David’s Cisco Networking Blog

Feb 5 2008   12:02PM GMT

Sadly, the PIX Firewall is Discontinued…

David Davis David Davis Profile: David Davis

What is the name that everyone thinks of when they think of firewalls? The “PIX” firewall, right?

Sadly, the PIX will be discontinued by Cisco, as of January 27, 2009.  This was announced on January 28, 2008 in this Cisco Press Release. If you are a PIX owner, the good news is that Cisco will support it until the year 2013 so, no rush huh?

Of course, we all know that the PIX will be replaced by the ASA 5500 line. When the ASA was announced we all saw this coming, even though Cisco said that they had no plans to discontinue the PIX and that there was a place in the marketplace for both. Still, it just made sense to discontinue the PIX.

So can the ASA become as well known as the PIX? Instead of asking for a firewall will admins just say “we need to install an ASA”? And is it pronounced “A.S.A.” or “Aay-Sah-Uh”? Only time will tell…Cisco ASA 5510 with CSC Card

But seriously, the ASA is a very strong firewall and it can do a lot of things that the PIX could not do because the ASA is a real “UTM” or “Anti-X Appliance”. That means that, when combined with the CSC-SSM card (the card that really provides the Anti-X / UTM), the ASA is a much more complete firewall. The ASA is what businesses need today because, today, it isn’t enough to just maintain TCP states and drop traffic. You need intrusion prevention. You need filtering of traffic for viruses, worms, and malicious attack signatures in the real time. You want content filtering of web traffic. TCisco ASA 5505he ASA can do all that and more.

Do you have a Cisco ASA? What do you think of it? I’d like to hear from you! 

For more information on the Cisco ASA, checkout the ASA homepage over at Cisco.com

Personal Website: HappyRouter.com
Checkout David’s Video Training:
VMware ESX Server Video Training
Cisco CCNA & CCNP Video Training

4  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Toto
    Sadly? You must be kidding. PIX was never considered a viable scalable security solution and was never used in large telco environments such as Carriers or ISP's. It is difficult to manage, counter intuitive to configure and its performance while good does not surpass competing products in the same price/function range. PIX has been around for a while starting off on PC based systems (you needed a floppy disk to install or recover the unit!!!!) and its time is over, good riddance. Lets hope cisco uses what it has learned from its experience and provides us with a better product, which ASA seems to be.
    0 pointsBadges:
  • David Davis
    Hi Toto- I appreciate your comments! Although I agree with all your points and while I would never recommend the PIX to anyone - I guess I just had some attachment knowing that it was always "there" :) Thanks for reading! -David
    155 pointsBadges:
  • Ken Harthun
    The PIX was never meant for telcos and ISPs; it's an SMB solution and, I must say, a good one. We service a medium-sized health insurance service firm, a local bank with several branch offices, a credit union, and several other small to medium sized businesses in the financial and health care sectors that have sensitive data to protect. All of them have either a PIX 501 or 506 in place. NONE of them have ever been compromised and configuration/management has never been an issue. Here's my farewell: http://www.lockergnome.com/gnomewriter/2008/02/10/say-goodbye-to-an-old-friend-cisco-is-retiring-the-pix/
    2,300 pointsBadges:
  • Margaret Rouse
    Goodbye PIX and Polaroid instant film. Sigh....Time marches on.
    60,320 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: