Cisco Network Consultants

Cisco is a perennial leader in developing state-of-the-art firewalls for the widest possible variety of environments. Cisco's Firepower Next Generation Firewalls provide a modern firewall solution that marshals sophisticed hardware, cloud services, and machine learning to anticipate, identify, and respond to cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall consultants can assist your organization to design and carry out a smooth migration to Cisco Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and show you how to enhance Firepower appliances with Cisco's subscription-based security services to build and centrally manage network ecosystems that encompass branch offices, data centers, and cloud resources. Progent can also help you to maintain and debug older-generation Cisco security appliances. Progent's certified network security experts can help you with policy creation driven by leading practices in order to establish a consistent security posture across all your endpoints at any location.

Cisco's Firepower NGFW Firewalls
Cisco's comprehensive family of Firepower NGFW firewalls delivers modern security and unified management at price points, speed, and expandability suitable for environments ranging from home offices and small businesses to major enterprises and service providers. Cisco's Firepower NGFWs Firewalls deliver a significant performance improvement compared to Cisco's previous-generation security appliances and include unified management and automation of advanced cybersecurity features like application visibility and control (AVC), next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection (AMP), URL filtering, and sandboxing.

All Firepower NGFW firewalls incorporate a one-pass design and permit continuous analysis and retrospective identification, which allows the firewalls to initiate outbreak management and to uncover root causes. Firepower Next-Generation firewalls also have the option of URL Filtering and sandboxing for finding elusive threats, IoCs, and malware artifacts. Next-Generation IPS rule tuning and firewall policy are performed automatically, eliminating the need for time-consuming intervention by IT security specialists. All Firepower NGFW firewalls give you the option of using either Firepower Threat Defense or Cisco Adaptive Security Appliance software. Unified configuration, logging, system monitoring, and reporting capabilities can be managed either via Management Center or in the cloud with Defense Orchestrator.

Cisco Firepower 1000 Series NGFW Firewalls
Cisco Firepower Next-Generation 1000 Series Firewalls are intended for small businesses, home offices, or branch offices. Firewalls in this series offer improved price/performance vs. corresponding Cisco ASA models, delivering 4-6X higher firewall throughput. Local management can be done with Firepower Device Manager. These appliances include an integrated 10/100/1000 Ethernet interface for management, an RJ-45 console port, a USB 3.0 Type-A connection, and 200 Gbytes of storage. High availability is supported along with virtual private network load balancing. For more specs, see Cisco Firepower 1000 Series NGFW firewalls consulting and management expertise.

Cisco Firepower 2100 Series Next-Generation Firewalls
Cisco's Firepower 2100 Series NGFW Firewalls are 1RU appliances intended for use at the Internet edge. Firewalls in this line feature a dual multicore CPU design that enables them to deliver 3-6X faster throughput than Cisco ASA 5545-X to ASA 5555-X firewalls they are designed to succeed. Onsite management can be done using Cisco Firepower Device Manager. All Firepower 2100 Series NGFW Firewalls incorporate 12 RJ45 interfaces and four SFP ports. These appliances include one integrated 10M/100M/1GBASE-T Ethernet interface for network management, an RJ-45 console port, and one USB 2.0 Type-A interface. Active/standby high availability is supported as well as virtual private network load balancing. For additional specs, see Cisco Firepower 2100 Series NGFW firewalls consulting and troubleshooting services.

Cisco Firepower 4100 Series Next-Generation Firewalls
Cisco's Firepower 4100 Series Next-Generation Firewalls are 1RU units designed for use at the Internet edge. Devices in this series deliver 5-10X higher throughput than the Cisco ASA 5585-X firewall they are engineered to replace. Onsite management can be performed with Firepower Device Manager. All Firepower 4100 Series NGFW Firewalls have 8 built-in SFP+ interfaces and all accept a selection of plug-in network modules for up to 24 ports. All Firepower 4100 Series Next-Generation Firewalls support VPN load balancing, high availability, and clustering of as many as six chassis. These security appliances include a built-in 1 Gigabit Ethernet port for network management, an RJ-45 console port, and one USB connection. For more details, refer to Cisco Firepower 4100 Series Next-Generation firewalls consulting and management expertise.

Cisco Firepower 9300 Series Next-Generation Firewalls
Cisco's Firepower 9300 Series NGFW Firewalls are highly scalable and ultra-high performing firewalls. The 3 Rack Units enclosure of Firepower 9300 NGFW Series firewalls can hold two network modules as well as three security modules. Fully loaded, the 9300 can hold 24 10-Gigabit Ethernet Enhanced Small Form-Factor Pluggable ports or eight 100G ports. Clustering of up to 5 chassis delivers a total 1.2 Tbps of firewall throughput. The top-of-the-line Cisco Firepower 9300 SM-56 delivers 70 Gbps firewall performance and 27 Gbps IPsec VPN performance. The 9300 SM-56 allows 35 million concurrent sessions, 490K new connections per second, and a maximum of 20K VPN peers.

