Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Executive summary for replacing PIX with ASA

Does anyone have a link for a document that highlights the features of an ASA appliance over a PIX? We want to replace our PIXs but want to put together an executive summary with the advantages to go with the proposal. I have not seen a compare / contrast document on CCO so am working off the ASA feature guides and things.

4 REPLIES

Re: Executive summary for replacing PIX with ASA

PIX vs. ASA

While the PIX is an excellent firewall, the landscape of security has changed over the years. It's no longer sufficient to protect your network with a stateful packet filtering firewall. There are so many new threats to a network-including viruses, worms, unwanted applications (e.g., P2P, games, instant messaging), phishing, and application-layer attacks.

When a device does protect against this variety of threats, we say it offers "anti-X" capability or "multi-threat" protection. But the PIX just hasn't been able to offer this level of protection.

Most organizations don't want to have a PIX performing stateful firewall filtering and some other appliance protecting you from other threats. Instead, they want an "all-in-one" device-or a unified threat management (UTM) device.

The ASA does offer protection from these different types of attacks. It can even be more of a UTM device-however, it needs a Content Security and Control Security Service Module (CSC-SSM) to be a real UTM. This is the module in an ASA that performs the anti-X functions. Without the CSC-SSM, the ASA functions more like a PIX.

So which one is right for your organization? As always, the answer lies with your organization's unique needs. However, I would choose the ASA over the PIX any day. First of all, an ASA typically costs less than a similarly featured PIX. Besides the cost incentive, it just seems like a logical choice to choose the newer and faster technology.

ASA could take the place of three separate devices-a Cisco PIX firewall, a Cisco VPN 3000 Series Concentrator, and a Cisco IPS 4000 Series Sensor.

hope that provides you the infomation you need..

Francisco

New Member

Re: Executive summary for replacing PIX with ASA

Thanks .. I will see if I can incorporate these comments into what I am putting together. I am suprised that there is nothing as part of the EOS/EOL path for the PIX from Cisco.

Brent

Re: Executive summary for replacing PIX with ASA

see Functional Comparison under this URL for ASA and PIX

http://www.cisco.com/en/US/products/ps6120/products_white_paper0900aecd80282f76.shtml

New Member

Re: Executive summary for replacing PIX with ASA

Thanks .. The more the better so that I can get it down to that non-techie level and not leave out the good stuff.

Brent

146
Views
0
Helpful
4
Replies