Now's the time to plan your PIX to ASA Migration
 |
Why should organisations consider migrating from the Cisco PIX security appliance to the Cisco ASA adaptive security appliance?
There are many reasons and advantages for organisations that currently deploy Cisco PIX security appliances to migrate to the Cisco ASA adaptive security appliances. Cisco announced on 28th January 2008 that the Cisco PIX product range was end of sale. Considerations customers should take into account in respect of supply and support of PIX products include:
· End of sales for platforms and bundles: 28th July 2008.
· End of sales for accessories: 27th January 2009.
· End of software maintenance releases: 28th July 2009.
From a technology standpoint the Cisco ASA appliances are built on the industries most trusted firewall technology, the PIX security appliances. In comparison to the PIX the ASA offers more robust firewall and secure remote access (VPN) capabilities. Also customers can benefit from new features and enhanced performance at a lower cost. Features and benefits include:
· Modular design, which allows:
· Advanced intrusion protection and threat detection services – Organisations can benefit from inline intrusion prevention preventing malicious users or traffic from entering network segments.
· Content security control – Organisations can benefit from anti virus, anti spam, malware/spyware protection, anti phishing and URL filtering with the content security control module.
· The ability to add additional physical interfaces such as 4 port copper and fibre Gigabit Ethernet or 2 port fibre 10 Gigabit Ethernet.
· Clientless (SSL) remote access capabilities – The ability for remote access users to access internal resources without the need for a VPN client such as web based applications.
· Advanced unified communications security – Utilising features such as TLS phone proxy providing the ability to secure both external and internal voice communications. Furthermore, reducing costs by leveraging the ability of the ASA to unify connection services such as voice, mobile devices, IPSec and SSL VPN into a single solution and eliminating the need to deploy VPN devices and clients at remote sites.
· Improved configuration and management capabilities with the use of adaptive security device manager (ASDM), an intuitive, easy-to-use, web-based management interface. ASDM utilises intelligent wizards, robust administration tools, and versatile monitoring services that complement the ASA’s advanced security and networking features.
· Continued commitment into development and support of the ASA5500 series.
· Significantly improved performance at a lower cost. The table below depicts how the ASA 5520 weighs up against it’s most similar PIX predecessor the 515 E:
|
Standard specification |
ASA 5520 |
PIX 515 E |
|
Firewall throughput |
450 Mbps |
190 Mbps |
|
Concurrent connections |
280,000 |
130,000 |
|
VPN throughput |
225 Mbps |
63 to 135 Mbps (only achieved with add on VAC or VAC+ accelerator card) |
|
Interfaces |
4 x 10/100/1000 and 1 x 10/100 Maximum of 150 virtual LAN’s |
2 x 10/100 |
|
Security Contexts |
2 as standard maximum of 20 |
0 as standard maximum of 5 |
|
Optional advanced security services (modules). |
Advanced intrusion prevention module Advanced Security control module |
None
|
· Nowcomm engineers have the required knowledge and experience to help customers smoothly migrate their PIX firewall solutions to an ASA solution. Furthermore, Nowcomm can also assist customers that deploy PIX firewalls and VPN 3000 concentrator solutions into a single ASA solution for firewall and VPN services.