Cisco is a perennial front-runner in delivering state-of-the-art firewalls for the broadest possible variety of deployments. Cisco's Firepower Next Generation Firewalls provide a modern cybersecurity solution that combines sophisticed hardware, cloud-based services, and machine learning to block, discover, and respond to threats automatically. Progent's Cisco-certified CCIE firewall experts can help you to plan and carry out an efficient migration to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and show you how to integrate Firepower appliances with Cisco's security services to create and centrally control IT ecosystems that encompass local offices, data centers, and cloud resources. Progent's firewall consultants can also assist you to maintain and troubleshoot older-generation Cisco firewalls. Progent's certified cybersecurity consultants can help you with policy creation and tuning based on industry best practices so you can establish a consistent and effective security posture that applies to all your networked endpoints at any location.
Cisco's Firepower NGFW Firewall Appliances
Cisco's comprehensive portfolio of Firepower NGFW firewall appliances offers modern protection and unified control at price points, speed, and scale suitable for environments ranging from telecommuters and small businesses to major enterprises and service providers. Cisco's Firepower Next Generation Firewalls (NGFWs) deliver a major performance improvement over Cisco's older firewalls and include unified control of advanced security features like application visibility and control (AVC), next-generation intrusion protection with risk prioritization, advanced malware protection, URL filtering, and multi-node sandboxing.
All Firepower Next-Generation firewalls incorporate a one-pass design and support uninterrupted inspection and retrospective identification, which makes it possible to provide outbreak management and to uncover patient zero. Firepower NGFW firewalls also have the option of URL Filtering and sandboxing for detecting evasive and sandbox-aware threats, behavioral indicators of compromise, and malware artifacts. Next-Generation IPS rule tuning and firewall policy can be automated, eliminating the need for time-consuming intervention by cybersecurity specialists. All Firepower NGFW firewalls offer the choice of using either Firepower Threat Defense or Adaptive Security Appliance software. Unified configuration, logging, system monitoring, and reporting capabilities can be managed either by Management Center or in the cloud with Cisco Defense Orchestrator.
Cisco Firepower 1000 Series Next-Generation Firewalls
Firepower Next-Generation 1000 Series Firewalls are targeted at small organizations, home offices, or branches. Devices in this series deliver better value vs. comparable Cisco ASA 5506-X to ASA 5525-X models, delivering 4-6X faster firewall speed. Onsite management can be performed with Firepower Device Manager. These firewalls feature an integrated 10M/100M/1GBASE-T RJ-45 Ethernet interface for management, an RJ-45 console port, a USB connection, and 200 Gbytes of storage. High availability is supported as well as virtual private network load balancing. For additional specs, visit Cisco Firepower 1000 Series Next-Generation firewalls consulting and management expertise.
Cisco Firepower 2100 Series Next-Generation Firewalls
Cisco's Firepower 2100 Series Next-Generation Firewalls are single-rack appliances intended for deployment at the data center. Appliances in this family feature a dual multicore processor design that enables them to deliver 3-6X faster performance than Cisco ASA 5545-X to ASA 5555-X models they are engineered to replace. Local management can be done using Cisco Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls incorporate 12 RJ45 interfaces and four SFP interfaces. These appliances include one integrated 10M/100M/1GBASE-T Ethernet interface for management, an RJ-45 console port, and one USB 2.0 Type-A interface. Active/standby high availability is supported along with virtual private network load balancing. For additional details, see Cisco Firepower 2100 Series Next-Generation firewalls consulting and troubleshooting expertise.
Cisco Firepower 4100 Series Next-Generation Firewalls
Cisco's Firepower 4100 Series NGFW Firewalls are 1RU rack appliances designed for use at high-performance data centers. Devices in this series deliver 5-10X higher performance than the Cisco ASA 5585-X device they are designed to succeed. Onsite management can be done with Cisco Firepower Device Manager. All Firepower 4100 Series NGFW Firewalls include 8 integrated SFP+ interfaces and all accept a variety of plug-in network modules for a maximum of 24 interfaces. All Firepower 4100 Series NGFW Firewalls support virtual private network load balancing, high availability, and clustering of as many as six chassis. These devices feature a built-in 1Gb Ethernet interface for management, an RJ-45 console interface, and one USB 2.0 connection. For additional specs, see Cisco Firepower 4100 Series NGFW firewalls consulting and management services.
Cisco Firepower 9300 Series NGFW Firewalls
Cisco's Firepower 9300 Series NGFW Firewalls are highly scalable and ultra-high performing firewalls. The 3 Rack Units enclosure of Firepower 9300 Next-Generation Series firewalls can hold two network modules as well as three security modules. Altogether, the 9300 can hold 24 10-Gigabit Ethernet Enhanced Small Form-Factor Pluggable network interfaces or eight 100G interfaces. Clustering of up to five 9300 chassis allows a total 1.2 Tbps of firewall performance. The high-end Cisco Firepower 9300 SM-56 provides 70 Gbps firewall performance and 27 Gbps IPsec VPN throughput. The unit allows 35 million simultaneous sessions, 490K new connections per second, and a maximum of 000 VPN peers.
Cisco's Firepower Services
Firepower NGFW firewalls accept either software or physical modules that enable Cisco's Firepower Services, which provide layered defense against multi-vector threats. Cisco's Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services include:
- Multi-layer defense against familiar and zero-day threats
- Cisco's Advanced Malware Protection that utilizes big data to find and mitigate intrusions
- A Next-Generation Intrusion Prevention System that provides contextual analysis that looks at clients, network infrastructure, software applications, and content to discover attacks that incorporate simultaneous vectors
- High-resolution Application Visibility and Control that is familiar with thousands of applications and can automatically launch both standard and custom IPS policies based on the severity of risk
Firepower Services for NGFW firewalls provide multi-layered threat protection
Smaller implementations of Firepower NGFW security appliances can be effectively administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility provided with all firewall models. ASDM includes a convenient web console for deploying, managing, and troubleshooting Firepower devices and modules.
For multi-device and multi-site environments, NGFW firewalls with Firepower Services can be managed with Cisco's Firepower Management Center, available as one or more physical or virtual devices. Cisco's Firepower Management Center offers unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names that include Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center centralizes event and policy management for Cisco Firepower firewalls
Cisco's Firepower Management Center appliance provides features unavailable with Cisco's on-box Adaptive Security Device Manager utility. Additional capabilities include expanded context awareness, Advanced Malware Protection (AMP) with mitigation for user devices, a console that provides dynamic network visualization, automated policy tuning based on risk evaluation of attacks, comprehensive IPS, custom app detectors for Application Visibility and Control (AVC), customized health alerts, improved reporting features, and APIs for host input and databases. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's on-device ASDM or the Firepower command line interface.
Progent's Migration Consulting for Cisco Firepower Firewalls
Since Cisco has ceased selling the PIX 500 and ASA 5500 families of firewalls, many companies are uncomfortable with depending on a key security component that might no longer be supported by Cisco. Firepower NGFW Series firewalls offer the advantage of being current products and also offer important technical and financial benefits in comparison to legacy firewalls. These benefits include significantly higher throughput, optional Secure Sockets Layer VPN capability, and a modular design that protects your investment by allowing you to add new security features when and if you require them. Progent's Cisco network engineers can help your company to assess the strategic case for migrating from PIX 500 or ASA 5500 firewalls, design a migration process that permits a quick and seamless upgrade, help you to deploy new Firepower NGFW Series firewalls, and provide remote training, consulting, and troubleshooting services.
Other Ways Progent Can Support Your Cisco Firewalls
Cisco's Firepower Next-Generation Series security appliances incorporate an array of configuration, monitoring, and analysis features that give you the flexibility to set up these security appliances to align optimally with your business requirements. Progent's CCIE authorized network consultants can show you how to build a cost-effective network infrastructure that includes Cisco firewall technology and that offers advanced protection, resilience, performance, and manageability. Progent's GISA and CISSP-ISSP-premier information security professionals can help your business to develop a security strategy that makes sense for your environment and can set up your PIX or ASA firewall to support your security policies. Progent's security assessment experts can evaluate the effectiveness of your current firewall solution and audit the security of your entire IT network. Progentís Help Desk Call Center can deliver emergency online troubleshooting for Cisco products and can give you quick access to a Cisco network engineer.
Progent offers remote or on-premises consulting services and can deliver occasional expertise to help you resolve a challenging technical impasse or Progent offers end-to-end project management services to ensure your firewall initiative is performed on time and on budget.
To see more information about Progent's engineering help for Cisco networking products, choose a topic:
Contact Progent for Cisco Firewall Solutions
To ask Progent about consulting help with Cisco Firepower NGFW firewalls, call 1-800-993-9400 or visit Contact Progent.