Cisco is a perennial leader in delivering cutting-edge firewall appliances for the broadest possible variety of deployments. Cisco's Firepower Next Generation Firewall (NGFW) security appliances represent a modern cybersecurity platform that combines sophisticed hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to block, discover, and mitigate cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can help you to plan and carry out a smooth migration to Cisco Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and help you integrate Firepower firewalls with Cisco's security services to build and centrally manage network ecosystems that encompass branch offices, data centers, and cloud resources. Progent's firewall consultants can also help you to maintain and debug older-generation Cisco firewalls. Progent's certified network security experts can help you with policy creation driven by leading practices in order to build a consistent security posture across all your endpoints anywhere.
Cisco's Firepower Next Generation Firewalls
Cisco's portfolio of Firepower Next-Generation Firewalls offer advanced security and centralized management at price points, performance levels, and expandability suitable for deployments ranging from telecommuters and small organizations to major enterprises and service providers. Cisco's Firepower NGFW devices provide a significant performance boost compared to Cisco's previous-generation firewalls and offer centralized control of advanced security capabilities like application visibility and control, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection (AMP), URL filtering, and multi-node sandboxing.
All Firepower NGFW firewalls have a single-pass design and support continuous analysis and retrospective identification, which makes it possible to provide outbreak management and to pinpoint patient zero. Firepower Next-Generation firewalls also have the option of URL Filtering and subscription-free sandboxing for finding elusive malware, behavioral indicators of compromise, and malware artifacts. NGIPS rule tuning and firewall policy are automated, eliminating the need for manual intervention by cybersecurity specialists. All Firepower NGFW firewalls offer the choice of running either Firepower Threat Defense (FTD) or Adaptive Security Appliance software. Unified deployment, logging, system monitoring, and reporting capabilities can be managed either via Cisco's Management Center or in the cloud with Defense Orchestrator.
Cisco Firepower 1000 Series Next-Generation Firewalls
Cisco Firepower NGFW 1000 Series Firewalls are targeted at small businesses, telecommuters, or branch offices. Firewalls in this family deliver better value vs. comparable Cisco ASA 5506-X to ASA 5525-X firewalls, delivering 4-6X higher firewall speed. Onsite management can be performed with Firepower Device Manager. 1000 Series appliances feature a built-in 10M/100M/1GBASE-T Ethernet interface for management, an RJ-45 console interface, a USB connection, and 200 GB of storage. Active/active and Active/standby high availability is provided along with VPN load balancing.
Cisco's Firepower 1010 model is a desktop or wall-mount, fanless device that offers 890 Mbps performance, Application Visibility/Control (AVC), and Next Generation Intrusion Prevention System. The unit features eight integrated RJ-45 I/O ports, two of them POE+ capable. IPsec VPN performance is 400 Mbps and the unit supports 100K concurrent sessions, 6,000 new connections per second, and up to 75 VPN peers. The Firepower 1120 firewall is a 1RU device that delivers firewall throughput of 2.3 Gbps. The appliance comes with 8 RJ45 built-in I/O interfaces and four SFP interface ports. IPsec VPN throughput is 1.2 Gbps and the firewall allows 200K concurrent sessions, 15,000 new connections/second with Application Visibility/Control (AVC), and a maximum of 150 VPN peers.
The Firepower 1140 firewall is a 1RU appliance that offers firewall performance of 3.3 Gbps. The appliance includes 8 built-in RJ-45 ports and four SFP interface ports. IPsec VPN throughput is 1.4 Gbps and the appliance allows 400K simultaneous sessions, 22K new connections/second with Application Visibility/Control, and a maximum of 400 VPN peers. The Firepower 1150 firewall is a 1RU rackmount device that delivers firewall throughput of 5.3 Gbps. The appliance includes eight built-in RJ-45 interface ports, two SFP interface ports, and two 10G SFP+ interface ports. IPsec VPN performance is 2.4 Gbps and the firewall can handle 600K simultaneous sessions, 28,000 new connections/second, and up to 800 VPN peers.
Cisco Firepower 2100 Series NGFW Firewalls
Cisco's Firepower 2100 Series NGFW Firewalls are one-rack units designed for operation at the data center. Appliances in this family have a dual multicore CPU design that allows them to offer 3-6X faster performance than Cisco ASA models they are designed to succeed. Onsite management can be done with Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls include 12 RJ45 interfaces and four SFP interfaces. These units include one integrated 10M/100M/1GBASE-T Ethernet port for network management, an RJ-45 console interface, and one USB connection. Active/standby high availability is supported as well as virtual private network load balancing.
Cisco's Firepower 2110 firewall comes with 4 built-in 1 Gigabit SFP Ethernet interface ports and 100 GB of storage. The 2110 offers 2.6 Gbps firewall throughput and 800 Mbps IPsec VPN throughput and allows 1 million concurrent sessions, 18,000 new connections/second, and a maximum of 1,500 VPN peers. Cisco's Firepower 2120 model firewall includes 12 built-in 10M/100M/1GBASE-T Ethernet RJ-45 interface ports, four integrated 1G SFP Ethernet interfaces, and 100 GB of storage. The 2120 delivers 3.4 Gbps firewall performance and 1 Gbps IPsec VPN throughput and permits 1.5 million concurrent sessions, 28,000 new connections per second and a maximum of 3,500 VPN peers.
Cisco's Firepower 2130 model firewall includes four built-in 10 Gb SFP+ interface ports and 200 GB of storage. The 2130 also accepts a network module with eight additional interfaces. The Firepower 2130 delivers 5.4 Gbps firewall throughput and 1.9 Gbps IPsec VPN throughput and allows 2 million simultaneous sessions, 30,000 new connections/second, and as many as 7,500 VPN peers. Cisco's high-end Firepower 2140 model firewall includes 4 built-in 10G SFP+ interface ports and 200 GB of storage. The unit also accepts a network module with 8 additional ports for a total of 24 Ethernet interface ports. The 2140 delivers 10.4 Gbps firewall performance and 3.6 1Gbps IPsec VPN throughput and supports three million concurrent, 57,000 new connections per second, and a maximum of 10,000 VPN peers. Both the 2130 and 2140 appliances have the option of redundant AC or DC power supplies.
Cisco 3100 Firewall Series
Cisco's Secure Firewall 3100 Series models are modular one-rack units intended for large companies who need performance, high port density, and zero-trust security at the Internet edge, the data center, or a private cloud. For high availability, all Secure Firewall 3100 Series models support 8-chassis clustering and work in either Active/active or Active/standby mode. The units can run Cisco's ASA or Firewall Threat Defense software. Built-in I/O for each device includes 8 10M/100M/1GBASE-T interface ports (RJ-45) and 8 1/10 Gigabit Ethernet interfaces. Plug-in network modules support 1/10/25/40G expansion and all models come with 900 GB of storage as well as a spare storage slot.
Cisco's Secure Firewall 3105 device delivers 10 Gbps firewall performance and 5.5 Gbps IPsec VPN throughput. The 3105 supports 1.5 million concurrent sessions, 90,000 new connections per second, and as many as 2,000 VPN peers. Cisco's Secure Firewall 3110 device offers 10 Gbps firewall performance and 8 Gbps IPsec VPN throughput. The 3110 supports two million concurrent sessions, 130,000 new connections per second, and as many as 3,000 VPN peers. Cisco's Secure Firewall 3120 model offers 21 Gbps firewall performance and up to 10 Gbps IPsec VPN throughput. The 3120 supports 4 million concurrent sessions, 170,000 new connections/second, and a maximum of 7,000 VPN peers. Cisco's Secure Firewall 3130 model delivers 42 Gbps firewall throughput and 14 Gbps IPsec VPN throughput. The 3130 firewall supports 6 million concurrent sessions, 200K new connections/second, and up to 15,000 VPN peers. The 3130 firewall features 8 1/10/25G SFP+ ports. Cisco's Secure Firewall 3140 device delivers 49 Gbps firewall performance and up to 17 Gbps IPsec VPN performance. The 3140 supports 10 million simultaneous sessions, 200K new connections/second, and as many as 20K VPN peers. The 3140 features 8 1/10/25G SFP+ interfaces.
Cisco Firepower 4100 Series NGFW Firewalls
Cisco's Firepower 4100 Series NGFW Firewalls are one-rack appliances intended for operation at high-performance data centers. Devices in this series offer 5-10X higher performance than the Cisco ASA 5585-X firewall they are designed to succeed. Onsite management can be done with Firepower Device Manager. All Firepower 4100 Series Next-Generation Firewalls have 8 built-in SFP+ ports and all accept a variety of add-in network modules for a maximum of 24 interfaces. All Firepower 4100 Series NGFW Firewalls offer VPN load balancing, Active/Standby high availability, and clustering of as many as six chassis. These security appliances include a built-in 1Gb Ethernet interface for network management, one RJ-45 console interface, and one USB 2.0 port.
Cisco's Firepower 4110 firewall has 200 GB of storage and delivers 13 Gbps firewall performance and 6 Gbps IPsec VPN performance. The 4110 supports 10 million simultaneous sessions, 64K new connections per second, and as many as 10K VPN peers. Cisco's Firepower 4112 firewall has 400 GB of storage and offers 19 Gbps firewall throughput and 8.5 Gbps IPsec VPN performance. The 4112 firewall supports 10 million simultaneous sessions, 98K new connections per second, and up to 10,000 VPN peers. Cisco's Firepower 4115 appliance has 400 GB of storage and offers 33 Gbps firewall performance and 8 Gbps IPsec VPN throughput. The 4115 firewall allows 15 million concurrent sessions, 210K new connections per second, and as many as 15,000 VPN peers. Cisco's Firepower 4120 model features 200 GB of storage and offers 22 Gbps firewall performance and 19 Gbps IPsec VPN throughput. The 4120 unit allows 15 million concurrent sessions, 118K new connections/second, and up to 15,000 VPN peers. Cisco's Firepower 4125 firewall includes 800 GB of storage and offers 45 Gbps firewall throughput and 19 Gbps IPsec VPN throughput. The 4125 unit supports 25 million concurrent sessions, 269K new connections per second, and as many as 20K VPN peers.
Cisco's Firepower 4140 model firewall includes 400 GB of storage and offers 32 Gbps firewall performance and 13 Gbps IPsec VPN performance. The 4140 unit supports 25 million simultaneous sessions, 172K new connections/second, and as many as 20K VPN peers. Cisco's newer Firepower 4145 device includes 800 GB of storage and delivers 53 Gbps firewall performance and 24 Gbps IPsec VPN performance. The 4145 unit allows 30 million simultaneous sessions, 365K new connections per second, and a maximum of 20K VPN peers. Cisco's Firepower 4150 firewall has 400 GB of storage and offers 45 Gbps firewall performance and 14 Gbps IPsec VPN throughput. The 4150 firewall allows 30 million simultaneous sessions, 263K new connections per second, and a maximum of 20K VPN peers.
Secure Firewall 4200 Family
Cisco's Secure Firewall 4200 appliances are expandable 1RU firewalls intended for deployment at enterprise campuses and data centers that require high-end throughput, visibility, and scalability. Cisco's Secure Firewall 4200 Series appliances deliver more than twice the throughput of previous generation firewalls and feature high port density. As many as 8 chassis can be clustered for high availability and future expansion. Crypto accelerator allows SSL and VPN decryption in real time, and zero trust application access (ZTAA) permits deep threat inspection for applications. 4200 Series firewalls can be managed by the Firewall Management Center or in the cloud using Cisco Defense Orchestrator. Every 4200 device includes 8x 1/10/25 Gigabit Ethernet (SFP28) on-chassis interfaces and has two module slots for easy expansion. As many as 24 total Ethernet connections are possible. Every firewall device comes with 1.8 TB x 2 storage.
Cisco's Secure Firewall 4215 product is intended for enterprise campuses with high growth potential. The device offers 90 Gbps firewall performance and 45 Gbps IPsec VPN throughput. The 4215 allows 15 million concurrent firewall connections, 350 K new connections each second, and up to 20,000 VPN peers. The Secure Firewall 4225 appliance is designed for enterprise data centers. The device delivers 95 Gbps firewall throughput and 80 Gbps max IPsec VPN performance. The 4225 model supports 30 million simultaneous firewall connections, 600 K new connections each second, and as many as 25,000 VPN peers. Cisco's Secure Firewall 4245 product is built for service providers who support a very high volume of traffic. The 4245 offers 180 Gbps firewall performance and 140 Gbps IPsec VPN performance. The 4245 can support 60 million simultaneous firewall connections, 800 K new connections each second, and as many as 30,000 VPN peers.
