizations to enforce usage policies and preserve bandwidth for crucial business processes.
At the same time as improving network security, Cisco Adaptive Security Appliances firewalls also lower installation and operational costs. By providing extensive Virtual Private Network and security services, the Cisco ASA 5500 Series firewall can be used as the single device for many uses, allowing platform standardization. The Cisco ASA firewall can be deployed as a consolidated threat-prevention appliance at the datacenter by taking advantage of its access control, process inspection, and malicious assault remediation capabilities. The Cisco ASA 5500 Series firewall can also be used as a specialized remote access solution utilizing its VPN capabilities. As an alternative, the Cisco Adaptive Security Appliances firewall operates capably inside the network for interdepartmental access management and to defend against malware internal workers might inadvertently introduce into the environment. For small company and satellite office networks, the Cisco ASA firewall serves as an all-in-one platform offering comprehensive intrusion prevention and VPN services while suiting the budgets and operational models of such situations.
This adaptive single-platform, many-use approach minimizes the number of devices that need to be deployed and maintained while providing a standard functional and management environment throughout all those deployments. This approach simplifies the training of setup, tracking, support, and security staff. To further minimize maintenance expenses, Cisco Adaptive Security Appliances firewalls are also exceptionally network aware, allowing them to insert seamlessly into the environment without disrupting authorized traffic and applications.
How Progent Can Help Your Business with Cisco PIX and ASA Firewalls
Cisco's ASA 5500 Series firewalls and PIX firewalls incorporate a wealth of setup, monitoring, and troubleshooting options that offer you the ability to deploy these security appliances to match your business requirements. Progent's CCIE authorized network professionals can assist you to support your existing infrastructure that incorporates Cisco ASA or PIX security appliances and that provides protection, resilience, performance, and recoverability. Progent's firewall experts can also assist you to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-qualified information security professionals can help you to develop a security strategy appropriate for your situation and can set up your PIX or ASA firewall to support your security strategy. Progent's risk assessment engineers can evaluate the strength of your existing firewall solution and validate the overall security of your entire IT environment. Progentís Help Desk Call Center can deliver urgent online troubleshooting for Cisco technology and offer fast access to a Cisco expert.
Integration of Cisco and Third-party Security Technology
To find out about Progent's consulting and support services for additional Cisco products and technologies, select a topic:
To see more details about Progent's consulting assistance for Cisco technology, choose a topic:
For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include: