Cisco is a long-time front-runner in developing cutting-edge firewalls for the broadest possible variety of environments. Cisco's Firepower NGFWs Firewalls represent an advanced cybersecurity solution that marshals sophisticed hardware, cloud services, and machine learning to block, discover, and mitigate threats without manual intervention. Progent's Cisco-certified CCIE-certified firewall consultants can help your organization to design and carry out an efficient migration to Cisco Firepower firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and show you how to integrate Firepower appliances with Cisco's cloud-based services to build and centrally control network environments that span local offices, data centers, and cloud resources. Progent's firewall consultants can also help you to manage and troubleshoot legacy Cisco security appliances. Progent's certified network security consultants can assist you with policy creation and tuning based on leading practices in order to build a consistent cybersecurity posture across all your networked devices at any location.
Cisco's Firepower NGFW Firewalls
Cisco's comprehensive portfolio of Firepower NGFW firewalls offers modern protection and centralized management at price points, performance levels, and scale to fit deployments ranging from branch offices and small organizations to major enterprises and Internet service providers. Cisco's Firepower Next Generation Firewalls provide a major performance boost compared to Cisco's previous-generation security appliances and include unified control of advanced cybersecurity features like application visibility, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection (AMP), DDoS mitigation, and sandboxing.
All Firepower NGFW firewalls incorporate a single-pass architecture and permit continuous inspection and retrospective detection, which allows the firewalls to provide outbreak controls and to pinpoint patient zero. Firepower NGFW firewalls also have the option of URL Filtering and subscription-free sandboxing for finding elusive threats, behavioral indicators of compromise, and malware artifacts. Next-Generation IPS rule tuning and firewall policy creation are automated, requiring no manual intervention by IT security experts. All Firepower NGFW security appliances give you the option of running either Firepower Threat Defense (FTD) or Cisco Adaptive Security Appliance software. Unified deployment, logging, monitoring, and reporting capabilities can be controlled either via Cisco's Management Center or in the cloud with Cisco Defense Orchestrator.
Cisco Firepower 1000 Series Next-Generation Firewalls
Cisco Firepower NGFW 1000 Series Firewalls are targeted at small businesses, home offices, or branch offices. Devices in this family offer improved price/performance vs. corresponding Cisco ASA 5506-X to ASA 5525-X models, delivering 4-6X faster firewall speed. Onsite management can be done with Firepower Device Manager. 1000 Series firewalls feature an integrated 10M/100M/1GBASE-T Ethernet interface for management, an RJ-45 console port, a USB 3.0 Type-A connection, and 200 Gbytes of storage. Active/active and Active/standby high availability is provided along with virtual private network load balancing. For additional specs, see Cisco Firepower 1000 Series NGFW firewalls consulting and troubleshooting services.
Cisco Firepower 2100 Series NGFW Firewalls
Cisco's Firepower 2100 Series NGFW Firewalls are one-rack appliances designed for deployment at the Internet edge or the data center. Devices in this family have a dual multicore processor design that allows them to deliver 3-6X higher throughput than Cisco ASA models they are engineered to succeed. Local management can be performed using Firepower Device Manager. All Firepower 2100 Series NGFW Firewalls incorporate 12 RJ45 ports and four SFP interfaces. These units include one build-in 10M/100M/1GBASE-T Ethernet interface for network management, an RJ-45 console port, and one USB interface. Active/standby high availability is supported as well as virtual private network load balancing. For more specs, see Cisco Firepower 2100 Series NGFW firewalls consulting and management services.
Cisco Firepower 4100 Series Next-Generation Firewalls
Cisco's Firepower 4100 Series NGFW Firewalls are 1RU rack appliances designed for deployment at the Internet edge or high-performance data centers. Devices in this family deliver 5-10X faster performance than the Cisco ASA 5585-X firewall they are designed to replace. Onsite management can be performed using Cisco Firepower Device Manager. All Firepower 4100 Series Next-Generation Firewalls include 8 integrated SFP+ ports and all accept a selection of plug-in network modules for a maximum of 24 ports. All Firepower 4100 Series Next-Generation Firewalls support VPN load balancing, high availability, and clustering of as many as six chassis. These security appliances feature a built-in 1Gb Ethernet interface for network management, one RJ-45 console interface, and one USB connection. For additional specs, see Cisco Firepower 4100 Series NGFW firewalls consulting and troubleshooting expertise.
Cisco Firepower 9300 Series Next-Generation Firewalls
Cisco's Firepower 9300 Series NGFW Firewalls are massively scalable and ultra-high performing firewalls. The 3RU enclosure of Firepower 9300 Next-Generation Series firewalls accepts two network modules as well as three security modules. Altogether, the 9300 can hold 24 10G Ethernet Enhanced Small Form-Factor Pluggable network interfaces or eight 100G interfaces. Intrachassis clustering of up to five 9300 chassis delivers a total 1.2 Tbps of firewall performance. The high-end Cisco Firepower 9300 SM-56 delivers 70 Gbps firewall performance and 27 Gbps IPsec VPN performance. The 9300 SM-56 allows 35 million simultaneous sessions, 490K new connections per second, and a maximum of 20K VPN peers.
Cisco's Firepower Services
Firepower NGFW security appliances accept software or physical modules that enable Firepower Services, which offer layered protection against sophisticated threats. Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Major features of Firepower Services include:
- Layered protection against familiar and new threats
- Advanced Malware Protection (AMP) that uses big data to find and remediate security breaches
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at clients, network infrastructure, software applications, and content to discover attacks that use simultaneous vectors
- High-resolution Application Visibility and Control that is aware of thousands of apps and can automatically activate standard and customized IPS policies depending on the degree of risk
Firepower Services for Next Generation firewalls provide advanced multi-layered threat protection
Smaller implementations of Cisco's Firepower NGFW security appliances can be efficiently managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility included with all NGFW firewall versions. ASDM includes an easy-to-use web dashboard for deploying, managing, and debugging NGFW firewalls and service modules.
For more complex environments, NGFW firewalls with Firepower Services can be managed using Firepower Management Center, available as one or several physical or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under various names including Cisco Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center centralizes event and policy control for Cisco Firepower firewalls
Cisco's Firepower Management Center appliance offers features unavailable with Cisco's on-device ASDM utility. Additional capabilities include expanded context awareness, Cisco's Advanced Malware Protection with remediation for client devices, a console that offers dynamic infrastructure visualization, automated policy optimization based on risk assessment of attacks, advanced IPS, custom app detectors for Application Visibility and Control (AVC), customized health notifications, improved reporting options, and application interfaces for host input and database access. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be managed using either the on-box ASDM or the Firepower command line interface.
Progent's Migration Consulting Support for Cisco Next Generation Firewalls
Since Cisco has stopped selling the PIX 500 and ASA 5500 families of firewalls, many companies are concerned about depending on a key security mechanism that might no longer be supported. Firepower Series firewalls have the advantage of being new devices and also offer important functions and financial advantages in comparison to legacy devices. These benefits include significantly higher performance, optional Secure Sockets Layer tunneling capability, and a modular design that protects your investment by allowing you to self-install new security services when and if you require them. Progent's Cisco network engineers can assist your company to determine the business value of for migrating from PIX 500 or ASA 5500 security appliances, create a migration plan that allows for a quick and seamless upgrade, help you to install new Firepower NGFW Series firewalls, and offer online, consulting, and troubleshooting services.
Other Ways Progent Can Support Your Cisco Firewalls
Cisco's Firepower NGFW Series firewalls incorporate a wealth of configuration, tracking, and analysis features which give you the ability to configure these firewalls to align optimally with your business needs. Progent's CCIE authorized network consultants can show you how to build a cost-effective infrastructure that incorporates Cisco firewall technology and that provides world-class security, fault tolerance, throughput, and manageability. Progent's GISA and CISM-premier information security experts can help you to create a security policy that makes sense for your situation and can set up your firewall to support your security policies. Progent's risk evaluation consultants can assess the strength of your existing firewall deployment and audit the security of your entire information system environment. Progentís Technical Response Center can provide emergency remote technical support for Cisco products and can give you quick access to a Cisco CCIE network engineer.
Progent offers remote or on-premises support and can deliver occasional expertise to help your organization resolve a challenging IT bottleneck or Progent offers end-to-end project management and co-management services to ensure your firewall initiative is performed on schedule and within budget.
To learn more information concerning Progent's professional help for Cisco products, pick a subject:
Contact Progent for Cisco Firewall Solutions
To ask Progent about consulting help with Cisco Firepower NGFW firewalls, call 1-800-993-9400 or visit Contact Progent.