Data Security and Compliance

Cisco is a perennial front-runner in delivering cutting-edge firewall appliances for the widest possible variety of deployments. Cisco's Firepower Next Generation Firewall (NGFW) appliances provide a modern cybersecurity solution that marshals dedicated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to block, identify, and respond to threats automatically. Progent's Cisco-certified CCIE-certified firewall consultants can assist you to plan and execute a smooth upgrade to Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and show you how to integrate Firepower firewalls with Cisco's subscription-based security services to build and centrally control network ecosystems that encompass branch offices, data centers, and cloud resources. Progent can also help you to maintain and troubleshoot older-generation Cisco security appliances. Progent's certified cybersecurity experts can assist you with policy creation driven by industry best practices in order to establish a consistent security posture that applies to all your networked endpoints at any location.

Cisco's Firepower Next Generation Firewalls
Cisco's family of Firepower Next-Generation Firewalls deliver advanced protection and unified management at price points, performance levels, and scale to fit environments ranging from branch offices and small businesses to major enterprises and service providers. Cisco's Firepower NGFW devices provide a significant performance boost over Cisco's older security appliances and include centralized management of advanced cybersecurity capabilities like application visibility and control, next-generation intrusion protection with risk prioritization, advanced malware protection (AMP), DDoS mitigation, and sandboxing.

All Firepower NGFW firewalls have a one-pass architecture and support uninterrupted inspection and retrospective identification, which makes it possible to initiate outbreak management and to pinpoint patient zero. Firepower Next-Generation firewalls also have the option of URL Filtering and sandboxing for detecting evasive and sandbox-aware threats, behavioral indicators of compromise, and malware artifacts. Next-Generation IPS rule tuning and firewall policy are automated, requiring no time-consuming intervention by cybersecurity specialists. All Firepower NGFW security appliances give you the option of using either Cisco Firepower Threat Defense (FTD) or Adaptive Security Appliance (ASA) software. Unified configuration, logging, system monitoring, and reporting functions can be managed either by Management Center or in the cloud with Cisco Defense Orchestrator.

Cisco Firepower 1000 Series Next-Generation Firewalls
Firepower NGFW 1000 Series Firewalls are targeted at small businesses, home offices, or branch offices. Devices in this family deliver improved value vs. corresponding Cisco ASA 5506-X to ASA 5525-X firewalls, delivering 4-6X higher firewall throughput. Onsite management can be performed using Cisco Firepower Device Manager. These firewalls include an integrated 10M/100M/1GBASE-T Ethernet port for network management, an RJ-45 console interface, a USB port, and 200 Gbytes of storage. High availability is supported as well as virtual private network load balancing.

Cisco's Firepower 1010 model is a desktop, quiet appliance that offers 890 Mbps performance, AVC, and Next Generation Intrusion Prevention System. The firewall features eight integrated RJ-45 I/O interfaces, two of them POE+ capable. IPsec VPN performance is 500 Mbps and the device allows 100K concurrent sessions, 6,000 new connections/second, and up to 75 VPN peers. The Firepower 1120 firewall is a 1RU rack appliance that provides firewall performance of 2.3 Gbps. The firewall includes 8 RJ45 integrated I/O ports and four SFP interface ports. IPsec VPN performance is 1.2 Gbps and the firewall allows 200K simultaneous sessions, 15,000 new connections/second with AVC, and a maximum of 150 VPN peers.

The Firepower 1140 firewall is a 1RU device that delivers firewall performance of 3.3 Gbps. The appliance features eight built-in RJ-45 interface ports and four SFP interfaces. IPsec VPN performance is 1.4 Gbps and the firewall supports 400K simultaneous sessions, 22K new connections/second with Application Visibility/Control, and as many as 400 VPN peers. The Firepower 1150 firewall is a 1RU appliance that offers firewall performance of 5.3 Gbps. The firewall features eight integrated RJ-45 interfaces, two SFP interface ports, and two 10G SFP+ interfaces. IPsec VPN performance is 2.4 Gbps and the appliance allows 600K simultaneous sessions, 28,000 new connections/second, and a maximum of 800 VPN peers.

