Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
380
Views
0
Helpful
4
Replies

Executive summary for replacing PIX with ASA

bberry
Level 1
Level 1

‎10-23-2009 06:32 AM - edited ‎03-11-2019 09:30 AM

Does anyone have a link for a document that highlights the features of an ASA appliance over a PIX? We want to replace our PIXs but want to put together an executive summary with the advantages to go with the proposal. I have not seen a compare / contrast document on CCO so am working off the ASA feature guides and things.

Labels:
0 Helpful
4 Replies 4

francisco_1
Level 7
Level 7

‎10-23-2009 06:53 AM

PIX vs. ASA

While the PIX is an excellent firewall, the landscape of security has changed over the years. It's no longer sufficient to protect your network with a stateful packet filtering firewall. There are so many new threats to a network-including viruses, worms, unwanted applications (e.g., P2P, games, instant messaging), phishing, and application-layer attacks.

When a device does protect against this variety of threats, we say it offers "anti-X" capability or "multi-threat" protection. But the PIX just hasn't been able to offer this level of protection.

Most organizations don't want to have a PIX performing stateful firewall filtering and some other appliance protecting you from other threats. Instead, they want an "all-in-one" device-or a unified threat management (UTM) device.

The ASA does offer protection from these different types of attacks. It can even be more of a UTM device-however, it needs a Content Security and Control Security Service Module (CSC-SSM) to be a real UTM. This is the module in an ASA that performs the anti-X functions. Without the CSC-SSM, the ASA functions more like a PIX.

So which one is right for your organization? As always, the answer lies with your organization's unique needs. However, I would choose the ASA over the PIX any day. First of all, an ASA typically costs less than a similarly featured PIX. Besides the cost incentive, it just seems like a logical choice to choose the newer and faster technology.

ASA could take the place of three separate devices-a Cisco PIX firewall, a Cisco VPN 3000 Series Concentrator, and a Cisco IPS 4000 Series Sensor.

hope that provides you the infomation you need..

Francisco

0 Helpful

bberry
Level 1
Level 1
In response to francisco_1

‎10-23-2009 06:56 AM

Thanks .. I will see if I can incorporate these comments into what I am putting together. I am suprised that there is nothing as part of the EOS/EOL path for the PIX from Cisco.

Brent

0 Helpful

francisco_1
Level 7
Level 7
In response to bberry

‎10-23-2009 07:08 AM

see Functional Comparison under this URL for ASA and PIX

http://www.cisco.com/en/US/products/ps6120/products_white_paper0900aecd80282f76.shtml

0 Helpful

bberry
Level 1
Level 1
In response to francisco_1

‎10-23-2009 07:11 AM

Thanks .. The more the better so that I can get it down to that non-techie level and not leave out the good stuff.

Brent

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card