Cisco is a long-time leader in developing state-of-the-art firewall appliances for the widest possible range of deployments. Cisco's Firepower Next Generation Firewall (NGFW) security appliances provide an advanced cybersecurity solution that combines sophisticed hardware, cloud-based services, and machine learning to anticipate, identify, and mitigate cyberthreats automatically. Progent's Cisco-certified CCIE-certified firewall experts can help your organization to design and carry out a smooth migration to Cisco Firepower firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and show you how to enhance Firepower firewalls with Cisco's security services to build and centrally manage network environments that encompass branch offices, data centers, and cloud resources. Progent can also assist you to manage and troubleshoot legacy Cisco security appliances. Progent's certified network security consultants can help you with policy creation driven by industry best practices in order to establish a consistent security profile that applies to all your networked devices anywhere.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's family of Firepower Next-Generation Firewalls offer modern protection and unified management at price points, speed, and scale to fit deployments spanning branch offices and small businesses to global enterprises and Internet service providers. Cisco's Firepower NGFW appliances deliver a significant performance improvement compared to Cisco's previous-generation security appliances and offer centralized management of modern cybersecurity capabilities like application visibility and control (AVC), next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection (AMP), URL filtering, and sandboxing.
All Firepower Next-Generation firewalls incorporate a one-pass design and support continuous inspection and retrospective identification, which allows the firewalls to provide outbreak management and to pinpoint patient zero. Firepower Next-Generation firewalls also offer URL Filtering and sandboxing for finding elusive threats, IoCs, and malware artifacts. Next-Generation IPS rule tuning and network firewall policy are automated, eliminating the need for time-consuming intervention by cybersecurity specialists. All Firepower Next-Generation firewalls offer the option of using either Firepower Threat Defense or Adaptive Security Appliance software. Centralized deployment, logging, system monitoring, and reporting functions can be managed either by Management Center or in the cloud with Defense Orchestrator.
Cisco Firepower 1000 Series NGFW Firewalls
Cisco Firepower NGFW 1000 Series Firewalls are targeted at small businesses, home offices, or branches. Firewalls in this series offer improved price/performance vs. corresponding Cisco ASA firewalls, providing 4-6X higher firewall throughput. Local management can be done using Cisco Firepower Device Manager. 1000 Series firewalls feature an integrated 10/100/1000 RJ-45 Ethernet port for management, an RJ-45 console interface, a USB 3.0 Type-A connection, and 200 Gbytes of storage. Active/active and Active/standby high availability is provided along with VPN load balancing.
Cisco's Firepower 1010 model is a desktop or wall-mount, quiet appliance that delivers 890 Mbps throughput, Application Visibility/Control (AVC), and Next Generation Intrusion Prevention System (NGIPS). The appliance includes 8 integrated RJ-45 I/O interfaces, two of them with POE+. IPsec VPN performance is 400 Mbps and the unit supports 100K concurrent sessions, 6,000 new connections per second, and up to 75 VPN peers. The Firepower 1120 firewall is a 1RU device that delivers firewall throughput of 2.3 Gbps. The unit comes with eight RJ45 built-in I/O ports and four SFP ports. IPsec VPN throughput is 1.2 Gbps and the appliance allows 200K concurrent sessions, 15,000 new connections/second with Application Visibility/Control, and as many as 150 VPN peers.
The Firepower 1140 firewall is a 1RU device that delivers firewall throughput of 3.3 Gbps. The unit comes with eight built-in RJ-45 ports and four SFP interface ports. IPsec VPN throughput is 1.4 Gbps and the appliance allows 400K simultaneous sessions, 22K new connections/second with Application Visibility/Control, and a maximum of 400 VPN peers. The Firepower 1150 firewall is a 1RU rackmount appliance that offers firewall throughput of 5.3 Gbps. The appliance comes with eight integrated RJ-45 interfaces, two SFP ports, and two 10G SFP+ interface ports. IPsec VPN throughput is 2.4 Gbps and the unit can handle 600K simultaneous sessions, 28,000 new connections/second, and up to 800 VPN peers.
Cisco Firepower 2100 Series Next-Generation Firewalls
Cisco's Firepower 2100 Series NGFW Firewalls are 1RU units intended for operation at the Internet edge or the data center. Appliances in this family have a dual multicore CPU architecture that enables them to offer 3-6X faster performance than Cisco ASA 5545-X to ASA 5555-X firewalls they are engineered to replace. Onsite management can be done with Cisco Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls include 12 RJ45 interfaces and four SFP interfaces. These units include one integrated 10/100/1000 RJ-45 Ethernet interface for network management, an RJ-45 console port, and one USB port. High availability is supported as well as VPN load balancing.
The Firepower 2110 model firewall includes four integrated 1 Gigabit SFP Ethernet ports and 100 GB of storage. The 2110 offers 2.6 Gbps firewall throughput and 800 Mbps IPsec VPN performance and supports 1 million concurrent sessions, 18,000 new connections/second, and as many as 1,500 VPN peers. Cisco's Firepower 2120 model firewall comes with 12 integrated 10M/100M/1GBASE-T RJ-45 interfaces, four built-in 1G SFP Ethernet ports, and 100 GB of storage. The 2120 delivers 3.4 Gbps firewall throughput and 1 Gbps IPsec VPN performance and permits 1.5 million simultaneous sessions, 28,000 new connections/second and a maximum of 3,500 VPN peers.
Cisco's Firepower 2130 model firewall has four built-in 10 Gigabit SFP+ interfaces and 200 GB of storage. The unit also accepts a network module with 8 additional interfaces. The Firepower 2130 delivers 5.4 Gbps firewall throughput and 1.9 Gbps IPsec VPN throughput and supports two million concurrent sessions, 30,000 new connections per second, and as many as 7,500 VPN peers. Cisco's high-end Firepower 2140 firewall features four built-in 10G SFP+ interfaces and 200 GB of storage. The 2140 also scales via a network module with 8 extra interface ports for a maximum of 24 Ethernet interfaces. The 2140 model offers 10.4 Gbps firewall throughput and 3.6 1Gbps IPsec VPN throughput and supports 3 million simultaneous, 57,000 new connections/second, and a maximum of 10,000 VPN peers. Both the 2130 and 2140 appliances have the option of dual AC or DC power supplies.
Cisco Secure Firewall 3100 Series
Cisco's Secure Firewall 3100 Series models are modular 1RU units targeted at large companies who require performance, high port density, and zero-trust cybersecurity at the Internet edge, the data center, or a private cloud. For maximum uptime, all Secure Firewall 3100 Series appliances support 8-device clustering and operate in either Active/active or Active/standby mode. The units can run Cisco's ASA or Firewall Threat Defense software. Built-in I/O for each unit includes eight 10M/100M/1GBASE-T Ethernet ports (RJ-45) and 8 1/10 Gigabit Ethernet interface ports. Available network modules offer 1/10/25/40G options and all versions include 900 GB of storage as well as a spare storage expansion slot.
Cisco's 3105 Firewall device delivers 10 Gbps firewall throughput and 5.5 Gbps IPsec VPN throughput. The 3105 supports 1.5 million concurrent sessions, 90,000 new connections per second, and as many as 2,000 VPN peers. Cisco's Secure Firewall 3110 model delivers 10 Gbps firewall performance and 8 Gbps IPsec VPN throughput. The 3110 supports 2 million simultaneous sessions, 130,000 new connections per second, and up to 3,000 VPN peers. Cisco's Secure Firewall 3120 model offers 21 Gbps firewall performance and 10 Gbps IPsec VPN performance. The 3120 allows 4 million concurrent sessions, 170,000 new connections/second, and a maximum of 7,000 VPN peers. Cisco's 3130 Firewall device offers 42 Gbps firewall performance and up to 14 Gbps IPsec VPN throughput. The 3130 supports 6 million simultaneous sessions, 200K new connections per second, and a maximum of 15,000 VPN peers. The 3130 firewall includes 8 1/10/25G SFP+ interfaces. Cisco's 3140 Firewall device offers 49 Gbps firewall throughput and up to 17 Gbps IPsec VPN performance. The 3140 supports 10 million simultaneous sessions, 200K new connections per second, and a maximum of 20K VPN peers. The 3140 has eight 1/10/25G SFP+ ports.
Cisco Firepower 4100 Series Next-Generation Firewalls
Cisco's Firepower 4100 Series Next-Generation Firewalls are single-rack appliances intended for deployment at the Internet edge. Appliances in this line deliver 5-10X faster throughput than the Cisco ASA 5585-X firewall they are designed to succeed. Onsite management can be done with Cisco Firepower Device Manager. All Firepower 4100 Series NGFW Firewalls include 8 integrated SFP+ interfaces and all accept a selection of plug-in network modules for a maximum of 24 interfaces. All Firepower 4100 Series NGFW Firewalls support virtual private network load balancing, high availability, and clustering of as many as six chassis. These firewalls include a built-in 1 Gigabit Ethernet interface for management, one RJ-45 console port, and one USB interface.
The Firepower 4110 firewall features 200 GB of storage and offers 13 Gbps firewall performance and 6 Gbps IPsec VPN performance. The 4110 model allows 10 million concurrent sessions, 64K new connections/second, and as many as 10K VPN peers. Cisco's Firepower 4112 firewall comes with 400 GB of storage and offers 19 Gbps firewall throughput and 8.5 Gbps IPsec VPN throughput. The 4112 firewall allows 10 million concurrent sessions, 98K new connections per second, and up to 10,000 VPN peers. Cisco's Firepower 4115 firewall includes 400 GB of storage and delivers 33 Gbps firewall throughput and 8 Gbps IPsec VPN throughput. The 4115 unit allows 15 million simultaneous sessions, 210K new connections/second, and a maximum of 15,000 VPN peers. Cisco's Firepower 4120 firewall features 200 GB of storage and delivers 22 Gbps firewall performance and 19 Gbps IPsec VPN throughput. The 4120 unit allows 15 million simultaneous sessions, 118K new connections per second, and a maximum of 15,000 VPN peers. Cisco's Firepower 4125 model has 800 GB of storage and delivers 45 Gbps firewall throughput and 19 Gbps IPsec VPN throughput. The 4125 unit allows 25 million concurrent sessions, 269K new connections/second, and a maximum of 20K VPN peers.
The Firepower 4140 model firewall features 400 GB of storage and delivers 32 Gbps firewall throughput and 13 Gbps IPsec VPN throughput. The 4140 unit supports 25 million simultaneous sessions, 172K new connections/second, and up to 20K VPN peers. Cisco's newer Firepower 4145 device comes with 800 GB of storage and offers 53 Gbps firewall performance and 24 Gbps IPsec VPN throughput. The 4145 unit supports 30 million simultaneous sessions, 365K new connections/second, and as many as 20K VPN peers. Cisco's Firepower 4150 unit features 400 GB of storage and offers 45 Gbps firewall throughput and 14 Gbps IPsec VPN performance. The 4150 firewall supports 30 million simultaneous sessions, 263K new connections/second, and up to 20K VPN peers.
Cisco Secure Firewall 4200 Family
Cisco's Secure Firewall 4200 appliances are expandable 1RU firewalls designed for deployment at enterprise campuses and data centers that need high-end performance, manageability, and scalability. Cisco's Secure Firewall 4200 Series appliances offer more than twice the throughput of prior generation firewalls from Cisco and offer high port density. As many as 8 units can be clustered for high availability and future expansion. Crypto accelerator enables traffic decryption in real time, and zero trust application access (ZTAA) can provide comprehensive threat inspection for apps. 4200 Series firewalls can be managed locally by the Firewall Management Center or in the cloud with Cisco Defense Orchestrator. Every 4200 model includes 8x 1/10/25 Gigabit Ethernet integrated ports and has two interface module bays for easy expansion. As many as 24 total Ethernet connections are supported. Each firewall device comes with 1.8 TB x 2 storage.
Cisco's Secure Firewall 4215 product is designed for enterprise campuses with strong growth expectations. The device delivers 90 Gbps firewall stateful inspection throughput and 45 Gbps max IPsec VPN throughput. The Secure Firewall 4215 allows 15 million concurrent firewall connections, 350 K new connections each second, and as many as 20,000 VPN peers. Cisco's Secure Firewall 4225 product is built for large enterprise data centers. The appliance delivers 95 Gbps firewall throughput and 80 Gbps IPsec VPN performance. The 4225 model allows 30 million concurrent firewall connections, 600 K new connections each second, and as many as 25,000 VPN peers. The Secure Firewall 4245 device is intended for service providers who support a high volume of traffic. Cisco's 4245 offers 180 Gbps firewall throughput and 140 Gbps IPsec VPN throughput. The 4245 allows 60 million simultaneous firewall connections, 800 K new connections each second, and up to 30,000 VPN peers.
