Cisco PIX firewalls and Cisco ASA Series firewalls integrate next-generation firewall, intrusion protection, and Virtual Private Network features in an economical, one-cabinet format. Both product families have been replaced by Cisco's ASA 5500-X line of security appliances with Firepower. (Refer to configuration and troubleshooting expertise for Cisco AA 5500-X firewalls with Firepower Services.) Still, both PIX and earlier-generation ASA 5500 model firewalls are widely deployed and continue to provide small and mid-size companies a reliable security environment.
PIX and the original ASA 5500 firewalls offer robust client and program policy support, mutlivector assault protection, and secure access features. The enhanced intelligence sharing of consolidated protection services in a single platform provides customers deploying these integrated solutions the advantages of advanced protection, lower TCO, and minimal maintenance expense.
PIX firewalls and the ASA 5500 Series join Cisco IOS Firewall, the Firewall Services Module for Cisco Catalyst 6500 switches, and Cisco 7600 family routers as parts of Cisco's versatile, self-contained firewall product. Based on an expandable, building-block approach, each device is designed with a particular feature set to deliver more efficient protection to a variety of networking environments. These products can be independently deployed to protect certain facets of a network environment, or can be grouped for a layered, protection-in-depth approach based on the design leading practices described in the Cisco SAFE framework. Rounding out the modular firewall product line, Cisco provides a complete security management portfolio, spanning Cisco security appliance and IOS security features and embedded appliance controllers, to self-contained management programs, moving to make sure that businesses can productively manage their Cisco security solution investments.
Cisco PIX firewall appliances offer reliable user and application policy support, multi-source invasion protection, and secure networking features in affordable, simple-to-configure solutions. These specialized devices offer a wealth of integrated protection and connectivity services including process-aware firewall services, Voice over IP (VoIP) and multimedia security, reliable site-to-site and remote-access IP Security (IPsec) Virtual Private Network networking, high availability, smart networking services, and versatile administration options. The PIX firewall Appliance family spans compact plug-and-play desktop units for small offices or home offices to modular high-bandwidth appliances with ROI for enterprise and service-provider environments, Cisco PIX firewalls deliver high levels of security, speed, and availability for networks of all sizes.
Based around a tested, purpose-built operating system that delivers rich security features, PIX security appliances provide excellent security and have received EAL 4 status and ICSA Labs Firewall and IPsec qualification. PIX firewalls offer security for a wide range of Voice over IP and additional mixed-media conventions such as H.323 v. 4, SIP, SCCP, Real-Time Streaming Protocol (RTSP), and MGCP, helping organizations to safeguard deployments of a wide array of current and upcoming IP voice and mixed-media applications.
Cisco PIX firewall appliances feature a variety of setup, tracking, and troubleshooting features, giving businesses the flexibility to use the techniques that most closely match their requirements. Administrative solutions include common, policy-based management utilities, integrated web-accessible administration, and support for remote-monitoring protocols like SNMP and syslog. The integrated Adaptive Security Device Manager system offers a world-class web-based control platform that significantly simplifies the installation, ongoing configuration, and monitoring of a specific PIX firewall without the need of any additional software beyond an ordinary web browser and Java plug-in to be installed on an administrator's computer.
Administrators can also remotely configure, monitor, and troubleshoot PIX firewall appliances via a CLI interface. Safe command-line interface (CLI) communication is possible using a number of methods including Secure Shell Protocol, Telnet over IP Security, and out-of-band through a console port. Cisco PIX firewalls also include robust auto-update capabilities, a collection advanced protected remote-administration services that make sure that security configurations and software images/ are kept up to date.
Cisco Adaptive Security Appliances Firewalls
Cisco ASA 5500 Series Firewalls are purpose-built solutions that bring together advanced, industry-leading security and Virtual Private Network support with an adaptive architecture. The end product is a powerful, versatile network security appliance better able to defend small and medium business and enterprise networks and, at the same time, reduce the overall installation and maintenance costs formerly associated with this high level of protection.
Cisco Adaptive Security Appliances Firewalls build on technology behind the PIX 500 Series firewall, Cisco's IPS 4200 Intrusion Prevention System, and the Cisco VPN 3000 model concentrator. These solutions converge on the Cisco ASA 5500 Series Firewall family to offer a firewall that defends against a broad range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver program security, local containment, and clean Virtual Private Network functionality across the entire product line. This breadth of security enables defense of any network segment, which includes the most typical attack conduits such as remote locations, LAN-attached inside users, and remote access Virtual Private Networks.
Cisco ASA 5500 Series firewalls deliver a high-level of application security via intelligent, application-aware inspection engines that analyze traffic at Layers 4-7. This produces a safer network covering web, voice, and mobile wireless connectivity. To defend networks against application-layer assaults and to offer organizations greater control over the programs and protocols utilized in their environments, Cisco's inspection engines integrate extensive application and protocol knowledgebases and employ protection enforcement solutions that include protocol anomaly detection and state tracking. Also included are assault sensing and mitigation techniques including application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances firewall inspection engines also provide control over IM and peer-to-peer file sharing, allowing businesses to police usage policies and free up network bandwidth for crucial business applications.
At the same time as improving security, Cisco ASA firewalls also decrease deployment and operational expenses. By offering broad VPN and security functions, the Cisco Adaptive Security Appliances 5500 Series firewall can be used as the single device for a multitude of environments, allowing platform commonality. The Cisco Adaptive Security Appliances 5500 Series firewall can be used as a converged attack-protection device at the datacenter by leveraging its connectivity control, application inspection, and worm, virus, and other malware remediation capabilities. The Cisco Adaptive Security Appliances (ASA) 5500 Series firewall can also be deployed as a dedicated remote access device utilizing its VPN capabilities. As another option, the Cisco ASA firewall serves equally well in the network interior for inter-office connectivity management and to defend against malware internal users might unknowingly introduce into the environment. In small company and branch office environments, the Cisco Adaptive Security Appliances (ASA) 5500 Series firewall acts as an all-in-one platform providing comprehensive threat defense and Virtual Private Network services while suiting the budgets and operational demands of these situations.
This versatile single-platform, multiple-solution approach minimizes the number of appliances that must be installed and maintained while offering a standard operating and management system throughout all installations. This approach streamlines the training of configuration, monitoring, support, and protection personnel. To further minimize operations costs, Cisco ASA 5500 Series firewalls are also exceptionally network aware, allowing them to insert gracefully into the network without disrupting authorized traffic and processes.
How Progent's Consultants Can Assist You with Cisco PIX and ASA Firewalls
Cisco ASA 5500 Series firewalls and PIX security appliances provide an array of setup, tracking, and analysis options that give you the flexibility to set up these security appliances to match your company's needs. Progent's CCIE authorized network professionals can assist you to maintain your existing infrastructure that incorporates Cisco ASA and/or PIX firewalls and that offers security, resilience, throughput, and recoverability. Progent can also help your organization to migrate to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's GISA and CISM-qualified information security professionals can assist your business to create a security strategy appropriate for your situation and can set up your PIX or ASA firewall to enforce your security policies. Progent's risk assessment experts can assess the strength of your current firewall deployment and help determine the security of your whole IS network. Progentís Help Desk Call Center can provide urgent online troubleshooting for Cisco technology and offer fast access to a Cisco network engineer.
To learn additional information concerning Progent's engineering assistance for Cisco solutions, select a topic:
In order to get in touch with Progent about professional expertise for Cisco products, call 1-800-993-9400 or visit Contact Progent.