Cisco Firepower 2100 Series NGFW Firewalls
Cisco's Firepower 2100 Series NGFW Firewalls are 1RU units intended for use at the Internet edge or the data center. Appliances in this series feature a dual multicore CPU architecture that allows them to offer 3-6X faster performance than Cisco ASA 5545-X to ASA 5555-X models they are designed to succeed. Onsite management can be done with Cisco Firepower Device Manager. All Firepower 2100 Series NGFW Firewalls include 12 RJ45 ports and four SFP ports. These firewalls include one integrated 10/100/1000 Ethernet port for management, an RJ-45 console interface, and one USB port. High availability is supported as well as VPN load balancing.

Cisco's Firepower 2110 model firewall has four built-in 1 Gb SFP Ethernet ports and 100 GB of storage. The 2110 delivers 2.6 Gbps firewall throughput and 800 Mbps IPsec VPN performance and supports 1 million simultaneous sessions, 18,000 new connections per second, and a maximum of 1,500 VPN peers. Cisco's Firepower 2120 model firewall includes 12 built-in 10M/100M/1GBASE-T Ethernet RJ-45 ports, four integrated 1G SFP Ethernet interface ports, and 100 GB of storage. The 2120 offers 3.4 Gbps firewall performance and 1 Gbps IPsec VPN performance and enables 1.5 million simultaneous sessions, 28,000 new connections/second and a maximum of 3,500 VPN peers.

Cisco's Firepower 2130 firewall features four integrated 10 Gigabit SFP+ ports and 200 GB of storage. The 2130 also scales via a network module with eight extra interfaces. The Firepower 2130 offers 5.4 Gbps firewall throughput and 1.9 Gbps IPsec VPN throughput and supports two million simultaneous sessions, 30,000 new connections/second, and a maximum of 7,500 VPN peers. Cisco's top-of-the-line Firepower 2140 firewall includes four built-in 10 Gigabit SFP+ ports and 200 GB of storage. The 2140 also scales via a network module with 8 extra interfaces for a maximum of 24 Ethernet interfaces. The 2140 model offers 10.4 Gbps firewall performance and 3.6 1Gbps IPsec VPN performance and supports three million concurrent, 57,000 new connections/second, and as many as 10,000 VPN peers. Both the 2130 and 2140 appliances have the option of dual AC or DC power supplies.

Cisco 3100 Firewall Series
Cisco's 3100 Firewall Series appliances are modular 1RU devices targeted at enterprises who need throughput, high port count, and zero-trust cybersecurity at the Internet edge, the corporate data center, or a private cloud. For maximum availability, all Secure Firewall 3100 Series models allow 8-chassis clustering and work in Active/active or Active/standby mode. The appliances can run Cisco's ASA or Firewall Threat Defense (FTD) software. Integrated I/O for each unit includes 8 10M/100M/1GBASE-T Ethernet interfaces (RJ-45) and 8 1/10 Gigabit (SFP) Ethernet interfaces. Available network modules offer 1/10/25/40G expansion and all models include 900 GB of storage as well as an additional storage slot.

Cisco's Secure Firewall 3110 device offers 18 Gbps firewall throughput and 8 Gbps IPsec VPN throughput. The 3110 supports two million concurrent sessions, 64,000 new connections/second, and a maximum of 3,000 VPN peers. Cisco's 3120 Firewall device delivers 22 Gbps firewall performance and 10 Gbps IPsec VPN performance. The 3120 allows 4 million simultaneous sessions, 98K new connections/second, and as many as 7,000 VPN peers. Cisco's Secure Firewall 3130 model offers 42 Gbps firewall throughput and up to 14 Gbps IPsec VPN performance. The 3130 allows 6 million concurrent sessions, 200K new connections per second, and a maximum of 15,000 VPN peers. Cisco's Secure Firewall 3140 model offers 49 Gbps firewall performance and up to 17 Gbps IPsec VPN throughput. The 3140 supports 10 million simultaneous sessions, 200K new connections per second, and as many as 20K VPN peers.

Cisco Firepower 4100 Series Next-Generation Firewalls
Cisco's Firepower 4100 Series NGFW Firewalls are 1RU rack appliances designed for deployment at the Internet edge. Devices in this line offer 5-10X faster performance than the Cisco ASA 5585-X firewall they are engineered to succeed. Local management can be performed with Firepower Device Manager. All Firepower 4100 Series Next-Generation Firewalls have 8 built-in SFP+ interfaces and all accept a selection of add-in network modules for a maximum of 24 interfaces. All Firepower 4100 Series NGFW Firewalls offer virtual private network load balancing, high availability, and clustering of up to six chassis. These firewalls feature a built-in 1 Gigabit Ethernet interface for network management, one RJ-45 console interface, and one USB interface.

Cisco's Firepower 4110 model firewall has 200 GB of storage and delivers 13 Gbps firewall performance and 6 Gbps IPsec VPN throughput. The 4110 supports 10 million concurrent sessions, 64K new connections per second, and as many as 10K VPN peers. Cisco's Firepower 4112 firewall comes with 400 GB of storage and offers 19 Gbps firewall throughput and 8.5 Gbps IPsec VPN throughput. The 4112 firewall supports 10 million simultaneous sessions, 98K new connections/second, and as many as 10,000 VPN peers. Cisco's newer Firepower 4115 firewall features 400 GB of storage and offers 27 Gbps firewall throughput and 8 Gbps IPsec VPN throughput. The 4115 unit supports 15 million concurrent sessions, 200K new connections/second, and up to 15,000 VPN peers. Cisco's Firepower 4120 firewall comes with 200 GB of storage and delivers 22 Gbps firewall throughput and 19 Gbps IPsec VPN performance. The 4120 unit supports 15 million simultaneous sessions, 118K new connections per second, and as many as 15,000 VPN peers. Cisco's more recent Firepower 4125 model has 800 GB of storage and offers 40 Gbps firewall throughput and 14 Gbps IPsec VPN performance. The 4125 firewall allows 25 million simultaneous sessions, 265K new connections/second, and a maximum of 20K VPN peers.

The Firepower 4140 model firewall comes with 400 GB of storage and delivers 32 Gbps firewall throughput and 13 Gbps IPsec VPN performance. The 4140 firewall allows 25 million simultaneous sessions, 172K new connections per second, and a maximum of 20K VPN peers. Cisco's more recent Firepower 4145 device includes 800 GB of storage and offers 53 Gbps firewall performance and 18 Gbps IPsec VPN performance. The 4145 firewall supports 30 million simultaneous sessions, 350K new connections per second, and as many as 20K VPN peers. The Cisco Firepower 4150 firewall comes with 400 GB of storage and offers 45 Gbps firewall throughput and 14 Gbps IPsec VPN throughput. The 4150 unit supports 30 million simultaneous sessions, 263K new connections/second, and as many as 20K VPN peers.

Cisco Firepower 9300 Series NGFW Firewalls
Cisco's Firepower 9300 Series Next-Generation Firewalls are highly scalable and carrier-grade firewalls. The 3RU enclosure of Firepower 9300 NGFW Series firewalls accepts two network modules and three security modules. Altogether, the Firepower 9300 can hold 24 10-Gigabit Ethernet Enhanced Small Form-Factor Pluggable network interfaces or eight 100G connections. Clustering of up to 5 9300 chassis delivers a total 1.2 Tbps of firewall throughput. The top-of-the-line Cisco Firepower 9300 SM-56 provides 70 Gbps firewall performance and 27 Gbps IPsec VPN performance. The 9300 SM-56 allows 35 million concurrent sessions, 490K new connections per second, and up to 20,000 VPN peers.

Cisco's ASA 5500-X and Legacy Firewalls
Cisco's ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewalls offer integrated firewall, IPsec VPN, and IPS services in single-box devices, delivering a wide array of features to match the security needs of companies ranging from small businesses to enterprises and ISPs. Cisco's ASA 5500-X, ASA 5500 Series, and PIX firewalls allow IT security teams to defend their network edge and offer secure offsite and mobile connectivity while using advanced administration tools built on Cisco's world-class firewall technology.

Cisco's ASA 5500 Series and PIX firewall appliances have arrived at end-of-life (EOL) status but are still widely used in small and mid-size organizations and in a few larger networks. Cisco's ASA 5500-X Next-Generation Firewalls deliver significantly more value and have supplanted Cisco's ASA 5500 and PIX lines of firewalls for new installations. Still, Cisco's older model firewall appliances, if properly managed, continue to deliver a high level of protection by providing a variety of services including stateful firewall, VPN, and IPS.

After Cisco's purchase of Sourcefire, the entire line of Cisco ASA 5500-X devices can be provisioned to enable Firepower Services, based on Sourcefire's Snort technology, which is the market's most deployed network intrusion protection system (IPS). Firepower services bring enhanced capabilities including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and security automation.

