Cisco PIX security appliances and Cisco ASA 5500 Series adaptive security appliances integrate next-generation firewall, intrusion defense, and Virtual Private Network features in an affordable, one-cabinet format. Both product lines have been superseded by the ASA 5500-X family of firewalls with Firepower Services. (See configuration and debugging support for Cisco AA 5500-X firewalls with Firepower Services.) Still, both PIX and first-generation ASA 5500 Series firewalls are extensively used and continue to provide small and mid-size companies a reliable security environment.
Cisco PIC and the original ASA 5500 firewalls deliver powerful user and program policy support, mutlivector assault protection, and safe access services. The enhanced intelligence sharing of integrated protection services in a stand-alone package offers users deploying these aggregated solutions the benefits of advanced security, reduced TCO, and smaller maintenance expense.
PIX firewalls and the ASA 5500 Series combine with Cisco IOS Firewall, the Firewall Services Module for Catalyst 6500 switches, and Cisco 7600 routers as parts of Cisco's versatile, self-contained firewall solutions. Engineered with a scalable, building-block platform, each offering is designed with a specific feature set to provide more efficient protection to different network situations. These products can be independently deployed to protect specific facets of the connectivity infrastructure, or can be combined for a layered, defense-in-depth strategy based on the architecture leading practices described in Cisco's SAFE Blueprint. Completing the integrated firewall product line, Cisco has developed a comprehensive security management portfolio, spanning Cisco security device and Cisco IOS security features and built-in appliance managers, to standalone management applications, moving to ensure that businesses can effectively manage their Cisco protection solution investments.
Cisco PIX Firewall Appliances
PIX firewall appliances deliver reliable user and application policy enforcement, multi-source attack protection, and safe networking features in economical, easy-to-deploy modules. These purpose-built devices offer a wealth of built-in security and connectivity services including application-aware firewall features, Voice over IP and multimedia protection, reliable multi-location and remote-connectivity IPcec Virtual Private Network (VPN) connectivity, high availability, intelligent networking services, and versatile management options. The Cisco PIX firewall Appliance family ranges from small plug-and-go desktop units for small and home offices to modular high-bandwidth products with ROI for large business and service-provider customers, Cisco PIX Security Appliance Series provide dependable security, performance, and availability for networks of any size.
Based upon a hardened, purpose-built operating system that delivers rich protection features, PIX firewalls offer excellent protection and have been awarded EAL 4 status and ICSA Labs Firewall and IPsec qualification. PIX firewall appliances offer security for a broad range of VoIP and other multimedia conventions such as H.323 Version 4, SIP, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, helping organizations to safeguard installations of a wide range of contemporary and upcoming IP voice and mixed-media applications.
Cisco PIX security appliances offer a wealth of configuration, monitoring, and analysis options, providing businesses the flexibility to use the techniques that most closely meet their requirements. Administrative options include centralized, policy-based administration tools, integrated web-based management, and support for remote-tracking protocols such as SNMP and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) system provides a world-class web-based control solution that greatly simplifies the deployment, ongoing configuration, and monitoring of a specific Cisco PIX security appliance without the need of any extra utility beyond a standard web browser and Java plug-in to be running on an administrator's computer.
IT managers can also remotely configure, track, and analyze Cisco PIX security appliances using a CLI interface. Secure CLI interface communication is available through several techniques such as SSHv2 Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. PIX security appliances also include robust auto-update capabilities, a set advanced secure remote-administration services that make sure that firewall settings and software images are kept current.
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls
Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls are purpose-built solutions that incorporate market-proven, best-of-breed protection and VPN support with a flexible design. The end product is a powerful, versatile network security appliance better able to protect small and midsize business (SMB) and larger networks and, simultaneously, reduce the overall installation and maintenance costs formerly associated with this enhanced degree of protection.
Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls provide robust application protection via intelligent, application-sensitive inspection processes that examine network flows at Layers 4-7. This produces a more secure network including web, voice, and mobile wireless connectivity. To protect environments from application-layer assaults and to offer organizations more control over the programs and protocols used in their networks, Cisco's inspection engines integrate extensive application and protocol knowledge and rely on protection enforcement technologies such as anomaly detection and state monitoring. Also included are attack detection and mitigation techniques including application and protocol command filters and content verification. Cisco ASA 5500 Series firewall inspection engines also provide management of IM and tunneling applications, allowing organizations to police usage policies and preserve bandwidth for critical business applications.
While improving network security, Cisco Adaptive Security Appliances firewalls also lower deployment and operational expenses. By offering broad Virtual Private Network and protection services, the Cisco Adaptive Security Appliances 5500 Series firewall can be a single device for a multitude of uses, allowing product commonality. The Cisco Adaptive Security Appliances firewall can be used as a converged threat-prevention appliance at a central location by taking advantage of its connectivity control, process inspection, and malware mitigation technologies. The Cisco Adaptive Security Appliances (ASA) firewall can also be used as a dedicated remote access solution using its Virtual Private Network capabilities. Alternatively, the Cisco Adaptive Security Appliances firewall performs equally well in the network interior for interdepartmental access control and to defend against malware internal users might unwittingly introduce into the network. For small business and branch office networks, the Cisco ASA firewall acts as an all-in-one platform offering complete intrusion defense and VPN functionality while suiting the cost structure and operational demands of these situations.
This adaptive one-device, many-use design reduces the total number of devices that need to be installed and maintained while providing a common functional and management environment across all deployments. This architecture streamlines the education of configuration, monitoring, troubleshooting, and security personnel. To further reduce maintenance expenses, Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls are also highly network aware, allowing them to integrate seamlessly into the environment without disrupting legitimate traffic and applications.
How Progent Can Assist Your Business with Cisco Firewalls
Cisco ASA 5500 Series firewalls and PIX family security appliances provide an array of configuration, monitoring, and analysis options which offer you the flexibility to set up these security appliances to align optimally with your business requirements. Progent's CCIE certified network experts can show you how to support your current infrastructure that includes Cisco ASA or PIX security appliances and that provides protection, fault tolerance, performance, and manageability. Progent can also assist you to upgrade to Cisco ASA 5500-X firewalls with Firepower Services.
Progent's CISA and CISSP-ISSP-premier IS security experts can help you to develop a security strategy that makes sense for your environment and can configure your security appliance to support your security strategy. Progent's risk evaluation engineers can assess the strength of your current firewall solution and audit the overall security of your entire IT network. Progent's Technical Response Center can provide emergency remote technical support for Cisco technology and offer fast access to a Cisco CCIE network engineer.
For additional details concerning Progent's engineering support for Cisco solutions, pick a subject: