Cisco PIX family security appliances and Cisco ASA Series firewalls combine next-generation firewall, intrusion protection, and VPN functionality in an affordable, single-box format. Both product families have been superseded by Cisco's ASA 5500-X family of firewalls with Firepower Services. (Refer to configuration and debugging expertise for ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation ASA 5500 Series firewalls are extensively deployed and continue to deliver small and mid-size organizations a viable security solution.
Cisco PIC and legacy ASA 5500 firewalls deliver robust user and program policy enforcement, mutlivector attack defense, and safe connectivity services. The enhanced intelligence sharing of consolidated protection features in a stand-alone platform provides users implementing these integrated firewalls the advantages of enhanced protection, reduced TCO, and smaller maintenance expense.
Cisco PIX security appliances and Cisco's ASA 5500 Series combine with Cisco IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 family switches, and Cisco 7600 routers as components of Cisco's flexible, self-contained firewall product. Based on a scalable, modular platform, each device is equipped with a specific feature set to deliver more efficient protection to a variety of network situations. These products can be individually installed to protect certain facets of the connectivity infrastructure, or can be combined for a systematic, protection-in-depth strategy following the design leading practices described in the Cisco SAFE framework. Rounding out the modular firewall product line, Cisco has developed a comprehensive security management catalog, spanning Cisco security device and IOS Software security features and embedded appliance controllers, to standalone management utilities, moving to ensure that customers can productively manage their Cisco protection solution investments.
Cisco PIX Firewalls
Cisco PIX firewall appliances deliver reliable policy enforcement, multi-source attack defense, and safe networking services in affordable, easy-to-deploy solutions. These specialized devices offer a broad range of built-in protection and networking capabilities such as application-aware firewall features, Voice over IP and multimedia security, reliable multi-location and remote-access IP Security (IPsec) VPN connectivity, excellent resiliency, intelligent networking services, and versatile management solutions. The PIX firewall product line spans small plug-and-play devices for small offices or at home offices to stackable gigabit appliances with investment protection for large business and ISP environments, Cisco PIX firewall appliances provide high levels of security, performance, and availability for networks of any size.
Based around a tested, specialized operating system that offers a wealth of security services, Cisco PIX firewall appliances provide excellent security and have received EAL 4 status and ICSA Labs Firewall and IP Security certification. Cisco PIX firewalls provide security for a wide range of VoIP and additional multimedia standards such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, enabling businesses to protect deployments of a wide range of current and upcoming IP voice and mixed-media applications.
PIX firewall appliances offer a variety of configuration, tracking, and troubleshooting options, giving IT managers the flexibility to use the methods that most closely match their requirements. Administrative solutions include common, policy-based management tools, integrated web-accessible administration, and support for remote-monitoring protocols such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface offers a powerful web-accessible management platform that greatly simplifies the installation, ongoing modification, and tracking of a specific PIX security appliance without requiring any additional utility other than a standard web browser and Java applet to be running on an administrator's PC.
Administrators can furthermore remotely configure, track, and analyze Cisco PIX security appliances using a command-line interface (CLI). Safe CLI interface access is possible using a number of methods including Secure Shell Protocol, Telnet over IP Security, and out-of-band through a console port. PIX firewall appliances also have dependable auto-update features, a set of protected remote-administration services that make sure that firewall settings and software images/ are kept up to date.
Cisco Adaptive Security Appliances (ASA) Firewalls
Cisco ASA Firewalls are specially engineered devices that bring together advanced, industry-leading protection and Virtual Private Network services with an adaptive design. The end product is a powerful, multifunction network protection solution better able to protect small and medium business and enterprise networks and, at the same time, reduce the total deployment and operations expenses previously associated with this enhanced level of security.
Cisco Adaptive Security Appliances Firewalls build on engineering behind the Cisco PIX 500 family firewall, the IPS 4200 Series Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These solutions enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to deliver a firewall that defends against a wide range of attacks. Cisco ASA Firewalls provide program protection, network containment, and clean Virtual Private Network connectivity throughout the entire product portfolio. This broad scope of protection enables defense of any network area, which includes the most typical attack vectors like remote locations, LAN-connected inside users, and off-site access VPNs.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide strong application security via smart, application-aware inspection processes that examine traffic at Layers 4-7. The result is a safer environment including web, voice, and mobile wireless connectivity. To protect networks against application-layer attacks and to offer businesses more control over the programs and protocols utilized in their environments, Cisco's inspection engines integrate extensive application and protocol knowledgebases and rely on protection enforcement solutions that include anomaly sensing and state tracking. Also included are assault sensing and mitigation techniques including application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also provide management of instant messaging and peer-to-peer file sharing, enabling organizations to police usage policies and conserve bandwidth for crucial business processes.
At the same time as increasing security, Cisco ASA firewalls also decrease installation and support costs. By offering extensive Virtual Private Network and security services, the Cisco Adaptive Security Appliances (ASA) firewall can be a single device for many uses, enabling platform commonality. The Cisco ASA firewall can be used as a converged attack-protection device at the datacenter by taking advantage of its access control, application inspection, and worm, virus, and other malware mitigation technologies. The Cisco ASA firewall can also be deployed as a dedicated remote access solution utilizing its Virtual Private Network capabilities. As another option, the Cisco Adaptive Security Appliances 5500 Series firewall serves capably inside the network for inter-office connectivity management and to defend against malicious assaults inside workers may unwittingly release into the network. For small company and satellite office networks, the Cisco Adaptive Security Appliances firewall acts as an all-in-one device providing complete threat defense and VPN services while fitting within the cost structure and performance models of such deployments.
This adaptive single-device, multiple-use design minimizes the total number of devices that need to be deployed and maintained while providing a standard functional and management system across all those installations. This approach streamlines the training of configuration, tracking, troubleshooting, and security personnel. To further reduce maintenance costs, Cisco ASA 5500 Series firewalls are also highly network aware, enabling these devices to integrate seamlessly into the environment without interfering with legitimate traffic and applications.
How Progent's Consultants Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco's ASA 5500 Series adaptive security appliances and PIX firewalls provide a wealth of configuration, tracking, and troubleshooting options that offer you the flexibility to deploy these firewalls to align optimally with your company's needs. Progent's CCIE certified network professionals can help you to maintain your current infrastructure that includes Cisco ASA or PIX security appliances and that offers protection, resilience, performance, and manageability. Progent can also help you to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISSP-ISSP-certified IS security engineers can help you to create a security policy that makes sense for your environment and can set up your security appliance to support your security strategy. Progent's risk evaluation engineers can evaluate the effectiveness of your current firewall deployment and validate the overall security of your whole information system network. Progentís Technical Response Center (TRC) can deliver emergency remote technical support for Cisco technology and offer fast access to a Cisco expert.
For additional information concerning Progent's professional assistance for Cisco networking products, select a topic:
In order to get in touch with Progent about professional help for Cisco products, phone 1-800-993-9400 or see Contact Progent.