Cisco's PIX firewalls and ASA 5500 Series adaptive security appliances combine comprehensive firewall, intrusion defense, and VPN features in a cost-effective, one-box package. Both of these product families have been replaced by Cisco's ASA 5500-X series of security appliances with Firepower Services. (Refer to configuration and troubleshooting help with Cisco AA 5500-X firewalls with Firepower Services.) Still, PIX and first-generation ASA 5500 Series firewalls are widely used and continue to offer small and mid-size companies a reliable security solution.
Cisco PIC and the original ASA 5500 firewalls deliver robust client and application policy support, mutlivector attack defense, and secure connectivity services. The enhanced knowledge sharing of consolidated protection services in a stand-alone platform offers users implementing these aggregated firewalls the benefits of enhanced security, reduced TCO, and minimal maintenance expense.
Cisco PIX security appliances and the ASA 5500 Series join IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 switches, and 7600 family routers as parts of Cisco's flexible, integrated firewall solutions. Based on a scalable, building-block platform, each device is designed with a particular array of options to deliver more efficient protection to a variety of network situations. These solutions can be individually installed to secure specific facets of a connectivity infrastructure, or can be combined for a layered, defense-in-depth strategy following the architecture leading practices described in Cisco's SAFE Blueprint. Rounding out the integrated firewall product line, Cisco has developed a complete security management product portfolio, spanning Cisco security device and Cisco IOS Software security components and built-in device controllers, to self-contained management applications, helping to make sure that customers can effectively use their Cisco security solution purchases.
PIX Security Appliance Series
PIX firewall appliances deliver reliable user and application policy support, multivector invasion protection, and secure connectivity features in economical, out-of-the-box modules. These purpose-built devices offer a wealth of integrated security and connectivity capabilities such as process-aware firewall services, VoIP and multimedia security, robust site-to-site and remote-connectivity IP Security (IPsec) Virtual Private Network (VPN) networking, excellent resiliency, intelligent networking services, and flexible management options. The Cisco PIX Security Appliance Series family spans small plug-and-play desktop units for small offices and at home offices to modular high-bandwidth appliances with ROI for enterprise and ISP environments, PIX firewall appliances deliver dependable security, performance, and availability for environments of any size.
Based around a tested, purpose-built OS that offers rich protection services, PIX security appliances offer excellent security and have been awarded EAL 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. PIX firewalls provide protection for a wide array of Voice over IP and other multimedia conventions such as H.323 Version 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, helping businesses to safeguard deployments of a wide array of contemporary and next-generation IP voice and mixed-media applications.
PIX security appliances offer a variety of setup, monitoring, and troubleshooting features, giving businesses the flexibility to use the techniques that best meet their needs. Management options include common, policy-based management utilities, integrated web-based management, and support for remote-monitoring standards like SNMP and syslog. The integrated Adaptive Security Device Manager system provides a powerful web-based management solution that greatly simplifies the deployment, in-place configuration, and tracking of a specific PIX firewall appliance without requiring any extra software beyond an ordinary web browser and Java applet to be running on a manager's PC.
IT managers can furthermore remotely set up, track, and analyze Cisco PIX firewalls via a command-line interface (CLI). Safe CLI interface communication is possible using several techniques such as Secure Shell (SSHv2) Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. PIX firewall appliances also have robust automatic-update features, a collection advanced secure remote-management options that make sure that security configurations and software images/ are kept current.
Cisco ASA 5500 Series Firewalls
Cisco ASA Firewalls are purpose-built solutions that incorporate advanced, industry-leading protection and Virtual Private Network services plus a flexible architecture. The result is a robust, versatile network security solution better able to protect small and midsize business (SMB) and enterprise networks and, simultaneously, reduce the overall installation and maintenance costs formerly required for this enhanced degree of protection.
Cisco Adaptive Security Appliances Firewalls build on engineering behind Cisco's PIX 500 Security Appliance, Cisco's IPS 4200 sensor, and the VPN 3000 family concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to offer a platform that defends against a wide range of attacks. Cisco Adaptive Security Appliances 5500 Series Firewalls deliver application security, local containment, and safe Virtual Private Network functionality throughout Cisco's product line. This broad scope of protection allows the guarding of any network segment, which includes the most typical attack vectors such as remote locations, LAN-attached internal users, and remote access Virtual Private Networks.
Cisco Adaptive Security Appliances (ASA) firewalls deliver robust application protection through intelligent, application-aware inspection engines that analyze network flows at Layers 4-7. This results in a safer environment including web, voice, and mobile wireless connectivity. To defend environments against application-layer attacks and to give businesses greater control over the programs and protocols used in their networks, these inspection engines integrate extensive application and protocol knowledge and rely on security enforcement solutions that include anomaly detection and state tracking. Also incorporated are assault sensing and mitigation technology including application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, allowing organizations to enforce usage policies and preserve network bandwidth for vital business applications.
At the same time as increasing security, Cisco ASA firewalls also lower deployment and operational costs. By providing extensive VPN and protection services, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be used as the the only platform for a multitude of environments, enabling product commonality. The Cisco Adaptive Security Appliances firewall can be used as a converged threat-prevention appliance at the datacenter by leveraging its connectivity control, process inspection, and malicious assault remediation technologies. The Cisco Adaptive Security Appliances firewall can also be used as a specialized remote connectivity solution utilizing its VPN capabilities. As an alternative, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall performs equally well in the network interior for inter-office access control and to defend against worms, viruses, and other malicious code internal users might unknowingly release into the environment. For small company and satellite office environments, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall acts as an all-in-one platform offering comprehensive intrusion defense and Virtual Private Network functionality while suiting the budgets and operational demands of these situations.
This versatile single-platform, multiple-solution design minimizes the number of appliances that must be deployed and managed while providing a standard functional and management system across all deployments. This architecture simplifies the education of setup, monitoring, troubleshooting, and protection personnel. To further minimize operations costs, Cisco ASA 5500 Series firewalls are also highly network aware, allowing these devices to integrate gracefully into the environment without interfering with legitimate data flow and applications.
How Progent's Consultants Can Help Your Business with Cisco PIX and ASA Firewalls
Cisco ASA Series firewalls and PIX family firewalls provide a wealth of setup, tracking, and analysis features that give you the ability to configure these security appliances to align optimally with your business requirements. Progent's CCIE authorized network consultants can show you how to maintain your existing network infrastructure that incorporates Cisco ASA or PIX firewall technology and that offers protection, fault tolerance, performance, and recoverability. Progent can also help you to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-certified information security professionals can assist you to develop a security strategy appropriate for your environment and can set up your firewall to support your security policies. Progent's risk evaluation professionals can evaluate the strength of your current firewall deployment and validate the security of your whole IS network. Progentís Technical Response Center can provide urgent remote technical support for Cisco products and can give you fast access to a Cisco network engineer.
To find out more details concerning Progent's consulting expertise for Cisco solutions, select a topic:
To ask Progent about technical assistance for Cisco products, phone 1-800-993-9400 or go to Contact Progent.