Cisco's PIX family security appliances and ASA Series firewalls integrate next-generation firewall, intrusion defense, and Virtual Private Network features in a cost-effective, single-box package. Both of these product families have been superseded by the ASA 5500-X series of firewalls with Firepower. (See configuration and troubleshooting help with ASA 5500-X firewalls with Firepower Services.) Still, both PIX and previous-generation Cisco ASA 5500 Series firewalls are extensively deployed and continue to provide small and mid-size companies a viable security environment.
PIX and the original ASA 5500 firewalls deliver powerful user and program policy enforcement, mutlivector assault defense, and safe access features. The increased intelligence sharing of integrated protection services in a single package offers customers implementing these aggregated firewalls the advantages of enhanced protection, lower TCO, and smaller management costs.
PIX security appliances and Cisco's ASA 5500 family combine with Cisco IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 family switches, and Cisco 7600 Series routers as parts of Cisco's flexible, self-contained firewall product. Based on a scalable, modular platform, each offering is designed with a particular array of options to deliver better protection to a variety of networking environments. These products can be individually installed to secure certain facets of the connectivity infrastructure, or can be combined for a layered, protection-in-depth approach based on the architecture leading practices described in the Cisco SAFE framework. Completing the modular firewall product line, Cisco has developed a complete security management product portfolio, ranging from Cisco security device and IOS Software security features and embedded device controllers, to self-contained management programs, moving to make sure that businesses can effectively use their Cisco security infrastructure investments.
Cisco PIX Firewalls
PIX firewalls deliver reliable user and application policy support, multi-source invasion protection, and secure connectivity services in economical, easy-to-deploy modules. These specialized devices offer a wealth of built-in protection and connectivity services including process-aware firewall features, Voice over IP and multimedia security, robust site-to-site and remote-connectivity IPcec VPN connectivity, fault tolerance, smart networking features, and flexible management solutions. The Cisco PIX Security Appliance Series family spans small plug-and-play desktop units for small offices and home offices to stackable high-bandwidth products with ROI for large business and ISP environments, Cisco PIX firewalls provide high levels of security, performance, and availability for networks of all sizes.
Built upon a hardened, specialized software platform that delivers rich security services, PIX security appliances provide a high level of protection and have been awarded EAL 4 status and ICSA Labs Firewall and IPsec certification. PIX firewalls provide protection for a wide range of Voice over IP and other mixed-media standards such as H.323 Version 4, SIP, SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, helping organizations to safeguard deployments of a broad array of contemporary and next-generation Voice over IP and video applications.
Cisco PIX security appliances offer a variety of configuration, monitoring, and analysis options, providing businesses the versatility to utilize the methods that most closely match their needs. Management solutions include centralized, policy-based management utilities, integrated web-accessible administration, and support for remote-tracking protocols such as SNMP and syslog. The integrated ASDM interface provides a world-class web-based management solution that significantly streamlines the deployment, ongoing configuration, and monitoring of a single Cisco PIX firewall without requiring any additional software beyond a standard web browser and Java plug-in to be running on an administrator's PC.
Administrators can also remotely set up, monitor, and analyze Cisco PIX security appliances using a command-line interface (CLI). Secure CLI interface access is possible using a number of methods such as Secure Shell (SSHv2) Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. Cisco PIX security appliances also have dependable automatic-update capabilities, a collection advanced protected remote-administration options that make sure that firewall configurations and software images/ are kept up to date.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are purpose-built solutions that bring together advanced, best-of-breed protection and VPN services with a flexible architecture. The result is a powerful, multifunction network security appliance better suited to protect small and midsize business (SMB) and larger networks and, at the same time, lower the total installation and operations costs formerly required for this enhanced level of protection.
Cisco Adaptive Security Appliances (ASA) Firewalls build on technology behind the Cisco PIX 500 Series firewall, the Cisco IPS 4200 Series Intrusion Prevention System, and the VPN 3000 family concentrator. These technologies enable the Cisco Adaptive Security Appliances 5500 Series Firewall family to offer a platform that stops a broad range of attacks. Cisco ASA 5500 Series Firewalls provide application security, local containment, and safe Virtual Private Network functionality across Cisco's product line. This broad scope of protection enables the guarding of any network area, which includes the most typical threat conduits like remote sites, LAN-connected inside users, and remote connected VPNs.
Cisco ASA 5500 Series firewalls deliver strong application security through intelligent, application-aware inspection processes that analyze traffic at Layers 4-7. The result is a better protected environment including web, voice, and mobile wireless connectivity. To protect environments from application-layer assaults and to give organizations more policing of the programs and protocols utilized in their networks, Cisco's inspection engines integrate extensive application and protocol knowledgebases and employ protection enforcement technologies such as protocol anomaly sensing and state tracking. Also included are assault detection and mitigation techniques including application/protocol command filtering and URL deobfuscation. Cisco ASA 5500 Series firewall inspection engines also deliver management of IM and peer-to-peer file sharing, enabling businesses to police usage policies and recover network bandwidth for vital business processes.
At the same time as increasing network security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower deployment and support costs. By providing broad VPN and protection functions, the Cisco ASA firewall can be used as the single device for many environments, allowing platform commonality. The Cisco Adaptive Security Appliances firewall can be deployed as a converged threat-protection appliance at the datacenter by taking advantage of its connectivity control, application inspection, and worm, virus, and other malware mitigation capabilities. The Cisco ASA firewall can also be used as a dedicated remote connectivity solution utilizing its Virtual Private Network features. As an alternative, the Cisco Adaptive Security Appliances firewall operates capably in the network interior for interdepartmental connectivity management and to defend against malicious assaults inside users might unwittingly introduce into the environment. For small business and satellite office environments, the Cisco ASA 5500 Series firewall serves as a total solution device providing complete intrusion prevention and VPN services while suiting the cost structure and operational demands of such deployments.
This adaptive single-platform, multiple-use design minimizes the number of devices that must be deployed and managed while offering a standard functional and management system throughout all those deployments. This architecture streamlines the education of setup, tracking, troubleshooting, and security staff. To further reduce operations costs, Cisco Adaptive Security Appliances 5500 Series firewalls are also highly network conscious, enabling these devices to integrate seamlessly into the environment without disrupting authorized data flow and applications.
How Progent's Consultants Can Assist Your Business with Cisco PIX and ASA Security Appliances
Cisco's ASA Series firewalls and PIX firewalls incorporate an array of setup, monitoring, and troubleshooting features that give you the flexibility to set up these security appliances to align optimally with your company's requirements. Progent's CCIE certified network experts can help you to maintain your current network infrastructure that includes Cisco ASA and/or PIX firewall technology and that offers protection, fault tolerance, throughput, and recoverability. Progent's firewall experts can also help your organization to migrate to ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-certified IS security professionals can assist your business to develop a security strategy that makes sense for your business and can set up your firewall to support your security policies. Progent's security evaluation consultants can assess the effectiveness of your current firewall deployment and validate the overall security of your entire IS environment. Progentís Technical Response Center can provide urgent online technical support for Cisco technology and can give you quick access to a Cisco CCIE expert.
For more information concerning Progent's professional assistance for Cisco solutions, select a subject:
If you wish to ask Progent about engineering expertise for Cisco networking, call 1-800-993-9400 or visit Contact Progent.