Data Security and Compliance

Cisco is a perennial leader in delivering state-of-the-art firewalls for the broadest possible variety of environments. Cisco's Firepower Next Generation Firewall (NGFW) appliances provide an advanced firewall platform that marshals sophisticed hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to block, discover, and mitigate cyberthreats automatically. Progent's Cisco-certified CCIE-certified firewall experts can help your organization to design and carry out a smooth migration to Cisco Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and show you how to enhance Firepower firewalls with Cisco's security services to build and centrally manage IT ecosystems that encompass branch offices, data centers, private clouds and public clouds. Progent can also assist you to maintain and troubleshoot legacy Cisco security appliances. Progent's certified cybersecurity consultants can help you with policy creation and tuning driven by leading practices so you can establish a consistent and effective security posture that applies to all your networked devices at any location.

Cisco's Firepower NGFW Firewall Appliances
Cisco's line of Firepower Next-Generation Firewalls offer modern protection and centralized control at prices, speed, and expandability to fit deployments ranging from branch offices and small businesses to major enterprises and service providers. Cisco's Firepower NGFW devices deliver a major performance improvement over Cisco's previous-generation security appliances and include unified management and automation of modern security capabilities like application visibility and control (AVC), next-generation intrusion protection with risk prioritization, advanced malware protection, URL filtering, and sandboxing.

All Firepower Next-Generation firewalls have a one-pass architecture and permit uninterrupted analysis and retrospective detection, which allows the firewalls to provide outbreak management and to pinpoint root causes. Firepower Next-Generation firewalls also have the option of URL Filtering and subscription-free sandboxing for finding elusive threats, behavioral indicators of compromise, and malware artifacts. NGIPS rule tuning and network firewall policy creation are performed automatically, eliminating the need for time-consuming intervention by cybersecurity specialists. All Firepower Next-Generation firewalls offer the choice of using either Firepower Threat Defense (FTD) or Cisco Adaptive Security Appliance (ASA) software. Unified deployment, logging, system monitoring, and reporting capabilities can be controlled either via Management Center or in the cloud with Defense Orchestrator.

Cisco Firepower 1000 Series NGFW Firewalls
Firepower NGFW 1000 Series Firewalls are targeted at small organizations, home offices, or branches. Devices in this family offer improved value vs. comparable Cisco ASA models, delivering 4-6X faster firewall throughput. Local management can be performed with Cisco Firepower Device Manager. These firewalls feature a built-in 10/100/1000 Ethernet interface for network management, an RJ-45 console port, a USB interface, and 200 Gbytes of storage. Active/active and Active/standby high availability is provided along with VPN load balancing.

Cisco's Firepower 1010 model is a desktop or wall-mount, fanless device that delivers 890 Mbps throughput, Application Visibility/Control, and NGIPS. The unit includes eight integrated RJ-45 I/O ports, two of them POE+ capable. IPsec VPN throughput is 500 Mbps and the appliance allows 100K simultaneous sessions, 6,000 new connections/second, and a maximum of 75 VPN peers. The Firepower 1120 firewall is a 1RU device that provides firewall throughput of 2.3 Gbps. The unit features eight RJ45 integrated I/O ports and four SFP interface ports. IPsec VPN performance is 1.2 Gbps and the unit supports 200K simultaneous sessions, 15,000 new connections per second with Application Visibility/Control (AVC), and up to 150 VPN peers.

The Firepower 1140 model firewall is a 1RU rackmount appliance that delivers firewall performance of 3.3 Gbps. The appliance includes eight built-in RJ-45 interface ports and four SFP interface ports. IPsec VPN performance is 1.4 Gbps and the unit supports 400K simultaneous sessions, 22K new connections/second with AVC, and up to 400 VPN peers. The Firepower 1150 firewall is a 1RU appliance that delivers firewall throughput of 5.3 Gbps. The appliance features eight built-in RJ-45 interface ports, two SFP interfaces, and two 10G SFP+ interface ports. IPsec VPN performance is 2.4 Gbps and the appliance allows 600K concurrent sessions, 28,000 new connections/second, and up to 800 VPN peers.

Cisco Firepower 2100 Series NGFW Firewalls
Cisco's Firepower 2100 Series NGFW Firewalls are single-rack appliances designed for use at the Internet edge or the data center. Devices in this line feature a dual multicore processor design that enables them to offer 3-6X faster throughput than Cisco ASA 5545-X to ASA 5555-X models they are designed to replace. Local management can be done with Firepower Device Manager. All Firepower 2100 Series NGFW Firewalls incorporate 12 RJ45 interfaces and four SFP interfaces. These firewalls include one integrated 10M/100M/1GBASE-T RJ-45 Ethernet interface for management, an RJ-45 console interface, and one USB 2.0 Type-A connection. High availability is supported along with VPN load balancing.

The Firepower 2110 firewall includes four integrated 1 Gigabit SFP Ethernet ports and 100 GB of storage. The 2110 delivers 2.6 Gbps firewall performance and 800 Mbps IPsec VPN throughput and allows 1 million simultaneous sessions, 18,000 new connections/second, and a maximum of 1,500 VPN peers. Cisco's Firepower 2120 firewall features 12 built-in 10M/100M/1GBASE-T Ethernet RJ-45 interfaces, four integrated 1G SFP Ethernet interfaces, and 100 GB of storage. The 2120 delivers 3.4 Gbps firewall throughput and 1 Gbps IPsec VPN performance and enables 1.5 million concurrent sessions, 28,000 new connections/second and as many as 3,500 VPN peers.

Cisco's Firepower 2130 model firewall comes with 4 integrated 10 Gb SFP+ interface ports and 200 GB of storage. The 2130 also accepts a network module with eight additional interface ports. The Firepower 2130 delivers 5.4 Gbps firewall performance and 1.9 Gbps IPsec VPN performance and supports 2 million concurrent sessions, 30,000 new connections per second, and a maximum of 7,500 VPN peers. Cisco's high-end Firepower 2140 model firewall includes 4 integrated 10 Gigabit SFP+ ports and 200 GB of storage. The 2140 also scales via a network module with eight extra ports for a maximum of 24 Ethernet interfaces. The 2140 model delivers 10.4 Gbps firewall performance and 3.6 1Gbps IPsec VPN throughput and supports three million concurrent, 57,000 new connections per second, and as many as 10,000 VPN peers. Both the 2130 and 2140 units feature redundant AC or DC power supplies.

Cisco 3100 Firewall Series
Cisco's 3100 Firewall Series appliances are modular 1RU devices intended for large companies who need performance, high port count, and zero-trust cybersecurity at the Internet edge, the corporate data center, or a private cloud. For high availability, all Secure Firewall 3100 Series models support 8-chassis clustering and operate in either Active/active or Active/standby mode. The units can run Cisco's ASA or Firewall Threat Defense software. Built-in I/O for each device includes 8 10M/100M/1GBASE-T Ethernet interface ports (RJ-45) and eight 1/10 Gigabit (SFP) Ethernet interface ports. Available network modules offer 1/10/25/40G options and all models include 900 GB of storage as well as a spare storage slot.

Cisco's 3110 Firewall model offers 18 Gbps firewall throughput and 8 Gbps IPsec VPN performance. The 3110 supports two million simultaneous sessions, 64,000 new connections/second, and a maximum of 3,000 VPN peers. Cisco's Secure Firewall 3120 device delivers 22 Gbps firewall performance and up to 10 Gbps IPsec VPN throughput. The 3120 firewall allows 4 million simultaneous sessions, 98K new connections/second, and as many as 7,000 VPN peers. Cisco's Secure Firewall 3130 device delivers 42 Gbps firewall performance and up to 14 Gbps IPsec VPN throughput. The 3130 firewall supports 6 million simultaneous sessions, 200K new connections per second, and a maximum of 15,000 VPN peers. Cisco's 3140 Firewall appliance offers 49 Gbps firewall performance and 17 Gbps IPsec VPN throughput. The 3140 firewall supports 10 million concurrent sessions, 200K new connections/second, and a maximum of 20K VPN peers.

Cisco Firepower 4100 Series Next-Generation Firewalls
Cisco's Firepower 4100 Series Next-Generation Firewalls are 1RU rack appliances designed for deployment at high-performance data centers. Devices in this line deliver 5-10X faster performance than the Cisco ASA 5585-X firewall they are engineered to succeed. Onsite management can be performed using Cisco Firepower Device Manager. All Firepower 4100 Series Next-Generation Firewalls include 8 integrated SFP+ interfaces and all accept a selection of add-in network modules for up to 24 ports. All Firepower 4100 Series NGFW Firewalls offer VPN load balancing, high availability, and clustering of as many as six chassis. These devices feature an integrated 1 Gigabit Ethernet interface for network management, one RJ-45 console interface, and one USB connection.

The Firepower 4110 firewall includes 200 GB of storage and delivers 13 Gbps firewall throughput and 6 Gbps IPsec VPN throughput. The 4110 model allows 10 million simultaneous sessions, 64K new connections/second, and as many as 10K VPN peers. Cisco's Firepower 4112 firewall comes with 400 GB of storage and delivers 19 Gbps firewall throughput and 8.5 Gbps IPsec VPN throughput. The 4112 firewall supports 10 million simultaneous sessions, 98K new connections/second, and up to 10,000 VPN peers. Cisco's newer Firepower 4115 device has 400 GB of storage and delivers 27 Gbps firewall throughput and 8 Gbps IPsec VPN performance. The 4115 unit supports 15 million simultaneous sessions, 200K new connections/second, and as many as 15,000 VPN peers. Cisco's Firepower 4120 model includes 200 GB of storage and delivers 22 Gbps firewall performance and 19 Gbps IPsec VPN performance. The 4120 unit supports 15 million simultaneous sessions, 118K new connections per second, and as many as 15,000 VPN peers. Cisco's newer Firepower 4125 appliance includes 800 GB of storage and offers 40 Gbps firewall performance and 14 Gbps IPsec VPN performance. The 4125 unit allows 25 million simultaneous sessions, 265K new connections per second, and as many as 20K VPN peers.

Cisco's Firepower 4140 firewall includes 400 GB of storage and delivers 32 Gbps firewall performance and 13 Gbps IPsec VPN performance. The 4140 unit supports 25 million simultaneous sessions, 172K new connections per second, and a maximum of 20K VPN peers. Cisco's more recent Firepower 4145 model features 800 GB of storage and offers 53 Gbps firewall performance and 18 Gbps IPsec VPN performance. The 4145 firewall allows 30 million concurrent sessions, 350K new connections per second, and a maximum of 20K VPN peers. The Cisco Firepower 4150 unit includes 400 GB of storage and offers 45 Gbps firewall performance and 14 Gbps IPsec VPN performance. The 4150 firewall allows 30 million simultaneous sessions, 263K new connections/second, and up to 20K VPN peers.

Cisco Firepower 9300 Series NGFW Firewalls
Cisco's Firepower 9300 Series Next-Generation Firewalls are massively scalable and carrier-grade firewalls. The 3 Rack Units enclosure of Firepower 9300 Next-Generation Series firewalls accepts two network modules and three security modules. Fully loaded, the 9300 can hold 24 10G Ethernet Enhanced Small Form-Factor Pluggable network interfaces or eight 100G connections. Clustering of up to five chassis allows a total 1.2 Tbps of firewall throughput. The high-end Cisco Firepower 9300 SM-56 delivers 70 Gbps firewall throughput and 27 Gbps IPsec VPN performance. The 9300 SM-56 allows 35 million concurrent sessions, 490K new connections per second, and a maximum of 20,000 VPN peers.

Cisco's ASA 5500-X and Legacy Firewalls
Cisco's ASA 5500-X, ASA 5500 Series, and PIX firewall appliances provide integrated firewall, IPsec VPN, and IPS capabilities in single-box devices, delivering a broad array of features to meet the security requirements of companies ranging from small and mid-size businesses to enterprises and ISPs. Cisco's ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances enable network security teams to protect their network perimeter and offer secure offsite and mobile access while utilizing advanced management mechanisms based on Cisco's industry-leading firewall products.

Cisco's ASA 5500 Series and PIX 500 firewall appliances have arrived at end-of-life but are still commonly deployed in smaller businesses as well as in some enterprise networks. The ASA 5500-X Series Next-Generation Firewalls represent significantly more value and have supplanted the ASA 5500 and PIX 500 families of firewalls for new deployments. Still, Cisco's legacy firewalls, if carefully maintained, continue to deliver a high level of protection by supplying multiple services including stateful firewall, IPsec VPN, and IPS.

After Cisco's acquisition of Sourcefire, the whole line of ASA 5500-X devices can be provisioned to enable Firepower Services, based on Sourcefire's Snort product, which is the market's most deployed intrusion protection system. Firepower services provide enhanced capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.

Progent's Cisco CCIE-premier network consultants can assist your organization to maintain and debug older ASA 5500 and PIX firewalls and can also help you to design and implement an efficient upgrade to Cisco's ASA 5500-X Series firewalls with Firepower. Progent can also help you to plan, deploy, tune, administer and debug new firewall solutions built on Cisco's latest ASA 5500-X models with Firepower Services. Progent can also assist your organization to migrate from your Cisco ASA 5500-X Series deployment to Cisco's latest Firepower NGFWs Firewalls.

Cisco's ASA 5500-X Firewall Product Family
Cisco's comprehensive line of ASA 5500-X security appliances features an enhanced substitute for every rack-mountable model in the previous ASA 5500 series of firewalls. Each ASA 5500-X model is suited for the same market as the associated previous models, which gives most plenty of choice for picking a solution that aligns with their security needs and IT budgets. All ASA 5500-X firewalls build on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and support Cisco's powerful security services. All devices in Cisco's ASA 5500-X family deliver dependable security across any mix of physical, virtual, and cloud deployments.

For additional information about ASA 5500-X firewalls, Firepower services, and Progent's consulting for ASA firewalls, visit Firepower integration and debugging expertise

Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with either software or physical modules that support Firepower Services, which provide layered protection against sophisticated threats. Firepower Services are powered by innovative technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA firewalls include:

• Layered protection against both familiar and zero-day threats
• Cisco's Advanced Malware Protection (AMP) that uses big data techniques to discover and mitigate security breaches
• Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that covers clients, infrastructure, software applications, and content to detect attacks that incorporate multiple vectors
• High-resolution Application Visibility and Control that is familiar with thousands of applications and can automatically launch standard and customized IPS policies depending on the severity of risk

Simpler implementations of Cisco ASA 5500-X firewalls can be efficiently managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility included with all ASA 5500-X models. ASDM includes a convenient web console for configuring, managing, and troubleshooting ASA 5500-X firewalls and service modules.

For more complex environments, ASA 5500-X firewalls with Firepower can be managed with Firepower Management Center, implemented as one or more physical or virtual appliances. Firepower Management Center provides unified firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection. Because of frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under several names that include Cisco Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.

Cisco's Firepower Management Center offers features unavailable with Cisco's on-device ASDM tool. Extra capabilities include greater context awareness, Advanced Malware Protection (AMP) with remediation for client devices, a console that offers dynamic network infrastructure visualization, automated policy optimization based on impact assessment of attacks, advanced IPS, custom application discovery for Application Visibility and Control, customized health alerts, improved reporting features, and application interfaces for host input and databases. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's ASA 5500-X on-box ASDM or the ASA 5500-X CLI.

Cisco ASA 5500 Series Adaptive Security Appliances
Cisco ASA Firewalls leverage engineering developed for the Cisco PIX 500 firewall, the IPS 4200 Series Intrusion Prevention System, and Cisco's VPN 3000 family concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to deliver a firewall that stops the widest variety of attacks. Cisco Adaptive Security Appliances Firewalls deliver program security, local containment and control, and safe VPN connectivity throughout Cisco's product portfolio. This breadth of protection enables defense of any network area, which includes the most typical threat vectors such as remote locations, locally-connected inside users, and off-site connected Virtual Private Networks.

Cisco Adaptive Security Appliances (ASA) 5500 Series firewalls deliver a high-level of application protection through smart, application-sensitive inspection engines that examine traffic at Layers 4-7. This produces a more secure network covering Web, voice, and mobile wireless access. To defend against application-layer attacks and to provide better control over the programs and protocols used in their environments, Cisco's inspection engines integrate broad application and protocol knowledge and rely on protection enforcement technologies that include protocol anomaly sensing and state monitoring. Also incorporated are attack detection and remediation technology such as application/protocol command filters and content verification. Cisco Adaptive Security Appliances firewall inspection engines also deliver management of instant messaging and peer-to-peer file sharing, allowing organizations to police usage policies and conserve network bandwidth for important business applications.

For more information about Progent's consulting services for Cisco's ASA 5500 security appliances, go to ASA 5500 firewalls configuration and troubleshooting services.

Cisco PIX Firewalls
Built upon a hardened, specialized software platform that offers a wealth of protection features, Cisco PIX firewall appliances offer excellent protection and have received EAL 4 status and ICSA Labs Firewall and IP Security certification. PIX firewall appliances provide protection for a broad array of VoIP and additional multimedia standards such as H.323 Version 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol, and MGCP, helping organizations to safeguard installations of a broad range of current and next-generation Voice over IP and mixed-media applications.

