Cisco PIX security appliances and Cisco ASA Series firewalls integrate comprehensive firewall, intrusion protection, and Virtual Private Network (VPN) features in a cost-effective, one-cabinet package. Both product lines have been replaced by Cisco's ASA 5500-X line of firewalls with Firepower. (See configuration and debugging support for Cisco AA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and first-generation ASA 5500 Series firewalls are widely used and continue to provide small and mid-size organizations a viable security solution.
Cisco PIC and the original ASA 5500 firewalls deliver robust user and program policy enforcement, mutlivector assault defense, and safe connectivity features. The enhanced intelligence sharing of integrated security features in a stand-alone package provides users implementing these integrated firewalls the benefits of advanced security, reduced TCO, and smaller management expense.
PIX firewalls and Cisco's ASA 5500 Series join IOS Firewall, the Firewall Services Module for Catalyst 6500 switches, and Cisco 7600 Series routers as components of Cisco's flexible, self-contained firewall product. Engineered with a scalable, building-block approach, every offering is designed with a specific array of options to provide more efficient security to a variety of network situations. These products can be independently deployed to secure specific areas of a connectivity environment, or can be combined for a layered, protection-in-depth strategy based on the architecture leading practices described in the Cisco SAFE Blueprint. Completing the integrated firewall solutions, Cisco has developed a comprehensive security management product portfolio, spanning Cisco security appliance and Cisco IOS Software security components and embedded appliance managers, to standalone management programs, moving to ensure that businesses can effectively use their Cisco protection infrastructure investments.
Cisco PIX Security Appliance Series
PIX firewall appliances offer reliable user and application policy support, multi-source invasion defense, and safe networking services in affordable, easy-to-deploy modules. These specialized appliances offer a broad range of integrated security and networking capabilities such as application-aware firewall features, Voice over IP and multimedia security, robust multi-site and remote-connectivity IP Security (IPsec) VPN connectivity, fault tolerance, smart networking services, and flexible administration solutions. The Cisco PIX Security Appliance Series product line spans compact plug-and-go desktop units for small and home offices to modular high-bandwidth products with ROI for enterprise and ISP customers, PIX firewall appliances deliver dependable security, speed, and availability for environments of any size.
Based upon a tested, purpose-built operating system that delivers rich security features, Cisco PIX firewall appliances provide excellent protection and have earned Common Criteria Evaluation Assurance Level 4 status and ICSA Firewall and IP Security (IPsec) qualification. Cisco PIX firewall appliances provide protection for a wide range of VoIP and other mixed-media standards including H.323 v. 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol, and MGCP, helping organizations to protect installations of a broad range of contemporary and next-generation IP voice and mixed-media applications.
Cisco PIX firewalls offer a variety of configuration, monitoring, and troubleshooting features, providing IT managers the flexibility to utilize the techniques that most closely meet their needs. Administrative options include common, policy-based administration utilities, integrated web-based management, and compatibility with remote-monitoring standards such as Simple Network Management Protocol (SNMP) and syslog. The integrated Adaptive Security Device Manager interface provides a world-class web-accessible management solution that significantly streamlines the deployment, in-place configuration, and monitoring of a single PIX firewall appliance without the need of any extra utility beyond an ordinary browser and Java plug-in to be running on an administrator's computer.
IT managers can also remotely set up, track, and troubleshoot PIX firewall appliances via a command-line interface. Safe command-line interface (CLI) access is possible through several techniques including SSHv2 Protocol, Telnet over IPsec, and out-of-band through a console port. Cisco PIX firewalls also have robust auto-update capabilities, a collection advanced protected remote-management services that make sure that security settings and software images/ are always current.
Cisco Adaptive Security Appliances Firewalls
Cisco Adaptive Security Appliances Firewalls are purpose-built solutions that incorporate market-proven, industry-leading security and VPN support plus a flexible architecture. The end product is a powerful, versatile network security appliance better able to defend small and midsize business and larger networks and, at the same time, lower the overall installation and maintenance costs previously associated with this high level of protection.
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage engineering developed for the Cisco PIX 500 Security Appliance, the Cisco IPS 4200 Intrusion Prevention System, and Cisco's VPN 3000 family concentrator. These solutions enable the Cisco Adaptive Security Appliances Firewall product line to offer a platform that defends against a broad range of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide program security, local containment, and clean VPN connectivity throughout Cisco's product portfolio. This breadth of protection enables the guarding of any network section, including the most typical attack conduits like remote locations, locally-connected inside users, and remote access VPNs.
Cisco Adaptive Security Appliances (ASA) firewalls provide robust application security through intelligent, application-sensitive inspection engines that examine network flows at Layers 4-7. The result is a better protected environment including web, voice, and mobile wireless connectivity. To protect networks against application-layer assaults and to give businesses greater policing of the programs and protocols used in their environments, Cisco's inspection engines incorporate extensive application and protocol knowledge and rely on security enforcement solutions that include protocol anomaly detection and state tracking. Also incorporated are attack detection and remediation technology including application/protocol command filters and content verification. Cisco Adaptive Security Appliances (ASA) 5500 Series firewall inspection engines also provide control over instant messaging and peer-to-peer file sharing, enabling organizations to enforce usage policies and conserve bandwidth for important business processes.
At the same time as improving security, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls also lower deployment and operational expenses. By offering broad VPN and protection functions, the Cisco Adaptive Security Appliances firewall can be used as the single device for a multitude of uses, enabling product standardization. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can be deployed as a converged attack-prevention device at the datacenter by taking advantage of its connectivity control, process inspection, and worm, virus, and other malware remediation technologies. The Cisco Adaptive Security Appliances 5500 Series firewall can also be used as a dedicated remote connectivity solution utilizing its VPN capabilities. As another option, the Cisco Adaptive Security Appliances 5500 Series firewall performs equally well in the network interior for inter-office access control and to defend against malware inside workers may unwittingly introduce into the network. For small company and satellite office networks, the Cisco ASA firewall serves as a total solution platform providing comprehensive threat prevention and VPN functionality while suiting the cost structure and operational demands of such situations.
This adaptive one-platform, many-solution design reduces the total number of devices that must be installed and maintained while offering a common operating and management environment throughout all those installations. This architecture simplifies the education of configuration, tracking, troubleshooting, and security staff. To further minimize operations costs, Cisco Adaptive Security Appliances 5500 Series firewalls are also highly network aware, enabling these devices to integrate gracefully into the environment without interfering with legitimate traffic and processes.
How Progent's Consultants Can Assist You with Cisco PIX and ASA Security Appliances
Cisco ASA Series adaptive security appliances and PIX family security appliances provide a wealth of configuration, tracking, and analysis features which give you the flexibility to configure these firewalls to align optimally with your company's requirements. Progent's CCIE certified network experts can help you to support your current infrastructure that includes Cisco ASA or PIX firewall technology and that offers protection, fault tolerance, performance, and manageability. Progent can also assist you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-certified information security engineers can assist your business to develop a security strategy appropriate for your situation and can set up your PIX or ASA firewall to enforce your security policies. Progent's risk assessment consultants can evaluate the effectiveness of your current firewall deployment and audit the overall security of your whole IT network. Progentís Technical Response Center (TRC) can deliver emergency remote technical support for Cisco products and offer quick access to a Cisco expert.
For more details about Progent's consulting support for Cisco solutions, choose a topic:
If you wish to ask Progent about professional support for Cisco technology, call 1-800-993-9400 or visit Contact Progent.