Teneo !!!

Aaron’s blog on Networking, and Enterprise Technology

Cisco discontinues the Pix Firewalls

Well, it has finally happened.  It was only a matter of time.  Since the Cisco ASA (Adaptive Security Appliance) did exactly what the Pix does, and them some, why support two lines?
Cisco announces that they will stop sales for the Pix Firewall in January 2009.  Support, however, will be continued until 2013.

See Cisco’s press release.

So, let’s talk about these ASA’s.  For those that do not know, the ASA is actually the PIX underneath, with modularity to allow you to expand it to a specific appliance, such as Application Inspection or Virus/Malware/Spyware inspection.  I’m actually using the one with the CSC module, which includes the Virus/Malware/Spyware inspection.  The ASA actually inspects SMTP,HTTP,POP3, and IMAP packets.

When I first purchased and used it 18 months ago, Trend Micro (who owns the scanning engine of the CSC module) had quite a few bugs in it, so, I didn’t like it at first.  Too many problems.  However, over the last 18 months, their updates and bug fixes have seem to stablize it a little bit

You can learn more about the ASA at Cisco’s website, if you aren’t already familiar.

Technorati Tags: , ,

3 responses to “Cisco discontinues the Pix Firewalls

  1. Colin Martin February 11, 2008 at 7:34 am

    I would urge you to look at a true “UTM” solution, rather than a solution like the ASA that has just “bolted” on additional applications. The Astaro solution is in version 7, and is far more stable/tried and true than the ASA solution. Astaro is also making it easy for PIX users that want to migrate, offering buy back support for the PIX – 20% off!; Here is the link it is really easy to work with them as well 😉


  2. Aaron Paxson February 18, 2008 at 10:58 am

    Hi Colin! Thanks for the response. I’m not so sure a “True UTM” solution is a good thing. Personally, I like the fact that certain boxes are devoted to just solving 1 or 2 problems for two reasons:

    1). Isolation – The fact that if my Intrusion Detection module fails (or some other security module), the rest of my security processes are not degraded.

    2). Skill-set dedication – I like the fact that a certain device or program is dedicated to just one or two things it does well at. When looking at one-device-for-everything, it makes you feel uneasy that some features were neglected in order for other features to hit their deadline.

    To add to number 2, I feel uneasy about the “one device for everything” topic. It makes me feel that the company is so arrogant, they know everything about security, and can put it all in one box.

    Cisco realizes there are better companies out there for certain things. For example, the CSC module in the ASA is built by Trend Micro for the scanning of viruses and malware/spyware/adware.

    I’m not saying Astaro technology isn’t good, or that the device you are selling is poor. I’m sure it’s a great product, and I haven’t tried it yet. However, my personal opinion on the UTM solution is quite poor.

    Now, if we were to re-design the UTM definition to include multiple devices (even if from the same company) I would feel a little better.

    Again, my opinion is not against Astaro, but rather, your comment on “True UTM”.

  3. Colin Martin April 22, 2008 at 6:26 am

    Hi Aaron, sorry for the delay in responding to you. I appreciate your feedback and insight into the UTM security concept. The truth is, most of the people I speak to about the Astaro UTM Solution have the exact same concerns. Let me share with you exactly what is going on under the hood of Astaro;

    Astaro has integrated best-of-breed products, (open source and commercial applications) into one solution, software or hardware. Applications such as Snort, Surf Control,Authentium & Clam AV. The value that Astaro brings to table is a single interface to control ALL of these applications. Astaro is offering you a way to leverage all (10+ applications)of these applications without doing the integration work yourself.

    Take Snort for example- Snort is somewhat difficult to manage out of the box on its own, with many false positives, Astaro’s inteface and additional review of the IDP patterns makes these issues go away. The Up2Date service updates ALL of the applications as well, so your never left in the lurch.

    With Version 7 Astaro has successfully added stateful failover as well as clustering. This means that if you demand high availability, or back up for your primary gateway you can take advantage of this functionality.

    Astaro has redefined UTM by the sheer number of applications that they have integrated. These applications include Firewall/VPN, IDP,VP for email & Web, Spyware /Phishing protection, Content Filtering, Spam Protection & Email Encryption.

    If you would like to test an Astaro, feel free to download Astaro for free at http://www.astaro.com, or we would be happy to send you an evaluation unit.

    I hope addressed your concerns favorably, if anything needs further clarification, let me know.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: