Cisco PIX security appliances and Cisco ASA Series adaptive security appliances combine comprehensive firewall, intrusion defense, and Virtual Private Network (VPN) technologies in an affordable, one-box package. Both of these product families have been superseded by the ASA 5500-X series of firewalls with Firepower Services. (See integration and debugging help with ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and previous-generation Cisco ASA 5500 Series adaptive security appliances are extensively used and continue to deliver small and mid-size organizations a viable security environment.
PIX and the original ASA 5500 firewalls deliver powerful client and program policy support, mutlivector attack protection, and safe access features. The increased intelligence sharing of consolidated security services in a single platform provides customers implementing these aggregated solutions the advantages of enhanced security, lower TCO, and smaller management costs.
PIX security appliances and Cisco's ASA 5500 Series join Cisco IOS Firewall, the Firewall Services Module (FWSM) for Catalyst 6500 Series switches, and Cisco 7600 family routers as components of Cisco's versatile, integrated firewall solutions. Based on an expandable, modular approach, each device is equipped with a particular array of options to provide more efficient protection to different networking environments. These products can be independently deployed to secure specific facets of the connectivity infrastructure, or can be combined for a systematic, protection-in-depth strategy based on the architecture best practices described in Cisco's SAFE framework. Rounding out the integrated firewall product line, Cisco provides a complete security management offering, ranging from Cisco security appliance and IOS Software security features and embedded device controllers, to self-contained management programs, helping to ensure that customers can productively use their Cisco security solution purchases.
Cisco PIX Security Appliance Series
Cisco PIX Security Appliance Series offer reliable user and application policy support, multi-source attack defense, and secure connectivity features in affordable, out-of-the-box solutions. These purpose-built appliances provide a broad range of integrated protection and connectivity services including application-aware firewall features, Voice over IP (VoIP) and multimedia security, robust multi-location and remote-connectivity IPcec VPN connectivity, fault tolerance, smart networking features, and versatile administration options. The PIX firewall product line ranges from compact plug-and-go desktop units for small and at home offices to stackable gigabit products with investment protection for large business and service-provider customers, PIX Security Appliance Series provide dependable security, speed, and reliability for environments of all sizes.
Based around a hardened, specialized OS that offers rich security services, PIX firewall appliances provide a high level of security and have received Common Criteria Evaluation Assurance Level 4 status and ICSA Labs Firewall and IPsec certification. Cisco PIX security appliances provide protection for a broad range of Voice over IP and additional multimedia conventions such as H.323 v. 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol, and MGCP, enabling organizations to protect deployments of a broad array of contemporary and upcoming Voice over IP and video applications.
PIX firewall appliances feature a variety of setup, monitoring, and analysis options, providing businesses the versatility to utilize the methods that most closely match their requirements. Administrative options include centralized, policy-based management utilities, integrated web-based administration, and support for remote-tracking standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a world-class web-accessible control platform that greatly simplifies the installation, ongoing modification, and tracking of a single Cisco PIX security appliance without the need of any additional utility other than an ordinary web browser and Java plug-in to be running on a manager's PC.
Administrators can also remotely configure, track, and analyze Cisco PIX firewalls using a CLI interface. Safe command-line interface (CLI) access is possible through several techniques such as Secure Shell (SSHv2) Protocol, Telnet through IP Security, and out-of-band through a console port. Cisco PIX firewalls also include robust auto-update features, a collection advanced protected remote-management options that make sure that security settings and software images/ are kept up to date.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco ASA 5500 Series Firewalls are specially engineered solutions that incorporate advanced, industry-leading security and Virtual Private Network services plus a flexible architecture. The end product is a powerful, versatile network security solution better able to defend small and midsize company and enterprise networks and, simultaneously, reduce the total installation and operations expenses previously required for this high level of security.
Cisco Adaptive Security Appliances Firewalls build on engineering developed for the PIX 500 firewall, the Cisco IPS 4200 Intrusion Prevention System, and the VPN 3000 family concentrator. These technologies enable the Cisco ASA 5500 Series Firewall product line to offer a firewall that defends against a broad range of attacks. Cisco ASA Firewalls deliver program protection, local containment, and safe Virtual Private Network functionality throughout the entire product portfolio. This breadth of protection enables defense of any network segment, which includes the most common threat conduits such as remote locations, LAN-attached inside users, and off-site access VPNs.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver strong application protection via intelligent, application-sensitive inspection engines that analyze network flows at Layers 4-7. The result is a more secure network including web, voice, and mobile wireless access. To protect environments from application-layer attacks and to give businesses greater policing of the programs and protocols utilized in their networks, Cisco's inspection engines incorporate extensive application and protocol knowledgebases and rely on security enforcement solutions such as anomaly sensing and application and protocol state monitoring. Also included are attack detection and remediation techniques including application/protocol command filters and content verification. Cisco ASA 5500 Series firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, enabling organizations to enforce usage policies and preserve network bandwidth for important business applications.
While improving security, Cisco ASA 5500 Series firewalls also lower deployment and support costs. By providing broad Virtual Private Network and security services, the Cisco Adaptive Security Appliances (ASA) firewall can be a single device for many uses, allowing platform standardization. The Cisco Adaptive Security Appliances firewall can be deployed as a converged threat-protection device at the datacenter by taking advantage of its connectivity control, application inspection, and malicious assault remediation technologies. The Cisco ASA firewall can also be deployed as a specialized remote access solution using its VPN features. As an alternative, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall serves equally well in the network interior for interdepartmental connectivity control and to defend against worms, viruses, and other malicious code inside workers may unwittingly introduce into the environment. For small company and branch office environments, the Cisco ASA 5500 Series firewall acts as an all-in-one device offering comprehensive threat defense and Virtual Private Network services while suiting the budgets and operational models of these deployments.
This adaptive one-platform, many-use approach minimizes the total number of appliances that need to be deployed and managed while offering a common operating and management system throughout all deployments. This architecture streamlines the training of configuration, monitoring, troubleshooting, and security staff. To further reduce maintenance expenses, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also exceptionally network conscious, allowing them to integrate gracefully into the environment without interfering with legitimate traffic and processes.
How Progent's Cisco Certified Experts Can Help You with Cisco PIX and ASA Security Appliances
Cisco ASA Series firewalls and PIX security appliances provide a wealth of configuration, monitoring, and analysis options that give you the flexibility to deploy these firewalls to match your company's requirements. Progent's CCIE authorized network consultants can assist you to support your existing infrastructure that incorporates Cisco ASA and/or PIX security appliances and that provides protection, resilience, performance, and manageability. Progent's firewall experts can also assist your organization to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-certified information security engineers can help your business to create a security policy appropriate for your business and can set up your security appliance to support your security strategy. Progent's risk evaluation engineers can evaluate the effectiveness of your current firewall solution and validate the security of your whole information system network. Progentís Technical Response Center (TRC) can deliver urgent remote technical support for Cisco technology and offer fast access to a Cisco CCIE expert.
To see more information concerning Progent's consulting expertise for Cisco products, choose a subject:
In order to get in touch with Progent about technical assistance for Cisco networking, phone 1-800-993-9400 or refer to Contact Progent.