Cisco Firepower 9300 Series Next-Generation Firewalls
Cisco's Firepower 9300 Series Next-Generation Firewalls are massively scalable and ultra-high performing firewalls. The 3RU chassis of Firepower 9300 Next-Generation Series firewalls accepts two add-in network modules and three security modules. Altogether, the Firepower 9300 can support 24 10-Gigabit SFP+ network interfaces or eight 100G connections. Clustering of up to 5 9300 chassis delivers a total 1.2 Tbps of firewall throughput. The top-of-the-line Cisco Firepower 9300 SM-56 x 3 delivers 235 Gbps firewall performance and 27 Gbps IPsec VPN performance. The 9300 SM-56 allows 195 million concurrent sessions, 4.75 M new connections per second, and up to 20,000 VPN peers.
Cisco's ASA 5500-X Series and Legacy Firewalls
Cisco's ASA 5500-X, ASA 5500 Series, and PIX firewalls offer integrated firewall, IPsec VPN, and intrusion prevention system services in single-box packages, delivering a broad array of features to match the security and compliance needs of companies from small and mid-size businesses to enterprises and ISPs. Cisco's ASA 5500-X Series, ASA 5500, and PIX 500 firewalls allow IT security teams to protect their network perimeter and offer secure remote access while using advanced administration mechanisms based on Cisco's world-class firewall products.
Cisco's ASA 5500 and PIX firewalls have arrived at end-of-life status but are still widely used in smaller businesses and in some enterprise networks. Cisco's ASA 5500-X Series Next-Generation Firewalls deliver significantly more bang for the buck and have supplanted Cisco's ASA 5500 and PIX lines of firewalls for new installations. However, Cisco's legacy firewall appliances, if properly maintained, continue to deliver a high level of protection by supplying multiple security functions such as stateful firewall, IPsec VPN, and IPS.
After Cisco's acquisition of Sourcefire, the entire line of Cisco ASA 5500-X devices can be provisioned to support Firepower Services, built on Sourcefire's Snort product, which is the market's most popular network intrusion protection system (IPS). Firepower services provide powerful new capabilities including advanced malware protection (AMP), URL filtering, real-time threat analytics, and automation.
Progent's Cisco CCIE-certified infrastructure engineers can help you to maintain and debug older ASA 5500 Series and PIX 500 firewall appliances and can also help you to design and carry out an efficient upgrade to Cisco's ASA 5500-X Series firewalls with Firepower Services. Progent can also help you to design, integrate, tune, manage and troubleshoot new firewall solutions built on Cisco's latest ASA 5500-X models with Firepower Services. Progent's firewall consultants can also assist your organization to upgrade from your Cisco ASA 5500-X solution to Cisco's Firepower Next Generation Firewalls.
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X firewalls includes an improved replacement for each rack-mountable unit in the previous ASA 5500 generation of devices. Each ASA 5500-X firewall is suited for the identical environment as the corresponding earlier models, which gives most plenty of choice for picking a firewall that meets their security needs and IT budgets. All ASA 5500-X products build on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and are capable of running Cisco's powerful protection services. All models in Cisco's ASA 5500-X family deliver consistent security across any combination of physical, virtual, and cloud environments.
For more information about Cisco's ASA 5500-X security appliances, Firepower services, and Progent's support for Cisco ASA firewalls, see Cisco Firepower configuration and debugging consulting
Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X firewalls work with software or hardware modules that enable Cisco's Firepower Services, which provide layered defense against advanced attacks. Cisco's Firepower Services are based on technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X firewalls include:
Simpler implementations of Cisco ASA 5500-X firewalls can be efficiently administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool included with all ASA 5500-X models. ASDM includes a convenient web console for deploying, managing, and troubleshooting ASA 5500-X firewalls and service modules.
For multi-device and multi-site deployments, ASA 5500-X appliances with Firepower Services can be administered with Cisco's Firepower Management Center, implemented as one or more physical or virtual appliances. Firepower Management Center offers unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names that include Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center provides capabilities beyond those available with Cisco's on-box ASDM utility. Additional features include expanded context awareness, Cisco's Advanced Malware Protection with mitigation for user devices, a dashboard that offers dynamic network visualization, automated policy tuning based on risk assessment of attacks, advanced IPS, custom app discovery for Application Visibility and Control, customized health notifications, enhanced reporting options, and application interfaces for host input and database access. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's ASA 5500-X on-device ASDM or the ASA CLI.
Cisco ASA 5500 Series Firewalls
Cisco Adaptive Security Appliances 5500 Series Firewalls build on engineering developed for the PIX 500 Security Appliance, Cisco's IPS 4200 sensor, and Cisco's VPN 3000 family concentrator. These technologies enable the Cisco ASA Firewall family to deliver a firewall that defends against the widest range of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide program protection, local containment, and safe VPN connectivity throughout the entire product portfolio. This broad scope of security allows the guarding of any network segment, including the most typical threat conduits like remote locations, LAN-attached inside users, and off-site connected VPNs.
Cisco ASA 5500 Series firewalls deliver a high-level of application security via smart, application-sensitive inspection processes that examine network flows at Layers 4-7. This results in a safer network including Web, voice, and mobile wireless services. To protect networks against application-layer assaults and to offer better policing of the applications and protocols used in their networks, these inspection engines integrate broad application and protocol knowledge and rely on protection enforcement solutions such as protocol anomaly sensing and state tracking. Also included are attack sensing and mitigation techniques such as application and protocol command filtering and content verification. Cisco Adaptive Security Appliances (ASA) firewall inspection engines also deliver control over IM and peer-to-peer file sharing, allowing organizations to enforce usage policies and recover network bandwidth for crucial business applications.
For more information about Progent's support services for ASA 5500 security appliances, visit Cisco ASA 5500 series firewalls integration and debugging support.
Cisco PIX Firewalls
Based around a tested, specialized software platform that delivers a wealth of security services, Cisco PIX security appliances provide a high level of protection and have received EAL 4 status and ICSA Firewall and IPsec qualification. PIX security appliances offer protection for a broad range of VoIP and additional multimedia standards including H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), and MGCP, helping organizations to safeguard installations of a broad range of contemporary and next-generation IP voice and mixed-media applications.
Administrators can also remotely set up, monitor, and troubleshoot PIX security appliances via a command-line interface. Secure command-line interface communication is available through a number of methods including SSHv2 Protocol, Telnet through IP Security (IPsec), and out-of-band through a console port. PIX security appliances also include robust automatic-update features, a set of revolutionary secure remote-management services that ensure security configurations and software images are kept up to date.
For additional details about Progent's support services for Cisco PIX 500 firewalls, see PIX 500 firewalls configuration and debugging support.
Progent's Migration Support for Cisco Firewalls
Because Cisco has stopped offering the PIX and ASA 5500 families of firewalls, many companies are uncomfortable with relying on a key security mechanism that might stop being supported. Cisco ASA 5500-X and Firepower NGFW Series security appliances offer the advantage of being current devices and also offer several functions and economic benefits in comparison to PIX firewalls. These benefits include substantially higher throughput, optional SSL VPN support, and a modular design that protects your investment by enabling you to self-install more security features when and if you require them. Progent's Cisco certified network engineers can assist you to determine the strategic value of for migrating from PIX or Cisco ASA 5500 security appliances, design a migration process that permits a quick and seamless upgrade, help you to install new ASA 5500-x Series or Firepower NGFW Series firewalls, and provide remote training, consulting, and troubleshooting services.
Other Ways Progent Can Help Your Business with Cisco Firewalls
Cisco Firepower Series, ASA Series, and PIX family security appliances incorporate an array of setup, tracking, and troubleshooting options that offer you the flexibility to configure these firewalls to match your company's requirements. Progent's CCIE certified network experts can assist you to build a cost-effective network infrastructure that incorporates Cisco firewall technology and that provides advanced security, resilience, throughput, and recoverability. Progent's CISA and CISM-certified information security consultants can help you to create a security policy that makes sense for your environment and can configure your PIX or ASA firewall to support your security strategy. Progent's security assessment professionals can assess the effectiveness of your current firewall deployment and validate the security of your whole information system environment. Progent's Technical Response Center (TRC) can provide emergency online troubleshooting for Cisco technology and can give you fast access to a Cisco CCIE expert.
Integration of Cisco and Third-party Firewall Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
For more information about Progent's consulting and support services for Cisco technology, call
Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is intended to guide you to carry out the time-critical first step in responding to a ransomware assault by containing the malware. Progent's remote ransomware expert can help you to identify and quarantine breached devices and guard undamaged resources from being compromised. If your system has been penetrated by any version of ransomware, don't panic. Get immediate help by calling Progent's Ransomware Hot Line at 800-462-8800. For details, see Progent's Ransomware 24x7 Hot Line.