Cisco is a long-time front-runner in developing state-of-the-art firewalls for the broadest possible variety of environments. Cisco's Firepower Next Generation Firewall (NGFW) appliances represent a modern firewall platform that combines dedicated hardware, cloud-based services, and machine learning to block, identify, and respond to threats without manual intervention. Progent's Cisco-certified CCIE firewall experts can assist your organization to design and execute a smooth migration to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and show you how to integrate Firepower appliances with Cisco's subscription-based security services to create and centrally manage IT ecosystems that encompass local offices, data centers, and cloud resources. Progent can also help you to manage and troubleshoot older-generation Cisco firewalls. Progent's certified cybersecurity consultants can help you with policy creation and tuning driven by leading practices so you can establish a consistent and effective security profile that applies to all your devices at any location.
Cisco's Firepower NGFW Firewall Appliances
Cisco's portfolio of Firepower Next-Generation Firewalls deliver advanced protection and centralized control at prices, speed, and scale suitable for environments spanning telecommuters and small businesses to global enterprises and Internet service providers. Cisco's Firepower NGFW devices deliver a major performance boost compared to Cisco's older firewalls and include centralized management and automation of advanced cybersecurity capabilities such as application visibility and control (AVC), next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection (AMP), DDoS mitigation, and sandboxing.
All Firepower Next-Generation firewalls have a one-pass architecture and permit uninterrupted inspection and retrospective identification, which makes it possible to provide outbreak controls and to pinpoint root causes. Firepower NGFW firewalls also offer URL Filtering and sandboxing for detecting elusive malware, behavioral indicators of compromise, and malware artifacts. Next-Generation IPS rule tuning and network firewall policy creation can be performed automatically, requiring no time-consuming intervention by cybersecurity specialists. All Firepower Next-Generation security appliances offer the option of using either Cisco Firepower Threat Defense or Cisco Adaptive Security Appliance (ASA) software. Centralized deployment, logging, system monitoring, and reporting functions can be controlled either by Management Center or in the cloud with Defense Orchestrator.
Cisco Firepower 1000 Series NGFW Firewalls
Firepower NGFW 1000 Series Firewalls are intended for small businesses, telecommuters, or branch offices. Devices in this family deliver improved price/performance vs. corresponding Cisco ASA 5506-X to ASA 5525-X firewalls, delivering 4-6X higher firewall speed. Onsite management can be performed using Firepower Device Manager. 1000 Series appliances feature a built-in 10/100/1000 RJ-45 Ethernet interface for management, an RJ-45 console port, a USB 3.0 Type-A interface, and 200 Gbytes of storage. High availability is provided along with virtual private network load balancing.
Cisco's Firepower 1010 model is a desktop, fanless device that delivers 890 Mbps throughput, Application Visibility/Control, and Next Generation Intrusion Prevention System. The appliance includes 8 built-in RJ-45 I/O ports, two of them POE+ capable. IPsec VPN throughput is 500 Mbps and the firewall supports 100K concurrent sessions, 6,000 new connections/second, and a maximum of 75 VPN peers. The Firepower 1120 firewall is a 1RU device that delivers firewall performance of 2.3 Gbps. The firewall includes eight RJ45 built-in I/O interfaces and four SFP interface ports. IPsec VPN throughput is 1.2 Gbps and the appliance supports 200K simultaneous sessions, 15,000 new connections/second with Application Visibility/Control (AVC), and a maximum of 150 VPN peers.
The Firepower 1140 model firewall is a 1RU rackmount appliance that delivers firewall performance of 3.3 Gbps. The firewall comes with eight integrated RJ-45 interfaces and 4 SFP interface ports. IPsec VPN throughput is 1.4 Gbps and the appliance allows 400K concurrent sessions, 22K new connections/second with AVC, and up to 400 VPN peers. The Firepower 1150 firewall is a 1RU rackmount appliance that delivers firewall throughput of 5.3 Gbps. The firewall comes with eight integrated RJ-45 ports, two SFP interface ports, and two 10G SFP+ ports. IPsec VPN performance is 2.4 Gbps and the unit supports 600K simultaneous sessions, 28,000 new connections per second, and a maximum of 800 VPN peers.
Cisco Firepower 2100 Series Next-Generation Firewalls
Cisco's Firepower 2100 Series Next-Generation Firewalls are 1RU rack units designed for operation at the data center. Firewalls in this series have a dual multicore processor architecture that allows them to deliver 3-6X faster performance than Cisco ASA firewalls they are designed to succeed. Local management can be performed with Firepower Device Manager. All Firepower 2100 Series NGFW Firewalls include 12 RJ45 interfaces and four SFP ports. These units include one build-in 10/100/1000 Ethernet port for network management, an RJ-45 console interface, and one USB port. High availability is supported as well as VPN load balancing.
Cisco's Firepower 2110 model firewall comes with 4 integrated 1 Gigabit SFP Ethernet interface ports and 100 GB of storage. The 2110 delivers 2.6 Gbps firewall performance and 800 Mbps IPsec VPN throughput and supports 1 million concurrent sessions, 18,000 new connections/second, and as many as 1,500 VPN peers. Cisco's Firepower 2120 firewall comes with 12 integrated 10M/100M/1GBASE-T RJ-45 interfaces, four built-in 1G SFP Ethernet interfaces, and 100 GB of storage. The 2120 delivers 3.4 Gbps firewall performance and 1 Gbps IPsec VPN performance and permits 1.5 million simultaneous sessions, 28,000 new connections/second and up to 3,500 VPN peers.
Cisco's Firepower 2130 firewall features four built-in 10 G SFP+ interface ports and 200 GB of storage. The 2130 also scales via a network module with eight additional interface ports. The Firepower 2130 delivers 5.4 Gbps firewall performance and 1.9 Gbps IPsec VPN throughput and allows 2 million simultaneous sessions, 30,000 new connections per second, and as many as 7,500 VPN peers. Cisco's high-end Firepower 2140 firewall has four built-in 10 Gigabit SFP+ interfaces and 200 GB of storage. The unit also accepts a network module with eight additional ports for a maximum of 24 Ethernet interface ports. The 2140 model offers 10.4 Gbps firewall throughput and 3.6 1Gbps IPsec VPN performance and supports 3 million simultaneous, 57,000 new connections per second, and as many as 10,000 VPN peers. Both the 2130 and 2140 model firewalls feature redundant AC or DC power supplies.
Cisco 3100 Firewall Series
Cisco's Secure Firewall 3100 Series appliances are modular one-rack devices targeted at large companies who require performance, high port density, and zero-trust cybersecurity at the Internet edge, the data center, or a private cloud. For high uptime, all Secure Firewall 3100 Series models allow 8-chassis clustering and operate in Active/active or Active/standby mode. The appliances can run Cisco's ASA or Firewall Threat Defense (FTD) software. Integrated I/O for each device includes eight 10M/100M/1GBASE-T Ethernet ports (RJ-45) and eight 1/10 Gigabit Ethernet interfaces. Available network modules offer 1/10/25/40G options and all models have 900 GB of storage plus a spare storage expansion slot.
Cisco's 3110 Firewall device offers 18 Gbps firewall throughput and 8 Gbps IPsec VPN throughput. The 3110 supports 2 million concurrent sessions, 64,000 new connections/second, and as many as 3,000 VPN peers. Cisco's 3120 Firewall device delivers 22 Gbps firewall throughput and 10 Gbps IPsec VPN performance. The 3120 firewall allows 4 million concurrent sessions, 98K new connections/second, and up to 7,000 VPN peers. Cisco's 3130 Firewall device offers 42 Gbps firewall throughput and 14 Gbps IPsec VPN throughput. The 3130 supports 6 million concurrent sessions, 200K new connections/second, and up to 15,000 VPN peers. Cisco's Secure Firewall 3140 appliance delivers 49 Gbps firewall throughput and 17 Gbps IPsec VPN performance. The 3140 supports 10 million concurrent sessions, 200K new connections/second, and as many as 20K VPN peers.
Cisco Firepower 4100 Series Next-Generation Firewalls
Cisco's Firepower 4100 Series NGFW Firewalls are one-rack units designed for operation at the Internet edge or high-performance data centers. Firewalls in this family offer 5-10X faster performance than the Cisco ASA 5585-X firewall they are designed to replace. Local management can be done using Cisco Firepower Device Manager. All Firepower 4100 Series NGFW Firewalls include 8 built-in SFP+ interfaces and all accept a selection of plug-in network modules for a maximum of 24 interfaces. All Firepower 4100 Series NGFW Firewalls offer virtual private network load balancing, Active/standby high availability, and clustering of up to six chassis. These security appliances feature a built-in 1 Gigabit Ethernet interface for management, one RJ-45 console interface, and one USB port.
The Firepower 4110 model firewall includes 200 GB of storage and offers 13 Gbps firewall performance and 6 Gbps IPsec VPN throughput. The 4110 model supports 10 million simultaneous sessions, 64K new connections per second, and a maximum of 10K VPN peers. Cisco's Firepower 4112 firewall includes 400 GB of storage and offers 19 Gbps firewall throughput and 8.5 Gbps IPsec VPN throughput. The 4112 firewall supports 10 million concurrent sessions, 98K new connections/second, and a maximum of 10,000 VPN peers. Cisco's newer Firepower 4115 appliance comes with 400 GB of storage and offers 27 Gbps firewall performance and 8 Gbps IPsec VPN performance. The 4115 firewall supports 15 million concurrent sessions, 200K new connections per second, and as many as 15,000 VPN peers. Cisco's Firepower 4120 model features 200 GB of storage and delivers 22 Gbps firewall performance and 19 Gbps IPsec VPN performance. The 4120 unit allows 15 million simultaneous sessions, 118K new connections per second, and a maximum of 15,000 VPN peers. Cisco's newer Firepower 4125 appliance has 800 GB of storage and offers 40 Gbps firewall performance and 14 Gbps IPsec VPN performance. The 4125 unit allows 25 million simultaneous sessions, 265K new connections/second, and as many as 20K VPN peers.
Cisco's Firepower 4140 model firewall includes 400 GB of storage and offers 32 Gbps firewall performance and 13 Gbps IPsec VPN throughput. The 4140 firewall supports 25 million concurrent sessions, 172K new connections per second, and a maximum of 20K VPN peers. Cisco's more recent Firepower 4145 firewall comes with 800 GB of storage and offers 53 Gbps firewall throughput and 18 Gbps IPsec VPN performance. The 4145 unit allows 30 million simultaneous sessions, 350K new connections/second, and up to 20K VPN peers. Cisco's Firepower 4150 unit includes 400 GB of storage and delivers 45 Gbps firewall performance and 14 Gbps IPsec VPN throughput. The 4150 unit allows 30 million simultaneous sessions, 263K new connections per second, and up to 20K VPN peers.
Cisco Firepower 9300 Series NGFW Firewalls
Cisco's Firepower 9300 Series NGFW Firewalls are highly scalable and carrier-grade security appliances. The 3RU enclosure of Firepower 9300 NGFW Series firewalls can hold two network modules as well as three security modules. Altogether, the Firepower 9300 can hold 24 10-Gigabit SFP+ network interfaces or eight 100 Gigabit Ethernet interfaces. Clustering of up to 5 chassis allows up to 1.2 Tbps of firewall performance. The high-end Cisco Firepower 9300 SM-56 delivers 70 Gbps firewall throughput and 27 Gbps IPsec VPN throughput. The unit allows 35 million simultaneous sessions, 490K new connections per second, and a maximum of 20,000 VPN peers.
Cisco's Firepower Services
Cisco's Firepower Next Generation security appliances work with either software or physical modules that enable Cisco's Firepower Services, which provide layered defense against advanced threats. Firepower Services are powered by technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services include:
- Multi-layer protection against familiar and new attacks
- Advanced Malware Protection (AMP) that uses big data to discover and mitigate intrusions
- A Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers clients, infrastructure, software applications, and content to discover threats that incorporate multiple vectors
- Fine-grained Application Visibility and Control that is familiar with thousands of applications and can automatically launch both standard and custom IPS policies depending on the degree of risk
Firepower Services for NGFW firewalls offer advanced multi-layered protection
Simpler deployments of Cisco's Firepower Next Generation security appliances can be effectively administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool which is provided with all firewall models. ASDM provides a simple web dashboard for configuring, administering, and troubleshooting NGFW appliances and service modules.
For multi-device and multi-site deployments, Cisco's Next Gerneration appliances with Firepower Services can be managed with Cisco's Firepower Management Center, available as one or several physical units or virtual appliances. Firepower Management Center offers unified firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Advanced Malware Protection. Because of frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been delivered under various names that include Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Cisco Firepower Management Center centralizes event and policy control for Cisco Firepower firewalls
Cisco's Firepower Management Center appliance provides capabilities unavailable with Cisco's on-box ASDM tool. Additional features include expanded context awareness, Advanced Malware Protection with mitigation for client devices, a console that offers real-time infrastructure visualization, automated policy tuning driven by risk evaluation of threats, comprehensive IPS, custom app detectors for Application Visibility and Control (AVC), customized health alerts, improved reporting options, and application interfaces for host input and databases. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's on-box ASDM or the Firepower CLI.
Progent's Migration Consulting for Cisco Firepower Firewalls
Because Cisco has ceased offering the PIX and ASA 5500 product lines, many businesses are uncomfortable with relying on a critical infrastructure component that may no longer be supported. Firepower NGFW Series firewalls offer the advantage of being new products and also offer important functions and financial advantages in comparison to legacy devices. These benefits include substantially higher performance, optional SSL tunneling support, and an expandable design that protects your investment by allowing you to add more security services whenever you require them. Progent's Cisco certified experts can help your company to assess the strategic value of for moving from PIX or ASA 5500 security appliances, create a migration plan that permits a quick and non-disruptive changeover, help your IT staff to deploy new Firepower NGFW Series firewalls, and offer online, consulting, and troubleshooting services.
Additional Ways Progent Can Support Your Cisco Firewalls
Cisco's Firepower Series firewalls provide an array of configuration, tracking, and troubleshooting features that give you the ability to set up these firewalls to match your company's requirements. Progent's CCIE authorized network consultants can help you to build a cost-effective infrastructure that includes Cisco firewalls and that provides advanced protection, resilience, performance, and manageability. Progent's CISA and CISSP-ISSP-premier information security experts can assist your business to create a security policy that makes sense for your business and can configure your PIX or ASA firewall to enforce your security policies. Progent's risk assessment professionals can assess the strength of your current firewall deployment and validate the overall security of your entire information system network. Progent's Technical Response Center (TRC) can deliver urgent remote troubleshooting for Cisco products and offer quick access to a Cisco network engineer.
Progent can provide online or onsite support and can deliver as-needed guidance to help your organization resolve a challenging IT bottleneck or Progent can provide end-to-end project management support to make sure your network security initiative is performed on schedule and on budget.
For more details about Progent's consulting assistance for Cisco solutions, choose a topic:
Contact Progent for Cisco Firewall Solutions
To ask Progent about consulting help with Cisco Firepower NGFW firewalls, call 1-800-993-9400 or visit Contact Progent.