Cisco Firepower 9300 Series NGFW Firewalls
Cisco's Firepower 9300 Series Next-Generation Firewalls are highly scalable and carrier-grade firewalls. The 3 Rack Units (3RU) enclosure of Firepower 9300 NGFW Series firewalls can hold two add-in network modules and three security modules. Altogether, the Firepower 9300 can hold 24 10-Gigabit Ethernet Enhanced Small Form-Factor Pluggable network interfaces or eight 100 Gigabit Ethernet interfaces. Intrachassis clustering of up to 5 9300 chassis delivers a total 1.2 Tbps of firewall throughput. The top-of-the-line Cisco Firepower 9300 SM-56 x 3 provides 235 Gbps firewall throughput and 27 Gbps IPsec VPN throughput. The unit allows 195 million simultaneous sessions, 4.75 M new connections per second, and a maximum of 20,000 VPN peers.
Firepower Services
Cisco's Firepower Next Generation firewalls accept software or physical modules that enable Cisco's Firepower Services, which offer layered defense against multi-vector attacks. Firepower Services are powered by technology acquired by Cisco from Sourcefire. Major features of Firepower Services include:
Simpler implementations of Firepower NGFW security appliances can be effectively administered using Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility included with all firewall models. ASDM provides an easy-to-use web console for configuring, administering, and troubleshooting NGFW devices and modules.
For more complex environments, NGFW appliances with Firepower Services can be administered using Cisco's Firepower Management Center, available as one or more physical or virtual devices. Firepower Management Center offers centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection. Due to ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center appliance provides features beyond those available with Cisco's on-device ASDM tool. Extra features include greater context awareness, Advanced Malware Protection with remediation for user devices, a console that provides dynamic network infrastructure visualization, automated policy tuning based on impact assessment of threats, comprehensive IPS, custom app detectors for Application Visibility and Control (AVC), customized health alerts, improved reporting features, and APIs for host input and databases. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's on-box ASDM or the Firepower command line interface.
Progent's Migration Consulting for Cisco Firepower Firewalls
Since Cisco has stopped offering the PIX and ASA 5500 families of firewalls, many companies are uncomfortable with depending on a critical infrastructure mechanism that might no longer be supported. Firepower NGFW Series security appliances have the advantage of being new devices and also bring multiple functions and budgetary advantages in comparison to legacy devices. These advantages include substantially better performance, optional Secure Sockets Layer tunneling capability, and a modular design that guards your investment by enabling you to add new security features when and if you require them. Progent's Cisco network engineers can help your company to determine the strategic case for migrating from PIX 500 or ASA 5500 security appliances, design a migration plan that allows for a quick and seamless upgrade, help you to install new Firepower NGFW Series firewalls, and offer remote training, consulting, and technical support services.
Other Ways Progent Can Support Your Cisco Firewalls
Cisco's Firepower NGFW Series security appliances incorporate an array of setup, tracking, and analysis features which give you the ability to deploy these security appliances to align optimally with your company's needs. Progent's CCIE certified network consultants can show you how to configure and support a cost-effective network infrastructure that incorporates Cisco firewalls and that offers advanced protection, resilience, performance, and recoverability. Progent's CISA and CISSP-ISSP-premier IS security engineers can assist you to develop a security policy that makes sense for your business and can set up your security appliance to enforce your security policies. Progent's risk assessment engineers can assess the effectiveness of your current firewall solution and validate the security of your entire information system environment. Progent's Technical Response Center (TRC) can deliver emergency remote technical support for Cisco products and offer quick access to a Cisco CCIE network engineer.
Progent offers remote or onsite support and is available for occasional guidance to help your organization with a stubborn technical bottleneck or Progent offers end-to-end project management and co-management services to ensure your firewall initiative is performed on schedule and on budget.
To see more details concerning Progent's consulting assistance for Cisco networking products, select a topic: