Cisco Network Consultants

Cisco is a long-time front-runner in developing state-of-the-art firewall appliances for the broadest possible range of environments. Cisco's Firepower Next Generation Firewall (NGFW) appliances provide a modern firewall platform that combines sophisticed hardware, cloud-based services, and machine learning to anticipate, identify, and respond to threats automatically. Progent's Cisco-certified CCIE firewall experts can assist your organization to plan and carry out a smooth migration to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and help you integrate Firepower firewalls with Cisco's security services to create and centrally control network environments that encompass local offices, data centers, and cloud resources. Progent can also help you to manage and debug older-generation Cisco security appliances. Progent's certified cybersecurity consultants can assist you with policy creation and tuning driven by leading practices so you can establish a consistent and effective cybersecurity profile across all your devices anywhere.

Cisco's Firepower Next Generation Firewall Appliances
Cisco's portfolio of Firepower Next-Generation Firewalls offer modern security and centralized management at price points, speed, and expandability to fit environments ranging from home offices and small organizations to major enterprises and service providers. Cisco's Firepower NGFW devices deliver a significant performance boost over Cisco's previous-generation firewalls and include centralized management of modern security features such as application visibility, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection, URL filtering, and multi-node sandboxing.

All Firepower NGFW firewalls incorporate a one-pass design and permit continuous inspection and retrospective identification, which allows the firewalls to provide outbreak management and to uncover patient zero. Firepower Next-Generation firewalls also have the option of URL Filtering and subscription-free sandboxing for detecting elusive malware, behavioral indicators of compromise, and malware artifacts. NGIPS rule tuning and network firewall policy can be performed automatically, requiring no manual intervention by cybersecurity specialists. All Firepower Next-Generation firewalls give you the option of running either Firepower Threat Defense or Cisco Adaptive Security Appliance software. Unified deployment, logging, monitoring, and reporting functions can be controlled either by Management Center or in the cloud with Defense Orchestrator.

Cisco Firepower 1000 Series NGFW Firewalls
Firepower NGFW 1000 Series Firewalls are intended for small businesses, telecommuters, or branch offices. Devices in this series deliver better value vs. corresponding Cisco ASA models, providing 4-6X faster firewall throughput. Local management can be performed with Firepower Device Manager. These firewalls feature a built-in 10M/100M/1GBASE-T RJ-45 Ethernet port for management, an RJ-45 console interface, a USB connection, and 200 GB of storage. Active/active and Active/standby high availability is supported along with virtual private network load balancing.

Cisco's Firepower 1010 model is a desktop or wall-mount, fanless appliance that delivers 890 Mbps throughput, AVC, and Next Generation Intrusion Prevention System. The unit has eight integrated RJ-45 I/O interface ports, two of them with POE+. IPsec VPN performance is 400 Mbps and the appliance supports 100K concurrent sessions, 6,000 new connections per second, and up to 75 VPN peers. The Firepower 1120 firewall is a 1RU appliance that provides firewall throughput of 2.3 Gbps. The firewall has eight RJ45 integrated I/O interfaces and four SFP interface ports. IPsec VPN throughput is 1.2 Gbps and the unit supports 200K concurrent sessions, 15,000 new connections per second with AVC, and as many as 150 VPN peers.

The Firepower 1140 model firewall is a 1RU rackmount appliance that delivers firewall throughput of 3.3 Gbps. The unit comes with 8 integrated RJ-45 ports and 4 SFP interfaces. IPsec VPN performance is 1.4 Gbps and the device supports 400K concurrent sessions, 22K new connections per second with AVC, and as many as 400 VPN peers. The Firepower 1150 firewall is a 1RU rackmount appliance that offers firewall throughput of 5.3 Gbps. The unit comes with eight integrated RJ-45 interface ports, two SFP interface ports, and two 10G SFP+ interface ports. IPsec VPN throughput is 2.4 Gbps and the unit can handle 600K simultaneous sessions, 28,000 new connections/second, and up to 800 VPN peers.

Cisco Firepower 2100 Series NGFW Firewalls
Cisco's Firepower 2100 Series Next-Generation Firewalls are 1RU appliances designed for use at the Internet edge or the data center. Appliances in this series feature a dual multicore processor design that enables them to offer 3-6X faster performance than Cisco ASA firewalls they are designed to replace. Onsite management can be performed with Firepower Device Manager. All Firepower 2100 Series NGFW Firewalls include 12 RJ45 interfaces and four SFP interfaces. These units include one integrated 10M/100M/1GBASE-T Ethernet interface for management, an RJ-45 console port, and one USB connection. High availability is supported along with virtual private network load balancing.