Firepower Services
Cisco's Firepower NGFW firewalls work with software or hardware modules that support Firepower Services, which offer layered protection against sophisticated threats. Firepower Services are powered by technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services include:

• Layered protection against both familiar and new attacks
• Cisco's Advanced Malware Protection that uses big data to find and remediate intrusions
• Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at clients, network infrastructure, software applications, and content to discover threats that use simultaneous approaches
• Fine-grained Application Visibility and Control that is familiar with thousands of apps and can automatically launch both standard and customized IPS policies depending on the degree of threats

Smaller implementations of Cisco's Firepower Series firewalls can be effectively managed using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility provided with all NGFW firewall versions. ASDM provides a simple web dashboard for deploying, managing, and debugging NGFW devices and modules.

For more complex deployments, NGFW appliances with Firepower Services can be administered with Cisco's Firepower Management Center, available as one or more physical or virtual appliances. Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names including Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.

Firepower Management Center appliance provides features beyond those available with Cisco's on-device ASDM tool. Additional capabilities include expanded context awareness, Advanced Malware Protection with mitigation for client devices, a console that offers dynamic network visualization, automated policy tuning driven by risk assessment of threats, comprehensive IPS, custom application discovery for Application Visibility and Control, customized health alerts, improved reporting options, and APIs for host input and databases. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be handled using the on-device ASDM or the Firepower command line interface.

Progent's Migration Consulting Support for Cisco Firepower Firewalls
Since Cisco has stopped selling the PIX 500 and ASA 5500 product lines, many businesses are uncomfortable with depending on a key infrastructure mechanism that may no longer be supported by Cisco. Firepower Series security appliances have the advantage of being current devices and also bring multiple functions and budgetary benefits in comparison to legacy firewalls. These benefits include significantly higher performance, optional Secure Sockets Layer VPN capability, and an expandable design that protects your investment by allowing you to self-install more security features whenever you need them. Progent's Cisco certified experts can assist your company to determine the strategic case for upgrading from PIX 500 or ASA 5500 security appliances, design a migration process that permits a quick and non-disruptive upgrade, assist your IT staff to install new Firepower NGFW Series firewalls, and provide remote training, consulting, and troubleshooting services.

Other Ways Progent Can Support Your Cisco Firewalls
Cisco Firepower Series firewalls provide an array of setup, tracking, and troubleshooting features which give you the flexibility to configure these firewalls to align optimally with your business requirements. Progent's CCIE authorized network professionals can assist you to build an efficient network infrastructure that incorporates Cisco firewalls and that provides world-class protection, fault tolerance, throughput, and manageability. Progent's GISA and CISSP-ISSP-premier information security consultants can help your business to develop a security policy appropriate for your environment and can set up your PIX or ASA firewall to enforce your security strategy. Progent's risk assessment professionals can assess the effectiveness of your existing firewall solution and audit the overall security of your whole information system network. Progent’s Help Desk support team can deliver urgent remote troubleshooting for Cisco technology and offer quick access to a Cisco CCIE network engineer.

Progent can provide remote or onsite consulting services and is available for as-needed guidance to help you resolve a challenging IT impasse or Progent offers end-to-end project management and co-management support to make sure your firewall initiative is performed on time and within budget.

For more information concerning Progent's consulting assistance for Cisco technology, pick a topic:

• Introduction to Cisco Expertise
• Fast and Affordable Remote Support from a Cisco CCIE Consultant
• ASA 5500-X Series Firewall with Cisco Firepower Services: Configuration and Troubleshooting Support
• Cisco ASA 5500 Firewall Engineering Support
• PIX 500 Series Firewall Management Support
• Cisco Routers Configuration and Troubleshooting Expertise
• Cisco Wireless Network Design Support
• Aironet Wireless Access Points Consulting Expertise
• Cisco Small Business WiFi APs Deployment Help
• Cisco Wireless Controllers Experts
• Meraki Access Points Deployment Support
• Cisco Unified Communications Manager (CUCM or Unified CM) and Cisco CallManager Configuration and Troubleshooting
• Cisco VoIP Phones and IP Video Phones Expertise and Cisco Wireless VoIP Phone Configuration
• Cisco Jabber Configuration and Troubleshooting Expertise
• Catalyst Switches Deployment Services
• Cisco Nexus Switches Consulting and Support Services
• Cisco Meraki Switches Configuration and Maintenance Services
• Cisco Security and VPN Setup and Troubleshooting Help
• SIP and CUBE Integration Solutions: SIP PSTN Trunks and Cisco CUBE Integration Consulting
• Design Expertise for Cisco-powered Datacenters
• Data Center Design Consulting for Service Providers
• Remote Management Techniques for Cisco Infrastructure