Learn about the differences between Cisco PIX and ASA

For many years, Cisco PIX has been a firewall established by Cisco. In May 2005, however, Cisco launched a new product, the Asa,adaptive security appliance, as an adaptive safety product. However, PIX is still available. I've heard a lot of people asking about the difference between the two product lines on a number of occasions. Let's take a look.

What is Cisco pix?

CISCO Pix is a dedicated hardware firewall. All versions of Cisco PIX have a 500-series product number. The most common products for home and small networks are PIX 501, while many midsize enterprises use the PIX 515 as the corporate firewall.

The PIX firewall uses the PIX operating system. Although the PIX operating system and Cisco IOS look very close, but for those who are very familiar with iOS, there are enough differences to make them dizzy.

The PIX Series Firewall uses the PDM (PIX Device Manager, PIX Device Manager) as the graphical interface. The graphical interface system is a Java program that is downloaded through a Web browser.

In general, a PIX firewall has an outward interface for connecting to an Internet router that is connected to the Internet. At the same time, PIX also has an inward interface that is used to connect to a local area network switch that is connected to the intranet.

What is Cisco ASA?

ASA is a brand new firewall and Anti-malware security appliance in the Cisco series. (Do not confuse this product with the PIX for static packet filtering)

ASA series of products are 5500 series. The Enterprise Edition includes 4 kinds: firewall,ips,anti-x, as well as VPN. And for small and medium-sized companies, there are commercial versions.

Overall, Cisco has a total of 5 models. All models use the ASA 7.2.2 version of the software, and the interface is very similar to Cisco PIX. CISCO pix and ASA have significant performance differences, but even the lowest ASA model offers much higher performance than the underlying PIX.

Like PIX, ASA also provides such as intrusion prevention systems (Ips,intrusion prevention system) and VPN concentrator. In fact, ASA can replace three standalone devices--cisco pix Firewalls, Cisco VPN 3000 series Concentrator, and Cisco IPS 4000 series sensors.

Now that we've looked at the basics of the two security tools, let's look at the results of their comparisons.

PIX to ASA

Although the PIX is a very good firewall, but the security aspects of the situation is changing. Just using a static packet filtering firewall to protect your network is far from enough. New threats are emerging for the web-including viruses, worms, unwanted software (such as Peer-to-peer software, games, instant messaging software), cyber fraud, and application-level attacks.

If a device can cope with a variety of threats, we say it provides "anti-x" capabilities, or it provides "multiple threats (multi-threat)" protection. But PIX simply cannot provide this level of protection.

The vast majority of companies do not want to install a single pix for static firewall filtering, while using some other tools to protect other threats. They prefer to adopt a "all-in-one" device-or a UTM (Unified threat Management) device.

ASA provides protection against these different types of attacks. It's even more powerful than a UTM device--but to be a real UTM, it also needs to install a CSC-SSM module (CSC-SSM, content security, and controls security Service) will do. The module provides ANTI-X functionality in ASA. If there is no CSC-SSM, the ASA function will look more like a pix.

So which one is right for your business? As we usually say, it depends on the needs of your business. However, I tend to prefer ASA, and then pix. First, the price of an ASA is lower than the pix of the same function. The reason to remove costs is not to mention, at least logically, that choosing ASA means choosing a newer and better technology.

For those already using Cisco PIX, Cisco has provided a migration guide to solve the problem of migrating from Cisco PIX to ASA. As far as I'm concerned, I think this is at least indicative of the fact that the days of Cisco terminating pix are getting closer. Although Cisco has not yet made a clear announcement, I think it's just a matter of time.

Keep in mind that with all the different threats on the internet, we can't simply have a firewall as usual, and a multiple-protection approach is essential to complete protection. Although ASA is a good choice, it does not mean that it is your only option. Many manufacturers offer good products and suggest you learn more about them before you finally choose ASA.