Progent's Cisco CCIE-certified infrastructure engineers can assist your organization to support and troubleshoot legacy ASA 5500 and PIX firewall appliances and can also assist you to plan and implement an efficient upgrade to Cisco's ASA 5500-X firewalls with Firepower Services. Progent can also assist you to plan, configure, tune, administer and debug new firewall solutions built on Cisco's latest ASA 5500-X models with Firepower Services. Progent can also assist you to upgrade from your Cisco ASA 5500-X solution to Cisco's latest Firepower Next Generation Firewalls.

Cisco's ASA 5500-X Firewall Product Family
Cisco's extensive line of ASA 5500-X firewalls includes an improved replacement for every rack-mountable model in the older ASA 5500 line of firewalls. Each ASA 5500-X model is suited for the identical market as the corresponding earlier models, which gives most ample choice for selecting a solution that aligns with their security requirements and budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all include 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful security services. All devices in Cisco's ASA 5500-X family deliver dependable protection across any mix of physical, virtual, and cloud deployments.

For additional information about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's support for ASA firewalls, see Firepower integration and debugging consulting

Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances accept either software or hardware modules that support Cisco's Firepower Services, which offer layered defense against sophisticated threats. Cisco's Firepower Services are based on technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA security appliances include:

• Layered defense against familiar and zero-day attacks
• Advanced Malware Protection that uses big data to discover and mitigate security breaches
• A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at users, infrastructure, apps, and content to detect attacks that use simultaneous vectors
• High-resolution Application Visibility and Control (AVC that is aware of thousands of apps and can automatically launch both standard and custom IPS policies depending on the severity of threats

Simpler implementations of Cisco ASA firewalls can be efficiently managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all ASA 5500-X models. ASDM includes an easy-to-use web console for deploying, managing, and debugging ASA 5500-X firewalls and modules.

For more complex environments, ASA 5500-X firewalls with Firepower can be administered with Cisco's Firepower Management Center, available as one or several physical units or virtual appliances. Cisco's Firepower Management Center offers centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names including Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.

Cisco's Firepower Management Center offers capabilities unavailable with Cisco's on-box Adaptive Security Device Manager tool. Additional capabilities include expanded context awareness, Cisco's Advanced Malware Protection with mitigation for client devices, a dashboard that provides dynamic infrastructure visualization, automated policy optimization driven by risk evaluation of threats, advanced IPS, custom application detectors for Application Visibility and Control, customized health notifications, enhanced reporting options, and application interfaces for host input and databases. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be handled using either the on-box ASDM or the ASA command line interface.

Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Adaptive Security Appliances 5500 Series Firewalls leverage engineering behind the PIX 500 family firewall, Cisco's IPS 4200 sensor, and Cisco's VPN 3000 Series concentrator. These technologies converge on the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to deliver a firewall that stops the widest range of attacks. Cisco ASA 5500 Series Firewalls deliver program security, network containment, and clean VPN connectivity across the entire product portfolio. This breadth of protection allows defense of any network section, which includes the most typical attack vectors like remote locations, LAN-attached internal users, and remote connected Virtual Private Networks.

Cisco Adaptive Security Appliances firewalls deliver robust application protection through smart, application-sensitive inspection engines that examine network flows at Layers 4-7. The result is a more secure network including Web, voice, and 3G-mobile wireless connectivity. To protect networks against application-layer assaults and to provide stronger control over the programs and protocols used in their environments, these inspection engines integrate extensive application and protocol knowledgebases and employ security enforcement solutions that include protocol anomaly sensing and application and protocol state tracking. Also included are attack sensing and remediation techniques such as application and protocol command filtering and content verification. Cisco ASA firewall inspection engines also deliver control over instant messaging and peer-to-peer file sharing, allowing businesses to enforce usage policies and free up network bandwidth for important business applications.

For more information about Progent's consulting services for Cisco's ASA 5500 security appliances, go to ASA 5500 series firewalls configuration and debugging services.

PIX Firewalls
Built upon a tested, specialized operating system that delivers rich protection services, Cisco PIX firewall appliances offer excellent protection and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Labs Firewall and IP Security (IPsec) qualification. Cisco PIX security appliances offer security for a wide range of VoIP and other multimedia conventions including H.323 Version 4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol (MGCP), enabling organizations to safeguard installations of a wide array of current and upcoming IP voice and video applications.

IT managers can furthermore remotely set up, monitor, and analyze Cisco PIX security appliances using a CLI interface. Safe command-line interface access is possible through a number of methods including Secure Shell Protocol, Telnet through IP Security (IPsec), and out-of-band via a console port. Cisco PIX firewall appliances also include dependable auto-update capabilities, a set of revolutionary secure remote-management services that make sure that security settings and software images are kept up to date.

For additional information about Progent's support services for PIX 500 firewalls, visit Cisco PIX 500 firewalls configuration and debugging services.

Progent's Migration Consulting Services for Cisco Firewalls
Since Cisco has stopped selling the PIX and ASA 5500 product lines, many businesses are concerned about depending on a critical security mechanism that might stop being supported. Cisco ASA 5500-X and Firepower NGFW Series firewalls have the benefit of being current products and also bring several functions and economic benefits in comparison to PIX 500 firewalls. These benefits include substantially higher performance, optional Secure Sockets Layer VPN support, and a modular design that protects your investment by enabling you to self-install new security services whenever you require them. Progent's Cisco experts can help you to determine the business case for upgrading from PIX 500 or Cisco ASA 5500 security appliances, design a migration plan that allows for a quick and seamless changeover, help you to install new ASA 5500-x Series or Firepower Series appliances, and provide remote training, consulting, and technical support services.

Additional Ways Progent Can Help You with Cisco ASA and PIX Security Appliances
Cisco's Firepower Series, ASA 5500 Series, and PIX family security appliances provide an array of configuration, tracking, and analysis features which give you the flexibility to configure these firewalls to align optimally with your business needs. Progent's CCIE certified network experts can help you to design an efficient infrastructure that includes Cisco firewall technology and that offers world-class protection, resilience, throughput, and recoverability. Progent's GISA and CISM-certified information security engineers can assist your business to develop a security strategy appropriate for your situation and can set up your firewall to enforce your security policies. Progent's security evaluation consultants can evaluate the strength of your existing firewall deployment and audit the security of your entire information system environment. Progent's Technical Response Center can provide urgent online technical support for Cisco products and can give you quick access to a Cisco expert.

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

• Check Point Software Consulting
• Watchguard Consulting
• Juniper Networks NetScreen and SSG Firewall Consulting
• SonicWall Consulting
• Symantec Raptor Consulting

• Overview of Progent's Cisco Consulting Services
• Timely Online Assistance from a CCIE Consultant
• Cisco Firepower Series Firewalls: Integration and Troubleshooting Expertise
• ASA 5500-X Firewalls with Cisco Firepower: Consulting and Management Services
• Cisco ASA 5500 Series Firewall Engineering Support
• Cisco Routers Engineering Support
• Cisco Wireless Consulting Help
• Aironet Wireless Access Points Deployment Support
• Cisco Small Business 100, 300 and 500 Wireless Access Points System Design Services
• Cisco Catalyst 802.11ax Wireless APs Planning, Configuration and Debugging Services
• Cisco Wireless Controllers Support Services
• Meraki Access Points Consulting Help
• Cisco Unified Communications Manager (CUCM or Unified CM) and Cisco CallManager Consulting and Troubleshooting
• Cisco Voice over IP Phones and IP Video Desktop Phones Expertise and Wireless VoIP Phone Solutions
• Cisco Jabber Deployment Expertise
• Cisco Catalyst Switches Consulting and Support Expertise
• Cisco Nexus Switches Support and Troubleshooting Expertise
• Cisco Meraki MS Switches Configuration and Maintenance Services
• Cisco VPN Engineering Help
• SIP and CUBE Infrastructure Solutions: SIP Trunks and Cisco CUBE Integration Consulting
• Infrastructure Design for Cisco-powered Datacenters
• Network Design Services for ISPs
• Remote Management Techniques for Cisco-based Infrastructure

For more information about Progent's consulting and support services for Cisco technology, call 1-800-993-9400 or visit Contact Progent.

Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is intended to guide you to complete the urgent first step in mitigating a ransomware assault by containing the malware. Progent's online ransomware engineer can help businesses to identify and isolate breached servers and endpoints and protect clean assets from being compromised. If your system has been penetrated by any version of ransomware, don't panic. Get help quickly by calling Progent's Ransomware Hot Line at 800-462-8800. For details, visit Progent's Ransomware 24x7 Hot Line.