Cisco's Firepower 2110 model firewall includes four built-in 1 Gb SFP Ethernet interfaces and 100 GB of storage. The 2110 offers 2.6 Gbps firewall performance and 800 Mbps IPsec VPN throughput and supports 1 million simultaneous sessions, 18,000 new connections/second, and a maximum of 1,500 VPN peers. Cisco's Firepower 2120 model firewall comes with 12 integrated 10M/100M/1GBASE-T RJ-45 ports, four integrated 1G SFP Ethernet interface ports, and 100 GB of storage. The 2120 offers 3.4 Gbps firewall performance and 1 Gbps IPsec VPN performance and allows 1.5 million concurrent sessions, 28,000 new connections per second and up to 3,500 VPN peers.

Cisco's Firepower 2130 firewall comes with four built-in 10 Gigabit SFP+ ports and 200 GB of storage. The unit also accepts a network module with 8 extra interface ports. The Firepower 2130 delivers 5.4 Gbps firewall throughput and 1.9 Gbps IPsec VPN throughput and allows two million simultaneous sessions, 30,000 new connections per second, and as many as 7,500 VPN peers. Cisco's high-end Firepower 2140 firewall includes 4 built-in 10 Gigabit SFP+ interface ports and 200 GB of storage. The 2140 also scales via a network module with 8 additional interfaces for a maximum of 24 Ethernet interfaces. The 2140 model offers 10.4 Gbps firewall throughput and 3.6 1Gbps IPsec VPN throughput and allows three million concurrent, 57,000 new connections per second, and up to 10,000 VPN peers. Both the 2130 and 2140 units have the option of redundant AC or DC power supplies.

Cisco Secure Firewall 3100 Series
Cisco's Secure Firewall 3100 Series appliances are modular one-rack devices intended for enterprises who require performance, high port density, and zero-trust security at the Internet edge, the data center, or a private cloud. For maximum uptime, all Secure Firewall 3100 Series models support 8-device clustering and operate in either Active/active or Active/standby mode. The units can run Cisco's ASA or Firewall Threat Defense (FTD) software. Built-in I/O for each model includes eight 10M/100M/1GBASE-T Ethernet ports (RJ-45) and 8 1/10 Gigabit (SFP) Ethernet interface ports. Available network modules offer 1/10/25/40G expansion and all models include 900 GB of storage plus a spare storage expansion slot.

Cisco's 3105 Firewall device offers 10 Gbps firewall performance and 5.5 Gbps IPsec VPN throughput. The 3105 allows 1.5 million simultaneous sessions, 90,000 new connections per second, and up to 2,000 VPN peers. Cisco's 3110 Firewall model offers 10 Gbps firewall performance and 8 Gbps IPsec VPN performance. The 3110 allows 2 million simultaneous sessions, 130,000 new connections per second, and as many as 3,000 VPN peers. Cisco's 3120 Firewall model delivers 21 Gbps firewall performance and 10 Gbps IPsec VPN performance. The 3120 supports 4 million concurrent sessions, 170,000 new connections/second, and up to 7,000 VPN peers. Cisco's 3130 Firewall device offers 42 Gbps firewall performance and 14 Gbps IPsec VPN performance. The 3130 supports 6 million concurrent sessions, 200K new connections/second, and a maximum of 15,000 VPN peers. The 3130 firewall has eight 1/10/25G SFP+ interfaces. Cisco's 3140 Firewall model offers 49 Gbps firewall throughput and 17 Gbps IPsec VPN throughput. The 3140 firewall allows 10 million simultaneous sessions, 200K new connections per second, and up to 20K VPN peers. The 3140 firewall includes 8 1/10/25G SFP+ interface ports.

Cisco Firepower 4100 Series Next-Generation Firewalls
Cisco's Firepower 4100 Series NGFW Firewalls are 1RU appliances designed for deployment at high-performance data centers. Appliances in this family offer 5-10X higher performance than the Cisco ASA 5585-X firewall they are designed to succeed. Onsite management can be done using Firepower Device Manager. All Firepower 4100 Series NGFW Firewalls include 8 integrated SFP+ ports and all can be expanded with a variety of plug-in network modules for a maximum of 24 interfaces. All Firepower 4100 Series NGFW Firewalls offer VPN load balancing, high availability, and clustering of as many as six chassis. These devices feature an integrated 1 Gigabit Ethernet port for network management, an RJ-45 console interface, and one USB 2.0 interface.

Cisco's Firepower 4110 firewall features 200 GB of storage and offers 13 Gbps firewall performance and 6 Gbps IPsec VPN performance. The 4110 model allows 10 million concurrent sessions, 64K new connections/second, and up to 10K VPN peers. Cisco's Firepower 4112 firewall features 400 GB of storage and delivers 19 Gbps firewall performance and 8.5 Gbps IPsec VPN performance. The 4112 firewall supports 10 million concurrent sessions, 98K new connections/second, and a maximum of 10,000 VPN peers. Cisco's Firepower 4115 model firewall comes with 400 GB of storage and offers 33 Gbps firewall throughput and 8 Gbps IPsec VPN performance. The 4115 unit allows 15 million concurrent sessions, 210K new connections per second, and as many as 15,000 VPN peers. Cisco's Firepower 4120 model comes with 200 GB of storage and offers 22 Gbps firewall performance and 19 Gbps IPsec VPN performance. The 4120 firewall supports 15 million concurrent sessions, 118K new connections per second, and as many as 15,000 VPN peers. Cisco's Firepower 4125 firewall includes 800 GB of storage and offers 45 Gbps firewall performance and 19 Gbps IPsec VPN performance. The 4125 firewall allows 25 million concurrent sessions, 269K new connections/second, and as many as 20K VPN peers.

The Firepower 4140 firewall includes 400 GB of storage and offers 32 Gbps firewall performance and 13 Gbps IPsec VPN performance. The 4140 unit supports 25 million simultaneous sessions, 172K new connections/second, and up to 20K VPN peers. Cisco's newer Firepower 4145 device features 800 GB of storage and delivers 53 Gbps firewall performance and 24 Gbps IPsec VPN throughput. The 4145 unit supports 30 million simultaneous sessions, 365K new connections/second, and a maximum of 20K VPN peers. Cisco's Firepower 4150 unit comes with 400 GB of storage and delivers 45 Gbps firewall performance and 14 Gbps IPsec VPN throughput. The 4150 firewall supports 30 million simultaneous sessions, 263K new connections per second, and as many as 20K VPN peers.

Cisco Secure Firewall 4200 Series
Cisco's Secure Firewall 4200 Series appliances are expandable single rack units designed for use at large enterprise campuses and data centers that need high-end performance, visibility, and scalability. Cisco's Secure Firewall 4200 Series appliances deliver more than twice the performance of prior generation firewalls and offer high port density. Up to 8 chassis can be clustered for high availability and scale. Crypto accelerator allows SSL and VPN decryption without performance loss, and zero trust application access (ZTAA) permits complete threat inspection for applications. 4200 Series firewalls can be managed by the Firewall Management Center or in the cloud with Cisco Defense Orchestrator. Each 4200 device includes 8x 1/10/25 Gigabit Ethernet built-in ports and features two module bays for easy upscaling. As many as 24 Ethernet connections are possible. Every 4200 unit includes 1.8 TB x 2 storage.

Cisco's Secure Firewall 4215 product is intended for large enterprise campuses with high growth expectations. The device delivers 90 Gbps firewall performance and 45 Gbps IPsec VPN throughput. The Secure Firewall 4215 can handle 15 million concurrent firewall connections, 350 K new connections each second, and up to 20,000 VPN peers. The Secure Firewall 4225 appliance is built for large enterprise data centers. The device delivers 95 Gbps firewall throughput and 80 Gbps IPsec VPN performance. The 4225 model allows 30 million simultaneous firewall connections, 600 K new connections each second, and as many as 25,000 VPN peers. Cisco's Secure Firewall 4245 device is intended for service providers who support a high volume of traffic. Cisco's 4245 offers 180 Gbps firewall throughput and 140 Gbps IPsec VPN performance. The 4245 can support 60 million simultaneous firewall connections, 800 K new connections per second, and up to 30,000 VPN peers.

Cisco Firepower 9300 Series Next-Generation Firewalls
Cisco's Firepower 9300 Series NGFW Firewalls are highly scalable and ultra-high performing security appliances. The 3RU chassis of Firepower 9300 Next-Generation Series firewalls can hold two add-in network modules as well as three security modules. Fully loaded, the Firepower 9300 can hold 24 10G Ethernet Enhanced Small Form-Factor Pluggable ports or eight 100G interfaces. Clustering of up to 5 chassis delivers up to 1.2 Tbps of firewall performance. The top-of-the-line Cisco Firepower 9300 SM-56 x 3 delivers 235 Gbps firewall performance and 27 Gbps IPsec VPN performance. The 9300 SM-56 allows 195 million simultaneous sessions, 4.75 M new connections per second, and a maximum of 20,000 VPN peers.

