Cisco is a long-time leader in developing cutting-edge firewalls for the broadest possible variety of deployments. Cisco's Firepower Next Generation Firewall (NGFW) security appliances provide a modern firewall solution that marshals sophisticed hardware, cloud-based services, and machine learning to anticipate, identify, and mitigate cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can help you to plan and carry out a smooth upgrade to Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and show you how to enhance Firepower appliances with Cisco's security services to build and centrally manage network environments that encompass branch offices, data centers, private clouds and public clouds. Progent can also help you to manage and debug legacy Cisco firewalls. Progent's certified cybersecurity experts can help you with policy creation and tuning driven by leading practices in order to build a consistent security profile that applies to all your devices anywhere.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's family of Firepower Next-Generation Firewalls deliver advanced security and centralized management at prices, speed, and expandability to fit deployments spanning telecommuters and small businesses to global enterprises and service providers. Cisco's Firepower NGFW devices deliver a major performance improvement compared to Cisco's older firewalls and offer centralized management and automation of modern security features such as application visibility and control (AVC), next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection, URL filtering, and sandboxing.
All Firepower NGFW firewalls have a single-pass design and support uninterrupted inspection and retrospective identification, which makes it possible to initiate outbreak controls and to pinpoint patient zero. Firepower NGFW firewalls also have the option of URL Filtering and sandboxing for finding evasive and sandbox-aware threats, behavioral indicators of compromise, and malware artifacts. NGIPS rule tuning and network firewall policy are performed automatically, eliminating the need for manual intervention by cybersecurity specialists. All Firepower Next-Generation security appliances offer the choice of running either Cisco Firepower Threat Defense (FTD) or Cisco Adaptive Security Appliance software. Centralized configuration, logging, system monitoring, and reporting functions can be controlled either by Cisco's Management Center or in the cloud with Defense Orchestrator.
Cisco Firepower 1000 Series Next-Generation Firewalls
Firepower Next-Generation 1000 Series Firewalls are intended for small organizations, telecommuters, or branch offices. Devices in this series offer better value vs. corresponding Cisco ASA firewalls, providing 4-6X faster firewall speed. Local management can be done using Cisco Firepower Device Manager. These appliances include an integrated 10M/100M/1GBASE-T RJ-45 Ethernet interface for network management, an RJ-45 console port, a USB 3.0 Type-A connection, and 200 Gbytes of storage. Active/active and Active/standby high availability is provided along with VPN load balancing.
Cisco's Firepower 1010 firewall is a desktop, quiet device that delivers 890 Mbps throughput, AVC, and NGIPS. The firewall includes 8 integrated RJ-45 I/O interface ports, two of them POE+ capable. IPsec VPN throughput is 400 Mbps and the firewall supports 100K simultaneous sessions, 6,000 new connections/second, and a maximum of 75 VPN peers. The Firepower 1120 firewall is a 1RU appliance that delivers firewall throughput of 2.3 Gbps. The appliance has 8 RJ45 integrated I/O ports and four SFP interface ports. IPsec VPN performance is 1.2 Gbps and the firewall allows 200K simultaneous sessions, 15,000 new connections/second with Application Visibility/Control (AVC), and a maximum of 150 VPN peers.
The Firepower 1140 firewall is a 1RU rackmount device that delivers firewall throughput of 3.3 Gbps. The firewall comes with 8 built-in RJ-45 interface ports and four SFP interface ports. IPsec VPN throughput is 1.4 Gbps and the firewall supports 400K simultaneous sessions, 22K new connections per second with Application Visibility/Control, and as many as 400 VPN peers. The Firepower 1150 model firewall is a 1RU device that delivers firewall performance of 5.3 Gbps. The unit has 8 integrated RJ-45 ports, two SFP ports, and two 10G SFP+ ports. IPsec VPN performance is 2.4 Gbps and the appliance allows 600K concurrent sessions, 28,000 new connections/second, and up to 800 VPN peers.
Cisco Firepower 2100 Series Next-Generation Firewalls
Cisco's Firepower 2100 Series NGFW Firewalls are 1RU rack appliances designed for use at the data center. Devices in this line have a dual multicore processor architecture that allows them to deliver 3-6X faster performance than Cisco ASA 5545-X to ASA 5555-X models they are designed to succeed. Onsite management can be performed with Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls incorporate 12 RJ45 ports and four SFP ports. These firewalls include one integrated 10/100/1000 Ethernet port for network management, an RJ-45 console port, and one USB 2.0 Type-A interface. Active/standby high availability is supported along with VPN load balancing.
The Firepower 2110 firewall includes 4 built-in 1 Gb SFP Ethernet interface ports and 100 GB of storage. The 2110 offers 2.6 Gbps firewall performance and 800 Mbps IPsec VPN throughput and supports 1 million simultaneous sessions, 18,000 new connections per second, and up to 1,500 VPN peers. Cisco's Firepower 2120 model firewall includes 12 integrated 10M/100M/1GBASE-T RJ-45 interfaces, four built-in 1G SFP Ethernet ports, and 100 GB of storage. The 2120 offers 3.4 Gbps firewall performance and 1 Gbps IPsec VPN performance and permits 1.5 million simultaneous sessions, 28,000 new connections per second and up to 3,500 VPN peers.
Cisco's Firepower 2130 firewall has four built-in 10 Gigabit SFP+ interface ports and 200 GB of storage. The 2130 also accepts a network module with 8 extra ports. The Firepower 2130 offers 5.4 Gbps firewall performance and 1.9 Gbps IPsec VPN throughput and supports two million concurrent sessions, 30,000 new connections per second, and a maximum of 7,500 VPN peers. Cisco's high-end Firepower 2140 firewall has four built-in 10G SFP+ ports and 200 GB of storage. The unit also accepts a network module with 8 extra interfaces for a total of 24 Ethernet interfaces. The 2140 offers 10.4 Gbps firewall throughput and 3.6 1Gbps IPsec VPN performance and allows 3 million concurrent, 57,000 new connections per second, and as many as 10,000 VPN peers. Both the 2130 and 2140 appliances feature redundant AC or DC power supplies.
Cisco 3100 Firewall Series
Cisco's Secure Firewall 3100 Series models are modular single-rack units targeted at enterprises who need throughput, high port count, and zero-trust security at the Internet edge, the data center, or a private cloud. For maximum uptime, all Secure Firewall 3100 Series models allow 8-chassis clustering and work in Active/active or Active/standby mode. The appliances can run Cisco's ASA or Firewall Threat Defense software. Integrated I/O for each model includes 8 10M/100M/1GBASE-T Ethernet interface ports (RJ-45) and eight 1/10 Gigabit (SFP) Ethernet ports. Available network modules offer 1/10/25/40G options and all versions have 900 GB of storage plus an additional storage expansion slot.
Cisco's Secure Firewall 3105 model delivers 10 Gbps firewall throughput and 5.5 Gbps IPsec VPN performance. The 3105 allows 1.5 million concurrent sessions, 90,000 new connections/second, and up to 2,000 VPN peers. Cisco's Secure Firewall 3110 device delivers 10 Gbps firewall performance and 8 Gbps IPsec VPN performance. The 3110 supports 2 million simultaneous sessions, 130,000 new connections per second, and up to 3,000 VPN peers. Cisco's 3120 Firewall device delivers 21 Gbps firewall throughput and up to 10 Gbps IPsec VPN throughput. The 3120 allows 4 million simultaneous sessions, 170,000 new connections/second, and a maximum of 7,000 VPN peers. Cisco's Secure Firewall 3130 model delivers 42 Gbps firewall throughput and 14 Gbps IPsec VPN throughput. The 3130 supports 6 million simultaneous sessions, 200K new connections/second, and up to 15,000 VPN peers. The 3130 has 8 1/10/25G SFP+ interface ports. Cisco's 3140 Firewall device offers 49 Gbps firewall performance and up to 17 Gbps IPsec VPN performance. The 3140 allows 10 million concurrent sessions, 200K new connections per second, and a maximum of 20K VPN peers. The 3140 model has eight 1/10/25G SFP+ interface ports.
Cisco Firepower 4100 Series NGFW Firewalls
Cisco's Firepower 4100 Series Next-Generation Firewalls are one-rack appliances intended for deployment at the Internet edge or high-performance data centers. Devices in this series deliver 5-10X faster performance than the Cisco ASA 5585-X firewall they are designed to replace. Onsite management can be performed using Cisco Firepower Device Manager. All Firepower 4100 Series NGFW Firewalls include 8 integrated SFP+ ports and all accept a variety of add-in network modules for a maximum of 24 ports. All Firepower 4100 Series NGFW Firewalls offer virtual private network load balancing, high availability, and clustering of as many as six chassis. These firewalls feature an integrated 1 Gigabit Ethernet port for network management, an RJ-45 console interface, and one USB 2.0 port.
Cisco's Firepower 4110 firewall features 200 GB of storage and offers 13 Gbps firewall throughput and 6 Gbps IPsec VPN throughput. The 4110 supports 10 million concurrent sessions, 64K new connections/second, and as many as 10K VPN peers. Cisco's Firepower 4112 firewall includes 400 GB of storage and offers 19 Gbps firewall performance and 8.5 Gbps IPsec VPN performance. The 4112 appliance supports 10 million simultaneous sessions, 98K new connections per second, and a maximum of 10,000 VPN peers. Cisco's Firepower 4115 model firewall comes with 400 GB of storage and offers 33 Gbps firewall throughput and 8 Gbps IPsec VPN throughput. The 4115 firewall supports 15 million simultaneous sessions, 210K new connections per second, and as many as 15,000 VPN peers. Cisco's Firepower 4120 firewall has 200 GB of storage and delivers 22 Gbps firewall performance and 19 Gbps IPsec VPN performance. The 4120 firewall allows 15 million simultaneous sessions, 118K new connections per second, and as many as 15,000 VPN peers. Cisco's Firepower 4125 device has 800 GB of storage and delivers 45 Gbps firewall performance and 19 Gbps IPsec VPN throughput. The 4125 firewall supports 25 million concurrent sessions, 269K new connections/second, and as many as 20K VPN peers.
The Firepower 4140 model firewall comes with 400 GB of storage and offers 32 Gbps firewall performance and 13 Gbps IPsec VPN performance. The 4140 unit supports 25 million concurrent sessions, 172K new connections/second, and as many as 20K VPN peers. Cisco's more recent Firepower 4145 model includes 800 GB of storage and offers 53 Gbps firewall throughput and 24 Gbps IPsec VPN performance. The 4145 unit allows 30 million concurrent sessions, 365K new connections/second, and a maximum of 20K VPN peers. Cisco's Firepower 4150 firewall features 400 GB of storage and delivers 45 Gbps firewall performance and 14 Gbps IPsec VPN throughput. The 4150 unit supports 30 million simultaneous sessions, 263K new connections per second, and as many as 20K VPN peers.
Cisco Secure Firewall 4200 Series
Cisco's Secure Firewall 4200 appliances are modular single rack units intended for use at enterprise campuses and data centers that need high-end throughput, manageability, and scale. Secure Firewall 4200 Series devices deliver more than double the performance of prior generation firewalls and offer high port density. As many as 8 chassis can be clustered for high availability and future expansion. Crypto accelerator enables traffic decryption without performance loss, and zero trust application access can provide complete threat inspection for applications. 4200 Series appliances can be managed locally by the Firewall Management Center or in the cloud using Cisco Defense Orchestrator. Every 4200 firewall comes with eight 1/10/25 Gigabit Ethernet built-in ports and features two module slots for easy expansion. Up to 24 total Ethernet interfaces are possible. Every 4200 device includes 1.8 TB x 2 storage.
Cisco's Secure Firewall 4215 product is built for enterprise campuses with high growth expectations. The device delivers 90 Gbps firewall throughput and 45 Gbps max IPsec VPN performance. The 4215 can handle 15 million concurrent firewall connections, 350 K new connections each second, and as many as 20,000 VPN peers. The Secure Firewall 4225 product is built for large enterprise data centers. The model delivers 95 Gbps firewall performance and 80 Gbps IPsec VPN performance. Cisco's 4225 firewall allows 30 million simultaneous firewall connections, 600 K new connections per second, and up to 25,000 VPN peers. The Secure Firewall 4245 appliance is intended for service providers who need to handle a high volume of traffic. Cisco's 4245 delivers 180 Gbps firewall performance and 140 Gbps IPsec VPN throughput. The 4245 can support 60 million concurrent firewall connections, 800 K new connections per second, and up to 30,000 VPN peers.
Cisco Firepower 9300 Series NGFW Firewalls
Cisco's Firepower 9300 Series Next-Generation Firewalls are massively scalable and carrier-grade security appliances. The 3 Rack Units (3RU) chassis of Firepower 9300 NGFW Series firewalls accepts two network modules and three security modules. Altogether, the Firepower 9300 can support 24 10G SFP+ ports or eight 100 Gigabit Ethernet connections. Intrachassis clustering of up to five 9300 chassis delivers a total 1.2 Tbps of firewall throughput. The high-end Cisco Firepower 9300 SM-56 x 3 delivers 235 Gbps firewall throughput and 27 Gbps IPsec VPN throughput. The unit allows 195 million simultaneous sessions, 4.75 M new connections per second, and a maximum of 20,000 VPN peers.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco's ASA 5500-X Series, ASA 5500 Series, and PIX firewalls offer integrated firewall, VPN, and intrusion prevention system capabilities in single-box devices, delivering a wide range of features to match the security requirements of organizations from small businesses to enterprises and ISPs. Cisco's ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls allow network security staffs to protect their network perimeter and offer secure offsite and mobile access while utilizing powerful management tools built on Cisco's industry-leading firewall technology.
Cisco's ASA 5500 and PIX 500 firewalls have reached end-of-life but are still commonly deployed in small and mid-size organizations and in a few enterprise data centers. The ASA 5500-X Series Next-Generation Firewalls deliver significantly more value and have superseded Cisco's ASA 5500 and PIX lines of firewalls for new installations. Still, Cisco's legacy firewall appliances, if properly managed, continue to offer a high level of protection by supplying a variety of features such as firewall, VPN, and IPS.
Since Cisco's acquisition of Sourcefire, the entire family of ASA 5500-X firewalls can be provisioned to support Firepower Services, based on Sourcefire's Snort product, which is the market's most popular network intrusion protection system (IPS). Firepower services provide enhanced capabilities including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco-premier network engineers can assist you to maintain and troubleshoot legacy ASA 5500 Series and PIX firewalls and can also help you to plan and implement an efficient migration to Cisco's ASA 5500-X firewalls with Firepower Services. Progent can also assist you to design, deploy, optimize, manage and debug new firewall solutions built on Cisco's latest ASA 5500-X models with Firepower. Progent's firewall consultants can also help your organization to upgrade from your Cisco ASA 5500-X Series deployment to Cisco's latest Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive family of ASA 5500-X firewalls features an improved substitute for each rack-mountable model in the previous ASA 5500 series of firewalls. Each ASA 5500-X model is suited for the same environment as the corresponding earlier models, which offers most plenty of choice for selecting a solution that meets their security needs and budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore processors and support Cisco's powerful security services. All models in Cisco's ASA 5500-X product line deliver consistent security across any combination of physical, virtual, and cloud deployments.
For more details about Cisco's ASA 5500-X security appliances, Cisco Firepower services, and Progent's support for Cisco ASA security appliances, visit Cisco Firepower integration and troubleshooting consulting
Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances accept either software or physical modules that enable Firepower Services, which offer layered defense against advanced threats. Firepower Services are powered by technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X firewalls include:
Simpler implementations of Cisco ASA firewalls can be efficiently managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility provided with all ASA 5500-X models. ASDM provides a convenient web console for configuring, administering, and troubleshooting ASA 5500-X devices and service modules.
For multi-device and multi-site deployments, ASA 5500-X appliances with Firepower can be managed using Firepower Management Center, available as one or more physical units or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been delivered under several names that include Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Cisco's Firepower Management Center offers capabilities unavailable with Cisco's on-box ASDM tool. Additional features include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for client devices, a dashboard that offers dynamic network visualization, automated policy tuning driven by risk assessment of attacks, advanced IPS, custom app discovery for Application Visibility and Control, customized health alerts, improved reporting options, and APIs for host input and database access. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be managed using the on-device ASDM or the ASA 5500-X command line interface.
Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances Firewalls leverage technology developed for Cisco's PIX 500 firewall, the IPS 4200 Series Intrusion Prevention System, and the VPN 3000 Series concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall product line to offer a firewall that defends against the widest variety of threats. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls deliver program security, local containment and control, and safe VPN connectivity across Cisco's product line. This breadth of security allows defense of any network segment, including the most typical threat conduits like remote locations, locally-attached inside users, and remote access Virtual Private Networks.
Cisco ASA firewalls deliver a high-level of application security through smart, application-aware inspection processes that analyze traffic at Layers 4-7. The result is a better protected network covering Web, voice, and 3G-mobile wireless access. To protect against application-layer attacks and to offer better control over the applications and protocols used in their networks, these inspection engines integrate broad application and protocol knowledgebases and rely on security enforcement technologies such as protocol anomaly detection and application and protocol state monitoring. Also incorporated are assault sensing and mitigation techniques including application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver control over IM and tunneling applications, enabling businesses to police usage policies and conserve bandwidth for important business processes.
For additional information about Progent's support services for Cisco's ASA 5500 firewalls, visit Cisco ASA 5500 series firewalls integration and troubleshooting support.
Cisco PIX Firewall Appliances
Based around a hardened, specialized OS that delivers rich security services, PIX firewall appliances provide excellent protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security (IPsec) certification. PIX firewall appliances provide protection for a broad range of Voice over IP and additional multimedia conventions including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol, Real-Time Streaming Protocol, and Media Gateway Control Protocol (MGCP), enabling businesses to safeguard installations of a broad array of current and upcoming VoIP and mixed-media applications.
IT managers can furthermore remotely set up, track, and troubleshoot Cisco PIX firewalls using a CLI interface. Safe command-line interface (CLI) communication is available through several methods including Secure Shell (SSHv2) Protocol, Telnet through IPsec, and out-of-band through a console port. PIX firewalls also include robust automatic-update capabilities, a set of advanced protected remote-administration services that ensure firewall settings and software images are always current.
For additional information about Progent's consulting services for Cisco PIX security appliances, visit Cisco PIX firewalls integration and debugging services.
Progent's Migration Consulting for Cisco Firewalls
Because Cisco has stopped offering the PIX and ASA 5500 product lines, many businesses are concerned about depending on a critical infrastructure mechanism that might no longer be supported. Cisco ASA 5500-X and Firepower NGFW Series firewalls offer the benefit of being current devices and also bring several technical and budgetary benefits in comparison to PIX devices. These benefits include substantially higher throughput, optional SSL tunneling capability, and an expandable design that protects your investment by enabling you to add more security features when and if you require them. Progent's Cisco certified network engineers can help your company to assess the business value of for upgrading from PIX 500 or ASA 5500 firewalls, create a migration process that allows for a quick and non-disruptive upgrade, assist you to install new ASA 5500-x or Firepower NGFW Series appliances, and provide online, consulting, and troubleshooting services.
Other Ways Progent Can Assist You with Cisco Firewalls
Cisco Firepower Series, ASA Series, and PIX family security appliances incorporate an array of configuration, tracking, and troubleshooting options that give you the ability to set up these firewalls to align optimally with your business requirements. Progent's CCIE authorized network professionals can help you to configure and support an efficient infrastructure that incorporates Cisco firewalls and that offers world-class protection, resilience, performance, and recoverability. Progent's GISA and CISM-premier IS security consultants can assist you to develop a security policy appropriate for your business and can set up your security appliance to enforce your security strategy. Progent's security evaluation professionals can assess the effectiveness of your current firewall deployment and help determine the security of your whole IT network. Progent's Technical Response Center (TRC) can provide emergency remote troubleshooting for Cisco products and offer fast access to a Cisco CCIE network engineer.
Integration of Cisco and Third-party Firewall Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
For more information about Progent's consulting and support services for Cisco technology, call
Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is intended to assist organizations to take the crucial first phase in responding to a ransomware attack by containing the malware. Progent's remote ransomware expert can help businesses to locate and isolate breached devices and guard undamaged assets from being penetrated. If your system has been penetrated by any version of ransomware, act fast. Get help quickly by calling Progent's Ransomware Hot Line at 800-462-8800. For details, visit Progent's Ransomware 24x7 Hot Line.