Administrators can furthermore remotely configure, track, and troubleshoot Cisco PIX security appliances via a CLI interface. Safe command-line interface access is possible through several methods including SSHv2 Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. Cisco PIX security appliances also have robust automatic-update capabilities, a set of advanced secure remote-management services that ensure firewall settings and software images are always up to date.

For additional details about Progent's consulting services for PIX 500 security appliances, go to Cisco PIX 500 firewalls integration and debugging services.

Progent's Migration Consulting Services for Cisco Firewalls
Because Cisco has discontinued offering the PIX and ASA 5500 product lines, many businesses are uncomfortable with relying on a critical security mechanism that might stop being supported by Cisco. Cisco ASA 5500-X and Firepower Series security appliances have the advantage of being current products and also offer several functions and economic benefits in comparison to PIX 500 firewalls. These advantages include substantially better performance, optional SSL VPN capability, and a modular architecture that protects your investment by enabling you to self-install more security services whenever you need them. Progent's Cisco certified network engineers can assist your company to assess the strategic case for upgrading from PIX 500 or ASA 5500 firewalls, create a migration plan that permits a quick and seamless changeover, help you to set up new ASA 5500-x Series or Firepower NGFW Series appliances, and provide remote training, consulting, and technical support services.

Other Ways Progent Can Assist You with Cisco ASA and PIX Security Appliances
Cisco Firepower Series, ASA 5500 Series, and PIX security appliances incorporate a wealth of setup, tracking, and analysis features which give you the flexibility to set up these firewalls to match your business requirements. Progent's CCIE certified network professionals can show you how to design a cost-effective network infrastructure that includes Cisco security appliances and that offers world-class protection, fault tolerance, throughput, and manageability. Progent's CISA and CISSP-ISSP-certified IS security experts can assist your business to create a security strategy appropriate for your business and can set up your security appliance to support your security strategy. Progent's security evaluation engineers can evaluate the strength of your current firewall deployment and validate the security of your whole IS environment. Progent's Help Desk Call Center can deliver urgent online troubleshooting for Cisco technology and can give you fast access to a Cisco CCIE network engineer.

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

• Check Point Software Consulting
• Watchguard Consulting
• Juniper Networks NetScreen and SSG Firewall Consulting
• SonicWall Consulting
• Symantec Raptor Consulting

• Overview of Progent's Cisco Network Support
• Fast Online Access to a Cisco CCIE Consultant
• Cisco Firepower NGFW Series Firewalls: Integration and Troubleshooting Expertise
• ASA 5500-X Firewalls with Firepower Services: Integration and Troubleshooting Expertise
• ASA 5500 Series Firewall Troubleshooting Expertise
• Cisco Routers Configuration and Troubleshooting Support
• Cisco Wireless Deployment Services
• Aironet Access Points Engineering Expertise
• Cisco Small Business 100, 300 and 500 WiFi Access Points Consulting Help
• Catalyst 802.11ax Wi-Fi 6/6E APs Solution Design, Configuration and Troubleshooting Expertise
• Cisco WiFi Controllers Experts
• Cisco Meraki Wireless Access Points Consulting Services
• Cisco Unified Communications Manager (CUCM or Unified CM) and Cisco CallManager Integration and Technical Support
• Cisco Voice over IP (VoIP) Phones and IP Video Phones Expertise and Wireless VoIP Phone Configuration
• Cisco Jabber Deployment Services
• Catalyst Switches Engineering Services
• Cisco Nexus Switches Configuration and Maintenance Expertise
• Meraki Switches Consulting and Support Expertise
• Cisco Security and VPN Integration Expertise
• SIP and CUBE Infrastructure Solutions: SIP PSTN Trunks and CUBE Integration Consulting
• Cisco Duo MFA Two-factor Authentication (2FA) Services for Teleworkers
• Design Solutions for Cisco-based Datacenters and Colocation Centers
• Infrastructure Design Services for Service Providers
• Unified Cloud-based and Hybrid Management Technologies for Cisco-powered Environments

For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.

Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is designed to help organizations to take the time-critical first phase in mitigating a ransomware attack by putting out the fire. Progent's remote ransomware engineer can help you to identify and quarantine infected servers and endpoints and protect clean assets from being compromised. If your system has been penetrated by any strain of ransomware, don't panic. Get immediate help by calling Progent's Ransomware Hot Line at 800-462-8800. For more information, see Progent's Ransomware 24x7 Hot Line.