Cisco's PIX security appliances and ASA Series adaptive security appliances combine next-generation firewall, intrusion protection, and Virtual Private Network (VPN) functionality in an affordable, one-cabinet package. Both product families have been replaced by Cisco's ASA 5500-X series of firewalls with Firepower. (See integration and troubleshooting support for ASA 5500-X firewalls with Firepower Services.) Nevertheless, both PIX and previous-generation ASA 5500 model adaptive security appliances are extensively deployed and continue to deliver small and mid-size companies a viable firewall environment.
PIX and legacy ASA 5500 firewalls offer robust client and program policy support, mutlivector assault defense, and secure connectivity features. The increased knowledge sharing of integrated protection services in a single platform offers customers implementing these aggregated solutions the benefits of enhanced security, reduced cost of ownership, and minimal management costs.
PIX firewalls and Cisco's ASA 5500 product line combine with IOS Firewall, the Firewall Services Module (FWSM) for Cisco Catalyst 6500 switches, and Cisco 7600 family routers as parts of Cisco's versatile, integrated firewall line. Engineered with an expandable, building-block platform, each device is equipped with a specific feature set to provide better protection to a variety of network environments. These products can be individually deployed to secure certain facets of a network infrastructure, or can be grouped for a systematic, protection-in-depth approach following the architecture leading practices described in Cisco's SAFE Blueprint. Completing the integrated firewall product line, Cisco has developed a comprehensive security management portfolio, spanning Cisco security appliance and Cisco IOS security features and built-in appliance managers, to standalone management applications, helping to make sure that customers can productively use their Cisco protection infrastructure investments.
PIX firewall appliances deliver robust user and application policy enforcement, multi-source attack defense, and secure networking features in economical, out-of-the-box solutions. These specialized devices provide a wealth of built-in protection and connectivity services such as process-aware firewall features, Voice over IP (VoIP) and multimedia security, reliable multi-site and remote-access IPcec VPN connectivity, high availability, smart networking services, and versatile administration solutions. The PIX firewall Appliance family spans small plug-and-go appliances for small and at home offices to stackable gigabit appliances with ROI for large business and service-provider customers, Cisco PIX firewall appliances provide high levels of security, speed, and availability for networks of any size.
Based around a tested, purpose-built OS that delivers a wealth of protection features, PIX firewall appliances provide a high level of security and have been awarded Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IPsec certification. PIX firewall appliances offer security for a broad array of Voice over IP and other multimedia conventions including H.323 Version 4, Session Initiation Protocol, SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, helping businesses to safeguard installations of a broad range of contemporary and next-generation VoIP and mixed-media applications.
Cisco PIX security appliances feature a variety of setup, monitoring, and troubleshooting features, providing businesses the versatility to use the methods that best meet their requirements. Management options include centralized, policy-based management utilities, integrated web-accessible management, and support for remote-tracking standards like Simple Network Management Protocol and syslog. The integrated Adaptive Security Device Manager system provides a world-class web-based control platform that significantly simplifies the installation, in-place configuration, and monitoring of a specific Cisco PIX security appliance without requiring any additional software beyond a standard web browser and Java applet to be running on an administrator's PC.
IT managers can furthermore remotely set up, monitor, and troubleshoot Cisco PIX security appliances using a command-line interface. Secure CLI interface communication is available through several techniques such as SSHv2 Protocol, Telnet over IPsec, and out-of-band via a console port. Cisco PIX firewalls also include dependable auto-update features, a collection of protected remote-administration services that make sure that firewall configurations and software images/ are always current.
Cisco Adaptive Security Appliances 5500 Series Firewalls
Cisco Adaptive Security Appliances Firewalls are specially engineered devices that bring together advanced, industry-leading protection and VPN support with an adaptive design. The end product is a powerful, multifunction network protection appliance better suited to defend small and midsize company and larger networks and, simultaneously, reduce the overall deployment and maintenance expenses previously associated with this enhanced level of security.
Cisco ASA 5500 Series Firewalls build on technology behind the Cisco PIX 500 Series Security Appliance, the IPS 4200 family Intrusion Prevention System, and Cisco's VPN 3000 model concentrator. These solutions converge on the Cisco ASA 5500 Series Firewall product line to offer a firewall that stops a broad range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide application protection, network containment and control, and safe Virtual Private Network functionality across the entire product line. This broad scope of security allows defense of any network segment, which includes the most typical attack conduits such as remote locations, locally-attached internal users, and off-site access VPNs.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver robust application protection via intelligent, application-aware inspection processes that examine network flows at Layers 4-7. The result is a safer environment covering web, voice, and mobile wireless connectivity. To protect environments against application-layer attacks and to offer businesses greater policing of the programs and protocols utilized in their networks, Cisco's inspection engines incorporate broad application and protocol knowledge and rely on protection enforcement technologies such as protocol anomaly sensing and application and protocol state monitoring. Also incorporated are attack detection and mitigation techniques such as application/protocol command filtering and content verification. Cisco Adaptive Security Appliances firewall inspection engines also deliver management of IM and tunneling applications, enabling organizations to police usage policies and preserve bandwidth for vital business applications.
At the same time as increasing security, Cisco ASA 5500 Series firewalls also lower deployment and operational expenses. By offering broad VPN and security functions, the Cisco Adaptive Security Appliances 5500 Series firewall can be used as the the only platform for many uses, allowing product standardization. The Cisco Adaptive Security Appliances firewall can be deployed as a consolidated attack-prevention device at a central location by leveraging its connectivity control, application inspection, and malware remediation technologies. The Cisco ASA firewall can also be deployed as a dedicated remote connectivity solution utilizing its VPN capabilities. Alternatively, the Cisco Adaptive Security Appliances 5500 Series firewall operates capably in the network interior for inter-office connectivity management and to defend against worms, viruses, and other malicious code inside users may unwittingly release into the environment. For small company and satellite office environments, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall acts as a total solution platform offering comprehensive threat prevention and VPN services while fitting within the budgets and performance demands of such situations.
This adaptive single-platform, multiple-use approach reduces the total number of devices that must be deployed and managed while offering a standard operating and management system throughout all those installations. This architecture simplifies the training of setup, tracking, troubleshooting, and protection personnel. To further minimize operations expenses, Cisco Adaptive Security Appliances firewalls are also exceptionally network conscious, enabling them to integrate gracefully into the environment without interfering with authorized data flow and processes.
How Progent Can Help Your Business with Cisco Firewalls
Cisco's ASA Series firewalls and PIX security appliances incorporate a wealth of configuration, tracking, and analysis features that offer you the ability to configure these firewalls to align optimally with your company's needs. Progent's CCIE authorized network professionals can assist you to support your existing network infrastructure that incorporates Cisco ASA or PIX firewalls and that provides security, fault tolerance, performance, and manageability. Progent can also assist you to upgrade to ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISM-qualified IS security professionals can help you to develop a security strategy appropriate for your business and can configure your PIX or ASA firewall to enforce your security policies. Progent's risk assessment experts can evaluate the effectiveness of your existing firewall solution and validate the security of your whole IS environment. Progentís Help Desk support team can deliver emergency online technical support for Cisco technology and can give you fast access to a Cisco CCIE expert.
For additional information about Progent's professional help for Cisco products, pick a topic:
In order to contact Progent about consulting assistance for Cisco networking, call 1-800-993-9400 or visit Contact Progent.