Cisco's Firepower Services
Cisco's Firepower NGFW security appliances accept software or physical modules that enable Firepower Services, which offer layered protection against sophisticated threats. Firepower Services are based on technology acquired by Cisco from Sourcefire. Key features of Firepower Services include:

• Multi-layer protection against familiar and new attacks
• Cisco's Advanced Malware Protection (AMP) that utilizes big data to find and remediate security breaches
• A Next-Generation Intrusion Prevention System that provides contextual analysis that looks at users, infrastructure, software applications, and content to discover attacks that use multiple vectors
• High-resolution Application Visibility and Control (AVC that is aware of thousands of applications and can automatically activate both standard and customized IPS policies depending on the severity of risk

Simpler deployments of Cisco's Firepower Next Generation security appliances can be effectively administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility included with all NGFW firewall models. ASDM provides an easy-to-use web dashboard for configuring, administering, and troubleshooting NGFW firewalls and service modules.

For more complex deployments, NGFW firewalls with Firepower Services can be administered with Firepower Management Center, implemented as one or more physical or virtual appliances. Firepower Management Center offers centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.

Firepower Management Center appliance provides features beyond those available with Cisco's on-device Adaptive Security Device Manager tool. Additional capabilities include greater context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for user devices, a console that provides dynamic network visualization, automated policy optimization based on risk evaluation of threats, advanced IPS, custom app discovery for Application Visibility and Control (AVC), customized health notifications, enhanced reporting options, and application interfaces for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be handled using either Cisco's on-box ASDM or the Firepower command line interface.

Progent's Migration Consulting Services for Cisco Next Generation Firewalls
Since Cisco has discontinued offering the PIX 500 and ASA 5500 families of firewalls, many companies are uncomfortable with depending on a critical infrastructure component that might no longer be supported. Firepower NGFW Series security appliances offer the benefit of being new devices and also bring important functions and budgetary advantages in comparison to legacy firewalls. These advantages include substantially better throughput, optional Secure Sockets Layer VPN capability, and a modular design that protects your investment by enabling you to add more security features whenever you require them. Progent's Cisco certified network engineers can help your company to assess the strategic case for upgrading from PIX or Cisco ASA 5500 firewalls, create a migration plan that permits a fast and non-disruptive upgrade, assist your IT staff to configure new Firepower Series appliances, and offer online, consulting, and technical support services.

Other Ways Progent Can Support Your Cisco Firewalls
Cisco's Firepower NGFW Series security appliances provide a wealth of setup, tracking, and analysis features which offer you the flexibility to configure these firewalls to align optimally with your company's requirements. Progent's CCIE authorized network consultants can help you to design an efficient network infrastructure that incorporates Cisco security appliances and that offers world-class protection, fault tolerance, performance, and manageability. Progent's CISA and CISSP-ISSP-certified IS security professionals can assist you to develop a security policy that makes sense for your situation and can set up your security appliance to support your security strategy. Progent's risk assessment professionals can assess the effectiveness of your existing firewall solution and validate the security of your entire information system network. Progent's Technical Response Center (TRC) can deliver urgent online technical support for Cisco products and offer quick access to a Cisco CCIE network engineer.

Progent offers online or on-premises consulting services and is available for occasional expertise to help you with a stubborn IT bottleneck or Progent offers comprehensive project management and co-management support to ensure your firewall initiative is completed on time and within budget.

To find out more details concerning Progent's consulting expertise for Cisco products, pick a topic:

• Introduction to Cisco Expertise
• Fast Remote Support from a CCIE Engineer
• Cisco ASA 5500-X Firewalls with Firepower: Configuration and Management Support
• Cisco ASA 5500 Firewalls Engineering Support
• Cisco PIX Firewall Troubleshooting Help
• Cisco Routers Consulting Expertise
• Cisco Wireless Network Design Support
• Cisco Aironet Access Points Consulting Support
• Cisco Small Business 100, 300 and 500 Wireless Access Points Engineering Services
• Catalyst 802.11ax Wi-Fi 6/6E Access Points Planning, Configuration and Debugging Services
• Cisco WiFi Controllers Consultants
• Cisco Meraki Wireless Access Points Design Help
• Cisco Unified Communications Manager (CUCM or Unified CM) and CallManager Consulting and Troubleshooting
• Cisco Voice over IP Phones and IP Video Phones Consulting Services and Wireless IP Phone Configuration
• Cisco Jabber Migration and Support Services
• Catalyst Switches Engineering Expertise
• Nexus Switches Consulting and Support Expertise
• Meraki Switches Deployment Services
• Cisco VPN and Network Security Consulting Services
• SIP and CUBE Infrastructure Solutions: SIP Trunking and Cisco CUBE Integration Consulting
• Cisco Duo MFA Two-factor Authentication (2FA) Services for Teleworkers
• Design Expertise for Cisco-powered Datacenters
• Data Center Design Consulting for Service Providers
• Unified Cloud-based and Hybrid Network Management Strategies for Cisco-powered Environments